Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I Infected? (Help)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Am I Infected? (Help)

Unread postby AwesomeAsColor » August 22nd, 2012, 9:59 am

Description of Problem
A few weeks ago my computer started behaving erratically. It started with a Blue Screen of Death(BSOD) randomly while installing something. Initially I did not catch the stop error and didn't think about it again until a few days later when it happened a second time. I suddenly started getting BSODs frequently, and I started to research the error code/codes which initially was 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF9B1FB674, 0xFFFFFFFF9A557B00, 0x0).

I found many sites reference this as possible malware so I started to look deeper into possible infections. I started to find more and more registry entries which may or may not have been some sort of infection. At this point I became a bit overwhelmed with the information and the amounting paranoia I was feeling.

Then last night I started running some checks when suddenly my internet cut out for about 30 minutes, just as I finally got ahold of a rep at the ISPs office it came back on. About 2-3 minutes after the internet came back on, my computer went BSOD and I restarted in safemode and found log files I have never seen before. At this point I am at a loss as to where to go from here. I do tend to think "I can fix this", and I hope that didn't result in me making things worse. Any help would be very appreciated! Thank You!

DDS Logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Awesome at 21:34:54 on 2012-08-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3454.2497 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59}\642494026516E60285 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\awesome\appdata\roaming\mozilla\firefox\profiles\c5348wjg.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\awesome\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\awesome\appdata\roaming\mozilla\firefox\profiles\c5348wjg.default\extensions\technicianconsole@logmeinrescue.com\plugins\npRescue.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-6-11 291840]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-20 655944]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-8-2 37944]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2012-8-20 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-20 22344]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-8-20 171520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-29 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-28 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-28 1343400]
.
=============== Created Last 30 ================
.
2012-08-22 01:27:32 -------- d-----w- c:\programdata\CPA_VA
2012-08-21 08:36:55 -------- d-----w- c:\users\awesome\appdata\local\ElevatedDiagnostics
2012-08-21 04:18:37 -------- d-----w- c:\programdata\Comodo
2012-08-21 04:18:35 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-21 04:18:35 -------- d-----w- c:\program files\COMODO
2012-08-21 03:52:52 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{100152be-1385-49bb-a3bc-24a7675e3e8a}\offreg.dll
2012-08-21 01:15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-21 01:15:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-21 00:34:03 -------- d-----w- c:\program files\ESET
2012-08-21 00:30:18 -------- d-----w- c:\users\awesome\appdata\roaming\Malwarebytes
2012-08-21 00:29:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-21 00:29:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 00:29:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-20 23:23:35 -------- d---a-w- C:\.Trash-999
2012-08-20 22:18:18 -------- d-----w- c:\users\awesome\appdata\local\Toshiba
2012-08-20 22:11:01 58888 ------w- c:\windows\system32\agrsmdel.exe
2012-08-20 22:11:01 -------- d-----w- c:\program files\ltmoh
2012-08-20 22:10:52 -------- d-----w- c:\windows\Options
2012-08-20 21:54:58 -------- d-----w- c:\windows\system32\sda
2012-08-20 21:54:33 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-08-20 21:54:32 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2012-08-20 21:54:32 171520 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-08-20 21:23:40 831488 ----a-w- c:\windows\RtlExUpd.dll
2012-08-20 21:23:40 -------- d--h--w- c:\program files\Temp
2012-08-20 21:23:38 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-08-20 21:23:38 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-08-20 21:23:38 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-08-20 21:23:38 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-08-20 21:23:38 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-08-20 21:23:36 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-08-20 21:23:35 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2012-08-20 21:15:12 128344 ----a-w- c:\windows\system32\TODDSrv.exe
2012-08-20 21:11:01 -------- d-----w- C:\sle0v190
2012-08-20 21:10:38 -------- d-----w- c:\windows\pss
2012-08-20 19:21:46 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-08-20 19:21:45 9728 ----a-w- c:\windows\system32\TCMSVR.dll
2012-08-20 19:21:44 7680 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2012-08-20 19:18:34 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-08-20 19:18:33 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-08-20 19:18:33 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-08-20 19:18:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-08-20 19:18:33 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-08-20 19:18:33 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-08-20 19:18:32 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-08-20 19:18:32 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-08-20 18:23:03 -------- d-----w- c:\program files\HWiNFO32
2012-08-20 17:06:53 -------- d-----w- c:\program files\WhoCrashed
2012-08-20 16:29:37 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-20 06:20:38 917504 ----a-w- c:\windows\system32\Flash.ocx
2012-08-20 05:12:52 -------- d-----w- c:\program files\NetDragon
2012-08-20 03:59:29 -------- d-----w- c:\users\awesome\appdata\local\Diagnostics
2012-08-18 11:50:47 -------- d-----w- c:\users\awesome\appdata\local\LogMeIn Rescue
2012-08-18 11:50:11 -------- d-----w- c:\program files\LogMeIn Rescue Technician Console
2012-08-18 11:21:59 -------- d-----w- c:\program files\LogMeIn Rescue
2012-08-18 04:34:58 -------- d-----w- c:\users\awesome\appdata\roaming\TunkDesign
2012-08-18 01:01:53 -------- d-----w- c:\program files\Code Laboratories
2012-08-17 17:17:16 -------- d-----w- c:\programdata\ALM
2012-08-17 15:42:09 -------- d-----w- c:\users\awesome\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-17 14:36:00 -------- d-----w- c:\users\awesome\Adobe Flash Builder 4.6
2012-08-17 14:25:05 -------- d-----w- c:\program files\common files\PX Storage Engine
2012-08-17 14:24:59 -------- d-----w- c:\program files\My Company Name
2012-08-17 12:20:56 -------- d-----w- c:\users\awesome\appdata\roaming\.jclient
2012-08-17 11:10:38 -------- d-----w- c:\users\awesome\appdata\roaming\.blackMagicAndCheerios
2012-08-15 16:49:34 -------- d-----w- c:\program files\Sun
2012-08-15 03:56:52 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:56:47 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:56:47 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:56:45 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:56:43 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:56:43 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:56:41 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 03:25:50 70144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP8F.DLL
2012-08-08 03:25:50 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD8F.DLL
2012-08-08 03:25:22 224768 ----a-w- c:\windows\system32\CNMLM8F.DLL
2012-08-06 15:29:45 -------- d-----w- c:\users\awesome\appdata\local\Google
2012-08-06 11:23:17 -------- d-----w- c:\users\awesome\jagexcache1
2012-08-06 11:12:55 -------- d-----w- c:\users\awesome\jagexcache
2012-08-03 05:02:31 -------- d-----w- c:\program files\common files\Toshiba Shared
2012-08-03 03:44:40 -------- d-----w- c:\program files\Toshiba
2012-08-03 03:43:26 -------- d-----w- c:\users\awesome\appdata\roaming\WinBatch
2012-08-03 03:37:51 -------- d-----w- C:\ToshibaUpdate
2012-08-03 03:35:36 -------- d-----w- c:\users\awesome\appdata\local\AMD
2012-08-03 03:34:36 -------- d-----w- c:\users\awesome\appdata\local\ATI
2012-08-03 03:34:15 -------- d-----w- c:\program files\AMD APP
2012-08-03 03:33:13 -------- d-----w- c:\programdata\AMD
2012-08-03 03:33:05 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-08-03 03:32:39 -------- d-----w- c:\program files\ATI
2012-08-03 03:31:37 -------- d-----w- C:\AMD
2012-08-03 03:26:41 -------- d-----w- c:\program files\ATI Technologies
2012-08-03 03:26:26 221184 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2012-08-03 03:26:25 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-03 03:26:25 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-03 03:26:25 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-03 03:26:25 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-08-03 03:26:02 -------- d-----w- C:\ATI
2012-08-02 18:47:12 -------- d-----w- c:\users\awesome\appdata\roaming\.Spoutcraft
2012-08-02 04:47:34 -------- d-----w- c:\windows\system32\appmgmt
2012-08-02 04:33:29 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-01 17:54:02 -------- d-----w- c:\users\awesome\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-01 17:51:11 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-01 16:03:20 -------- d-----w- c:\users\awesome\appdata\local\Adobe
2012-08-01 15:52:20 -------- d-----w- c:\users\awesome\appdata\roaming\SignCut
2012-08-01 15:52:20 -------- d-----w- c:\program files\SignCut
2012-08-01 14:02:08 -------- d-----w- c:\program files\BitTorrent
2012-08-01 14:01:24 -------- d-----w- c:\users\awesome\appdata\roaming\BitTorrent
2012-07-31 14:35:35 -------- d-----w- c:\program files\Microsoft
2012-07-31 14:34:35 -------- d-----w- c:\users\awesome\appdata\roaming\HpUpdate
2012-07-31 14:34:22 527208 ------w- c:\windows\system32\HPDiscoPM5312.dll
2012-07-31 14:34:06 -------- d-----w- c:\program files\HP
2012-07-31 14:33:55 -------- d-----w- c:\users\awesome\appdata\local\HP
2012-07-31 12:09:52 -------- d-----w- c:\users\awesome\appdata\roaming\TS3Client
2012-07-31 12:01:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-07-31 08:59:08 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-31 08:59:03 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{100152be-1385-49bb-a3bc-24a7675e3e8a}\mpengine.dll
2012-07-30 20:00:01 -------- d-----w- c:\users\awesome\appdata\roaming\MultiSkypeLauncher
2012-07-30 19:59:25 -------- d-----w- c:\program files\MultiSkypeLauncher
2012-07-30 17:39:36 -------- d-----w- c:\program files\VideoLAN
2012-07-30 14:54:55 -------- d-----w- c:\users\awesome\appdata\local\Microsoft Games
2012-07-30 14:53:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-30 14:53:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-30 14:52:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-30 14:51:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-07-30 14:51:10 -------- d-----w- c:\users\awesome\appdata\local\Microsoft Help
2012-07-30 05:21:51 -------- d-----w- c:\users\awesome\appdata\roaming\Gyazo
2012-07-29 10:47:44 -------- d-----w- c:\program files\Gyazo
2012-07-29 10:10:06 -------- d-----w- c:\users\awesome\appdata\roaming\Mumble
2012-07-29 09:11:59 -------- d-----w- c:\program files\Mumble
2012-07-29 09:11:16 -------- d-----w- c:\program files\Clownfish
2012-07-29 06:42:32 -------- d-----w- c:\windows\Panther
2012-07-29 06:42:17 -------- d-sh--w- C:\Boot
2012-07-29 05:17:35 -------- d-----w- c:\users\awesome\appdata\local\Macromedia
2012-07-29 05:07:32 -------- d-----w- c:\users\awesome\appdata\roaming\.techniclauncher
2012-07-29 05:06:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 05:06:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 03:57:05 -------- d-----w- c:\users\awesome\appdata\roaming\.minecraft
2012-07-29 03:41:06 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-29 03:39:36 -------- d-----w- c:\windows\system32\Wat
2012-07-29 03:35:23 -------- d-----w- c:\windows\PCHEALTH
2012-07-29 03:25:23 -------- d-----w- c:\program files\Synaptics
2012-07-29 03:18:20 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-29 03:18:20 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-29 03:18:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-29 03:18:20 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-29 03:18:03 -------- d-----r- c:\program files\Skype
2012-07-29 03:14:13 -------- d-----w- c:\program files\Oracle
2012-07-29 03:14:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-29 03:14:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-29 03:13:40 -------- d-sh--w- c:\windows\Installer
2012-07-29 03:11:19 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-29 03:04:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-07-29 03:04:44 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-07-29 03:04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-07-29 03:04:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-29 03:04:35 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-29 03:04:29 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-07-29 03:04:28 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-07-29 03:04:27 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-07-29 03:04:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-07-29 03:03:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-29 03:01:59 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-29 03:01:59 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-29 02:52:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-29 02:52:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-29 02:52:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-29 02:52:12 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 01:36:58 42208 ----a-w- c:\windows\system32\drivers\point32.sys
2012-06-26 06:03:32 68904 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-06-25 02:24:46 46432 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-06-11 17:50:42 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50:24 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 17:50:14 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 17:49:22 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 17:48:30 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-28 11:09:04 2104416 ----a-w- c:\windows\system32\coin91.dll
.
============= FINISH: 21:35:14.22 ===============

Attach Txt
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2012 10:53:12 PM
System Uptime: 8/21/2012 9:25:42 PM (0 hours ago)
.
Motherboard: TOSHIBA | |
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 194.856 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 8/20/2012 6:40:32 PM - Installed TOSHIBA Supervisor Password
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, FranÁais, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Application Profiles
ATI - Software Uninstall Utility
Bing Rewards Client Installer
BitTorrent
bl
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CL-Eye Driver
Clownfish for Skype
COMODO GeekBuddy
Conquer Online 2.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Google Chrome
Gyazo 1.0
HDMI Control Manager
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
HWiNFO32 Version 4.02
I.R.I.S. OCR
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 34
Java(TM) 7 Update 5
JavaFX 2.1.1
LogMeIn Rescue Technician Console
LSI V92 MOH Application
Malwarebytes Anti-Malware version 1.62.0.1300
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MultiSkypeLauncher (remove only)
Mumble 1.2.3
PDF Settings CS6
ph
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
SignCut (remove only)
Skins
Skypeô 5.10
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TeamSpeak 3 Client
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.3
WhoCrashed 3.06
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
8/21/2012 4:39:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
8/21/2012 4:36:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 4:32:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/21/2012 12:18:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/20/2012 7:12:39 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/20/2012 12:36:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9b1fb674, 0x9a557b00, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082012-32167-01.
8/20/2012 12:31:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9adb6674, 0x9c149b00, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082012-28641-01.
8/20/2012 10:46:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/20/2012 10:46:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/20/2012 10:46:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/20/2012 10:46:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/20/2012 10:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/20/2012 10:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/20/2012 10:46:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x100000c5 (0x00000004, 0x00000002, 0x00000000, 0x82d5e87b). A dump was saved in: C:\Windows\Minidump\082012-32495-01.dmp. Report Id: 082012-32495-01.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/20/2012 10:46:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/19/2012 11:48:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x8540d000, 0x8540d300, 0x08600000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081912-24819-01.
8/19/2012 10:25:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACINTOSH-2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BFE936B7-82DE-46C2-BD40-E24CC9. The master browser is stopping or an election is being forced.
8/17/2012 3:35:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x8540d000, 0x8540d300, 0x08600000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081712-36519-01.
8/17/2012 10:42:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041287, 0x000043d6, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081712-43025-01.
8/15/2012 2:50:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
8/14/2012 8:26:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x8540d000, 0x8540d300, 0x08600000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081412-25350-01.
.
==== End Of File ===========================
AwesomeAsColor
Active Member
 
Posts: 7
Joined: August 21st, 2012, 7:37 pm
Advertisement
Register to Remove

Re: Am I Infected? (Help)

Unread postby askey127 » August 23rd, 2012, 11:22 am

Hi AwesomeAsColor,
Looking at your log.
Be back soon.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Am I Infected? (Help)

Unread postby askey127 » August 23rd, 2012, 11:36 am

AwesomeAsColor,
Tell me if you are showing any Antivirus application on your machine.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program BitTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
-------------------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

BitTorrent
Java(TM) 6 Update 34

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking an answer to my antivirus question, the log from CKScanner, and the two logs from OTL.
Use separate replies if convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Am I Infected? (Help)

Unread postby AwesomeAsColor » August 23rd, 2012, 6:14 pm

Thank You so much for helping!
In response to the question about an anti-virus program:
I realized last night while I was waiting that I did not have an active program. I looked at your resources and downloaded Microsoft Essentials(Pre Release), and Armor Online. I disabled Armor Online before running the CKScanner to make sure it would not interfere. I will post the results below, then the OTL scanner in a second Post. Thanks again :)

CKFile Result:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\1.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\1.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\2.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\2.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\3.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\3.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\4.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker-single\4.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\1.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\2.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\3.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\4.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\5.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\6.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\7.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker1\8.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\1.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\1.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\2.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\2.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\3.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\3.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\4.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\4.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\5.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\5.dds
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\6.c3
c:\program files\netdragon\conquer online 2.0\c3\effect\firecracker2\6.dds
hosts 127.0.0.1 tt11.adobe.com #[adobe.tcliveus.com]
hosts 127.0.0.1 stats.adobe.com
scanner sequence 3.ZZ.11.OVNASV
----- EOF -----
AwesomeAsColor
Active Member
 
Posts: 7
Joined: August 21st, 2012, 7:37 pm

Re: Am I Infected? (Help)

Unread postby AwesomeAsColor » August 23rd, 2012, 6:29 pm

Below are the OTL Results, and the Extras results (2 posts). I did not have a Include 64 Bit Scans option. I'm not sure why.

OTL.txt

OTL logfile created on: 8/23/2012 6:17:54 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Awesome\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 73.31% Memory free
6.74 Gb Paging File | 5.70 Gb Available in Paging File | 84.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.18 Gb Free Space | 81.23% Space Free | Partition Type: NTFS

Computer Name: AWESOME-PC | User Name: Awesome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 18:14:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Awesome\Desktop\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\ipoint.exe
PRC - [2012/06/26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\itype.exe
PRC - [2012/06/12 15:20:00 | 000,281,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/06/12 15:20:00 | 000,276,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/06/12 15:20:00 | 000,020,424 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/06/12 15:15:00 | 000,937,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/02/10 14:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/09/05 13:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/08/03 14:03:08 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2009/07/29 16:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 11:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/29 15:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2009/07/25 11:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2009/03/12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/14 20:45:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/30 10:26:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 23:14:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/12 15:20:00 | 000,276,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/06/12 15:20:00 | 000,020,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/02/10 14:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/02/10 14:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/12/15 13:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/06/05 07:29:26 | 000,088,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/13 10:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/04/13 10:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/02/10 14:33:38 | 000,042,152 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/02/10 14:33:14 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/02/10 14:33:14 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/02/10 14:33:12 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/12/15 13:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/11/20 17:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/05 19:04:04 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/05/22 04:52:38 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 C5 F4 1C 01 74 CD 01 [binary data]
IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3757435952-539883156-3484808010-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Awesome\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Awesome\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/17 13:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 10:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 10:26:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/22 12:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Awesome\AppData\Roaming\Mozilla\Extensions
[2012/08/22 12:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Awesome\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2012/08/23 01:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Awesome\AppData\Roaming\Mozilla\Firefox\Profiles\c5348wjg.default\extensions
[2012/08/23 01:25:43 | 000,000,000 | ---D | M] (Redirect Google.rs to Google.com) -- C:\Users\Awesome\AppData\Roaming\Mozilla\Firefox\Profiles\c5348wjg.default\extensions\jid0-V81yHaP3QWeGJ9K2KutJ52PFOGw@jetpack
[2012/08/22 18:38:11 | 000,005,471 | ---- | M] () -- C:\Users\Awesome\AppData\Roaming\Mozilla\Firefox\Profiles\c5348wjg.default\searchplugins\googlecom-in-english.xml
[2012/08/23 17:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/23 00:22:10 | 000,526,553 | ---- | M] () (No name found) -- C:\USERS\AWESOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5348WJG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/07/29 02:35:01 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\AWESOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5348WJG.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012/07/29 00:24:39 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\AWESOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5348WJG.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/08/22 18:31:19 | 000,056,403 | ---- | M] () (No name found) -- C:\USERS\AWESOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C5348WJG.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
[2012/07/30 10:26:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Awesome\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Awesome\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Awesome\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Awesome\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Awesome\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/08/18 02:09:34 | 000,600,511 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16124 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3757435952-539883156-3484808010-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 18:14:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Awesome\Desktop\OTL.exe
[2012/08/23 01:31:14 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\OnlineArmor
[2012/08/23 01:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2012/08/23 01:29:46 | 000,029,312 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012/08/23 01:29:46 | 000,025,192 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012/08/23 01:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2012/08/23 01:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012/08/23 01:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/23 00:37:15 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\hosts
[2012/08/22 15:26:40 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\vlc
[2012/08/22 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/08/22 14:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/08/22 14:49:15 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Notepad++
[2012/08/22 14:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/08/22 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\OpenVPN Technologies
[2012/08/22 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\OpenVPN Technologies
[2012/08/22 12:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN Technologies
[2012/08/22 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\VersaVPN
[2012/08/22 12:16:46 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\Versa
[2012/08/22 11:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012/08/22 11:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2012/08/22 01:47:31 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\procexpGuide
[2012/08/22 00:33:42 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\Monitor
[2012/08/22 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\CrashRpt
[2012/08/22 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\netagent-portable
[2012/08/21 21:27:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Awesome\Desktop\dds.scr
[2012/08/21 21:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/08/21 04:36:55 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\ElevatedDiagnostics
[2012/08/21 00:22:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/08/21 00:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/08/21 00:18:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/08/21 00:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/08/20 21:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/20 21:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/20 20:30:18 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Malwarebytes
[2012/08/20 20:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/20 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/20 20:29:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/20 20:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/20 19:23:35 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2012/08/20 18:18:18 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Toshiba
[2012/08/20 18:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2012/08/20 18:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/08/20 18:11:01 | 000,058,888 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrsmdel.exe
[2012/08/20 18:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2012/08/20 18:10:52 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012/08/20 17:54:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2012/08/20 17:54:33 | 007,360,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSUSTORicon.dll
[2012/08/20 17:54:32 | 000,270,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStor.dll
[2012/08/20 17:54:32 | 000,171,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUStor.sys
[2012/08/20 17:27:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/08/20 17:27:07 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/08/20 17:27:07 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/08/20 17:27:07 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/08/20 17:27:07 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/08/20 17:27:07 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/08/20 17:27:06 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/08/20 17:27:05 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/08/20 17:27:05 | 001,227,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/08/20 17:27:05 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012/08/20 17:27:05 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012/08/20 17:27:04 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/08/20 17:27:04 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/08/20 17:27:04 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/08/20 17:27:04 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/08/20 17:27:04 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/08/20 17:27:03 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/08/20 17:27:02 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012/08/20 17:27:02 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012/08/20 17:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/08/20 17:23:40 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/08/20 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2012/08/20 17:15:12 | 000,128,344 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2012/08/20 17:11:01 | 000,000,000 | ---D | C] -- C:\sle0v190
[2012/08/20 17:10:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/20 15:21:46 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Comdlg32.ocx
[2012/08/20 15:21:45 | 000,009,728 | ---- | C] (TOSHIBA Corp.) -- C:\Windows\System32\TCMSVR.dll
[2012/08/20 15:21:44 | 000,007,680 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\FwLnk.sys
[2012/08/20 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\Install
[2012/08/20 13:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2012/08/20 13:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/08/20 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\Seven Forums
[2012/08/20 12:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/08/20 12:29:34 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\SystemRequirementsLab
[2012/08/20 02:20:38 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\Flash.ocx
[2012/08/20 01:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetDragon
[2012/08/20 01:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\NetDragon
[2012/08/20 00:17:06 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Desktop\CONQ
[2012/08/19 23:59:29 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Diagnostics
[2012/08/19 23:16:34 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Documents\Adobe
[2012/08/18 07:50:47 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\LogMeIn Rescue
[2012/08/18 07:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Rescue
[2012/08/18 00:34:58 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\TunkDesign
[2012/08/17 21:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver
[2012/08/17 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Code Laboratories
[2012/08/17 13:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/08/17 13:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/08/17 13:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/08/17 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/17 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012/08/17 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Adobe Flash Builder 4.6
[2012/08/17 10:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/08/17 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2012/08/17 08:20:56 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\.jclient
[2012/08/17 07:10:38 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\.blackMagicAndCheerios
[2012/08/17 04:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/08/17 03:31:34 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\WinRAR
[2012/08/17 03:31:34 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/17 03:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/17 03:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/15 12:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2012/08/14 23:58:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 23:58:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 23:58:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 23:58:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 23:58:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 23:58:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 23:58:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 23:56:52 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/14 23:56:45 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/14 23:56:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/07 23:25:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/08/07 23:25:22 | 000,224,768 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8F.DLL
[2012/08/06 11:32:16 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/06 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Google
[2012/08/06 07:23:17 | 000,000,000 | ---D | C] -- C:\Users\Awesome\jagexcache1
[2012/08/06 07:12:55 | 000,000,000 | ---D | C] -- C:\Users\Awesome\jagexcache
[2012/08/03 07:55:15 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Desktop\HackerLoveModz
[2012/08/03 01:05:30 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/03 01:05:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/03 01:05:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/03 01:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2012/08/03 00:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/03 00:49:53 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2012/08/03 00:49:52 | 004,450,816 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2012/08/03 00:49:52 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2012/08/03 00:49:52 | 000,348,160 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2012/08/03 00:49:52 | 000,278,528 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2012/08/03 00:49:52 | 000,135,168 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2012/08/03 00:49:52 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibrtmon.exe
[2012/08/03 00:49:52 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2012/08/03 00:49:52 | 000,051,712 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2012/08/03 00:49:52 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2012/08/03 00:49:52 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2012/08/02 23:45:00 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\toshiba
[2012/08/02 23:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2012/08/02 23:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2012/08/02 23:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/08/02 23:43:28 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\InstallShield
[2012/08/02 23:43:26 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\WinBatch
[2012/08/02 23:37:51 | 000,000,000 | ---D | C] -- C:\ToshibaUpdate
[2012/08/02 23:35:36 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\AMD
[2012/08/02 23:34:36 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\ATI
[2012/08/02 23:34:36 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\ATI
[2012/08/02 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/02 23:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/08/02 23:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/08/02 23:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/08/02 23:33:05 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2012/08/02 23:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/02 23:31:37 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/02 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/02 23:26:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/08/02 23:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/08/02 23:26:02 | 000,000,000 | ---D | C] -- C:\ATI
[2012/08/02 14:47:12 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\.Spoutcraft
[2012/08/02 14:45:33 | 000,043,814 | ---- | C] (SpoutDev) -- C:\Users\Awesome\Desktop\Spoutcraft.exe
[2012/08/02 00:47:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/08/02 00:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/08/02 00:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/08/01 13:54:02 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/01 13:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/08/01 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Documents\Dumpster
[2012/08/01 12:03:20 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Adobe
[2012/08/01 12:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/01 12:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/01 12:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/01 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignCut Productivity Pro 1
[2012/08/01 11:52:20 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\SignCut
[2012/08/01 11:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\SignCut
[2012/07/31 10:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/07/31 10:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/31 10:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/31 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/07/31 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\HpUpdate
[2012/07/31 10:34:22 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM5312.dll
[2012/07/31 10:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/07/31 10:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/07/31 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/07/31 10:33:55 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\HP
[2012/07/31 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\TS3Client
[2012/07/31 08:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/31 08:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/07/30 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\MultiSkypeLauncher
[2012/07/30 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
[2012/07/30 15:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\MultiSkypeLauncher
[2012/07/30 13:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/30 13:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/07/30 11:02:15 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Documents\Outlook Files
[2012/07/30 10:54:55 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Microsoft Games
[2012/07/30 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/07/30 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/30 10:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/07/30 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/30 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/07/30 10:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/07/30 10:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/07/30 10:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/07/30 10:51:10 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Microsoft Help
[2012/07/30 10:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/30 10:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/07/30 10:50:52 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/07/30 01:21:51 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Gyazo
[2012/07/29 22:59:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/29 06:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2012/07/29 06:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gyazo
[2012/07/29 06:10:06 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Mumble
[2012/07/29 05:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/07/29 05:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2012/07/29 05:11:28 | 000,000,000 | ---D | C] -- C:\Users\Awesome\Documents\Clownfish Avatars
[2012/07/29 05:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
[2012/07/29 05:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Clownfish
[2012/07/29 02:42:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/07/29 02:42:17 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/07/29 01:46:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/29 01:44:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/07/29 01:43:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/07/29 01:17:35 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Macromedia
[2012/07/29 01:17:35 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Macromedia
[2012/07/29 01:17:35 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Adobe
[2012/07/29 01:07:32 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\.techniclauncher
[2012/07/29 01:06:29 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/29 01:06:29 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/29 01:06:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/07/29 01:05:18 | 000,052,736 | ---- | C] (Technic) -- C:\Users\Awesome\Desktop\TechnicLauncher.exe
[2012/07/28 23:57:05 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\.minecraft
[2012/07/28 23:50:38 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/07/28 23:50:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/07/28 23:50:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/07/28 23:50:35 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/07/28 23:50:34 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/07/28 23:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/28 23:39:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/07/28 23:35:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/28 23:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/07/28 23:18:10 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Skype
[2012/07/28 23:18:03 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/07/28 23:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/28 23:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/07/28 23:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/28 23:17:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 23:17:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 23:17:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 23:17:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 23:17:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 23:17:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 23:17:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 23:17:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 23:17:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 23:17:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 23:17:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 23:17:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 23:17:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 23:17:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/07/28 23:17:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 23:17:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 23:17:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 23:17:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 23:17:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 23:17:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 23:17:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 23:17:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 23:17:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 23:17:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 23:17:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 23:17:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 23:17:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 23:17:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 23:17:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 23:17:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 23:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/28 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/28 23:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/28 23:14:06 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/28 23:14:06 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/28 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/28 23:13:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/07/28 23:12:47 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/07/28 23:12:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/07/28 23:12:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/07/28 23:12:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/07/28 23:12:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/07/28 23:12:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/07/28 23:12:30 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/07/28 23:12:30 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/07/28 23:12:27 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/07/28 23:12:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/07/28 23:12:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/07/28 23:10:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/07/28 23:10:49 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/07/28 23:10:49 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/07/28 23:10:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/07/28 23:10:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/07/28 23:10:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/07/28 23:10:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/07/28 23:10:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/07/28 23:10:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/07/28 23:10:41 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/07/28 23:10:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/07/28 23:10:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/07/28 23:10:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/07/28 23:10:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/07/28 23:10:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/07/28 23:10:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/28 23:10:38 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/28 23:10:37 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/07/28 23:10:32 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/07/28 23:10:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/07/28 23:10:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/07/28 23:10:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/28 23:10:26 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/07/28 23:10:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/07/28 23:10:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/07/28 23:10:24 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/07/28 23:10:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/07/28 23:10:22 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/07/28 23:10:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/07/28 23:10:21 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/07/28 23:10:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/07/28 23:10:17 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/07/28 23:10:17 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/07/28 23:10:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/07/28 23:10:17 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/07/28 23:10:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/07/28 23:10:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/07/28 23:10:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/07/28 23:10:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/07/28 23:10:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/07/28 23:04:44 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/07/28 23:04:44 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/07/28 23:04:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/07/28 23:04:27 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/07/28 23:04:26 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/07/28 23:03:44 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/07/28 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Mozilla
[2012/07/28 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Mozilla
[2012/07/28 23:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/28 23:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/28 23:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/07/28 23:01:59 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/07/28 22:55:31 | 000,000,000 | R--D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/28 22:55:31 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Searches
[2012/07/28 22:55:31 | 000,000,000 | R--D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/28 22:55:30 | 000,000,000 | -H-D | C] -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/28 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Identities
[2012/07/28 22:53:48 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Contacts
[2012/07/28 22:53:33 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\VirtualStore
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\AppData\Local\Temporary Internet Files
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Templates
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Start Menu
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\SendTo
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Recent
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\PrintHood
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\NetHood
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Documents\My Videos
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Documents\My Pictures
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Documents\My Music
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\My Documents
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Local Settings
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\AppData\Local\History
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Cookies
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\Application Data
[2012/07/28 22:53:26 | 000,000,000 | -HSD | C] -- C:\Users\Awesome\AppData\Local\Application Data
[2012/07/28 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Temp
[2012/07/28 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Local\Microsoft
[2012/07/28 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Awesome\AppData\Roaming\Media Center Programs
[2012/07/28 22:53:25 | 000,000,000 | --SD | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Videos
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Saved Games
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Pictures
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Music
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Links
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Favorites
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Downloads
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Documents
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\Desktop
[2012/07/28 22:53:25 | 000,000,000 | R--D | C] -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/28 22:53:25 | 000,000,000 | -H-D | C] -- C:\Users\Awesome\AppData
[2012/07/28 22:53:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/07/28 22:53:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/07/28 22:52:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/07/28 22:52:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/07/28 22:52:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/07/28 22:52:43 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/07/28 22:52:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/07/28 22:52:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[1 C:\Users\Awesome\Desktop\*.tmp files -> C:\Users\Awesome\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 18:14:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Awesome\Desktop\OTL.exe
[2012/08/23 18:10:07 | 000,024,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 18:10:07 | 000,024,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 18:08:14 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/23 18:08:14 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/23 18:05:07 | 000,458,240 | ---- | M] () -- C:\Users\Awesome\Desktop\CKScanner.exe
[2012/08/23 18:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 18:01:39 | 2716,041,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 17:43:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/23 15:54:13 | 132,580,352 | ---- | M] () -- C:\Users\Awesome\Desktop\michaela@ondemandcontainer.com.pst
[2012/08/23 15:53:20 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3757435952-539883156-3484808010-1001UA.job
[2012/08/23 14:02:10 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3757435952-539883156-3484808010-1001Core.job
[2012/08/23 01:05:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/23 00:36:52 | 000,147,086 | ---- | M] () -- C:\Users\Awesome\Desktop\hosts.zip
[2012/08/22 12:31:00 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012/08/21 21:42:51 | 000,027,398 | ---- | M] () -- C:\Users\Awesome\AppData\Local\Temp20.html
[2012/08/21 21:42:33 | 000,001,858 | ---- | M] () -- C:\Users\Awesome\AppData\Local\Temp1.html
[2012/08/21 00:18:35 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/08/20 20:29:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/20 17:11:08 | 000,000,441 | ---- | M] () -- C:\Users\Awesome\Desktop\BIOS Launcher.lnk
[2012/08/20 13:18:52 | 000,000,272 | ---- | M] () -- C:\Users\Awesome\Desktop\autolog.reg
[2012/08/20 13:07:23 | 000,027,133 | ---- | M] () -- C:\Users\Awesome\AppData\Local\Temp21.html
[2012/08/20 13:00:26 | 000,995,899 | ---- | M] () -- C:\Users\Awesome\Desktop\Seven Forums.zip
[2012/08/20 12:36:13 | 243,208,327 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/20 09:09:40 | 004,527,044 | ---- | M] () -- C:\Users\Awesome\ts3_recording_12_08_20_9_9_11.wav
[2012/08/20 04:22:53 | 000,000,132 | ---- | M] () -- C:\Users\Awesome\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/19 10:52:05 | 003,814,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 02:09:34 | 000,600,511 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012/08/17 21:04:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/17 21:02:44 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/08/14 20:44:57 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/14 20:44:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/12 03:13:04 | 000,000,024 | ---- | M] () -- C:\Users\Awesome\random.dat
[2012/08/12 03:07:33 | 000,000,046 | ---- | M] () -- C:\Users\Awesome\jagex_cl_runescape_LIVE.dat
[2012/08/06 07:23:17 | 000,000,047 | ---- | M] () -- C:\Users\Awesome\jagex_cl_runescape_LIVE1.dat
[2012/08/04 02:33:04 | 003,340,792 | ---- | M] () -- C:\Users\Awesome\Desktop\Laura Shigihara - Cube Land.mp3
[2012/08/02 14:45:36 | 000,043,814 | ---- | M] (SpoutDev) -- C:\Users\Awesome\Desktop\Spoutcraft.exe
[2012/08/02 00:28:07 | 000,007,602 | ---- | M] () -- C:\Users\Awesome\AppData\Local\Resmon.ResmonCfg
[2012/08/01 14:37:41 | 007,245,628 | ---- | M] () -- C:\Users\Awesome\Documents\Scan0002.pdf
[2012/08/01 14:26:50 | 000,355,886 | ---- | M] () -- C:\Users\Awesome\Documents\Scan0001.pdf
[2012/08/01 14:24:36 | 003,052,993 | ---- | M] () -- C:\Users\Awesome\Documents\Scan.pdf
[2012/08/01 11:52:35 | 000,000,990 | ---- | M] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\SignCut.lnk
[2012/08/01 10:32:27 | 000,001,101 | ---- | M] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/31 08:01:54 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/07/30 15:59:27 | 000,001,085 | ---- | M] () -- C:\Users\Awesome\Desktop\MultiSkypeLauncher.lnk
[2012/07/29 06:47:45 | 000,000,964 | ---- | M] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/07/29 06:47:45 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/07/29 02:42:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/07/29 01:47:50 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/07/29 01:45:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/29 01:05:19 | 000,052,736 | ---- | M] (Technic) -- C:\Users\Awesome\Desktop\TechnicLauncher.exe
[2012/07/28 23:44:16 | 000,001,407 | ---- | M] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/28 23:41:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/07/28 23:35:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/07/28 23:25:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012/07/28 23:17:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 23:17:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 23:17:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 23:17:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 23:17:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 23:17:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 23:17:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 23:17:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 23:17:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 23:17:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 23:17:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 23:17:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 23:17:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 23:17:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/07/28 23:17:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 23:17:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 23:17:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 23:17:42 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 23:17:42 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 23:17:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 23:17:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 23:17:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 23:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 23:17:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/07/28 23:17:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 23:17:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 23:17:42 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 23:17:42 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 23:17:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 23:17:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 23:17:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 23:15:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/07/28 23:13:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/28 23:13:49 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/28 23:09:41 | 000,278,561 | ---- | M] () -- C:\Users\Awesome\Desktop\Minecraft.exe
[2012/07/28 23:02:13 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 22:52:58 | 000,000,000 | RHS- | M] () -- C:\win7ldr
[1 C:\Users\Awesome\Desktop\*.tmp files -> C:\Users\Awesome\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/23 18:04:38 | 000,458,240 | ---- | C] () -- C:\Users\Awesome\Desktop\CKScanner.exe
[2012/08/23 01:29:46 | 000,042,152 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012/08/23 01:29:45 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012/08/23 01:05:29 | 000,002,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials Prerelease.lnk
[2012/08/23 00:36:49 | 000,147,086 | ---- | C] () -- C:\Users\Awesome\Desktop\hosts.zip
[2012/08/22 11:35:12 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012/08/21 21:42:51 | 000,027,398 | ---- | C] () -- C:\Users\Awesome\AppData\Local\Temp20.html
[2012/08/21 21:42:33 | 000,001,858 | ---- | C] () -- C:\Users\Awesome\AppData\Local\Temp1.html
[2012/08/20 20:29:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/20 17:27:10 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012/08/20 17:27:10 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2012/08/20 17:11:08 | 000,000,441 | ---- | C] () -- C:\Users\Awesome\Desktop\BIOS Launcher.lnk
[2012/08/20 13:18:52 | 000,000,272 | ---- | C] () -- C:\Users\Awesome\Desktop\autolog.reg
[2012/08/20 13:07:23 | 000,027,133 | ---- | C] () -- C:\Users\Awesome\AppData\Local\Temp21.html
[2012/08/20 13:00:25 | 000,995,899 | ---- | C] () -- C:\Users\Awesome\Desktop\Seven Forums.zip
[2012/08/20 09:09:16 | 004,527,044 | ---- | C] () -- C:\Users\Awesome\ts3_recording_12_08_20_9_9_11.wav
[2012/08/20 04:20:16 | 000,000,132 | ---- | C] () -- C:\Users\Awesome\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/08/17 21:04:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/17 21:02:44 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\CL-Eye Test.lnk
[2012/08/17 13:15:21 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/08/17 13:15:21 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/08/17 13:07:06 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/08/06 11:29:49 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3757435952-539883156-3484808010-1001UA.job
[2012/08/06 11:29:48 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3757435952-539883156-3484808010-1001Core.job
[2012/08/06 07:23:17 | 000,000,047 | ---- | C] () -- C:\Users\Awesome\jagex_cl_runescape_LIVE1.dat
[2012/08/06 07:12:55 | 000,000,046 | ---- | C] () -- C:\Users\Awesome\jagex_cl_runescape_LIVE.dat
[2012/08/06 07:12:55 | 000,000,024 | ---- | C] () -- C:\Users\Awesome\random.dat
[2012/08/04 02:32:03 | 003,340,792 | ---- | C] () -- C:\Users\Awesome\Desktop\Laura Shigihara - Cube Land.mp3
[2012/08/03 00:49:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2012/08/03 00:49:53 | 000,152,496 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2012/08/03 00:49:52 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/08/03 00:49:52 | 000,015,577 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/08/02 00:28:07 | 000,007,602 | ---- | C] () -- C:\Users\Awesome\AppData\Local\Resmon.ResmonCfg
[2012/08/01 14:37:31 | 007,245,628 | ---- | C] () -- C:\Users\Awesome\Documents\Scan0002.pdf
[2012/08/01 14:26:50 | 000,355,886 | ---- | C] () -- C:\Users\Awesome\Documents\Scan0001.pdf
[2012/08/01 14:24:32 | 003,052,993 | ---- | C] () -- C:\Users\Awesome\Documents\Scan.pdf
[2012/08/01 13:48:11 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/01 13:48:05 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/01 12:02:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/01 11:52:35 | 000,000,990 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\SignCut.lnk
[2012/08/01 03:46:37 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/31 10:34:43 | 000,000,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/07/31 08:01:54 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/07/30 15:59:27 | 000,001,085 | ---- | C] () -- C:\Users\Awesome\Desktop\MultiSkypeLauncher.lnk
[2012/07/30 11:05:04 | 132,580,352 | ---- | C] () -- C:\Users\Awesome\Desktop\michaela@ondemandcontainer.com.pst
[2012/07/30 11:02:16 | 000,001,101 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/29 22:59:20 | 243,208,327 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/29 06:47:45 | 000,000,964 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2012/07/29 06:47:45 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2012/07/29 02:42:20 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/07/29 02:42:17 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/07/29 02:42:00 | 000,206,312 | RHS- | C] () -- C:\grldr
[2012/07/29 01:47:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/29 01:47:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/29 01:45:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/29 01:43:28 | 2716,041,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/29 01:06:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 23:41:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/28 23:35:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/07/28 23:25:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012/07/28 23:17:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/07/28 23:15:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/07/28 23:09:34 | 000,278,561 | ---- | C] () -- C:\Users\Awesome\Desktop\Minecraft.exe
[2012/07/28 23:02:13 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/28 23:02:13 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 23:00:11 | 000,001,407 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/28 22:55:34 | 000,001,413 | ---- | C] () -- C:\Users\Awesome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/28 22:53:26 | 000,000,290 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/28 22:53:26 | 000,000,272 | ---- | C] () -- C:\Users\Awesome\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/28 22:52:58 | 000,000,000 | RHS- | C] () -- C:\win7ldr
[2012/06/26 02:03:32 | 000,068,904 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2012/06/11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/08/18 02:28:21 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\.blackMagicAndCheerios
[2012/08/17 20:57:22 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\.jclient
[2012/08/23 02:20:07 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\.minecraft
[2012/08/17 05:46:34 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\.Spoutcraft
[2012/08/04 01:37:25 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\.techniclauncher
[2012/08/17 11:42:09 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/30 01:21:51 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\Gyazo
[2012/07/30 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\MultiSkypeLauncher
[2012/08/05 02:58:53 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\Mumble
[2012/08/22 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\Notepad++
[2012/08/23 02:45:14 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\OnlineArmor
[2012/08/22 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\OpenVPN Technologies
[2012/08/08 14:50:03 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\SignCut
[2012/08/01 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/20 12:29:34 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\SystemRequirementsLab
[2012/08/02 23:45:00 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\toshiba
[2012/07/31 09:04:25 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\TS3Client
[2012/08/18 00:34:58 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\TunkDesign
[2012/08/02 23:43:26 | 000,000,000 | ---D | M] -- C:\Users\Awesome\AppData\Roaming\WinBatch
[2009/07/14 00:53:46 | 000,012,408 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
AwesomeAsColor
Active Member
 
Posts: 7
Joined: August 21st, 2012, 7:37 pm

Re: Am I Infected? (Help)

Unread postby AwesomeAsColor » August 23rd, 2012, 6:31 pm

Extras.txt:

OTL Extras logfile created on: 8/23/2012 6:17:54 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Awesome\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 73.31% Memory free
6.74 Gb Paging File | 5.70 Gb Available in Paging File | 84.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.18 Gb Free Space | 81.23% Space Free | Partition Type: NTFS

Computer Name: AWESOME-PC | User Name: Awesome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3757435952-539883156-3484808010-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12399D7D-CDC3-45A3-9390-2248B4731E29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E40AAD5-7A23-4509-8E9F-A31BCD58D0E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{29B7DFAE-5C10-4EC6-9755-30CA03127C8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3303B059-BB0C-4814-84C0-CDEDC9BB881F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CF46DF1-E56F-40CC-9BCC-CDB18BDF4144}" = lport=445 | protocol=6 | dir=in | app=system |
"{40DB4443-55A7-4CA8-B944-ECE91299756B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{421B7AD7-8615-480F-8B04-FE04AD098B00}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{5C39E41E-DEAB-4B2F-BA07-299F9E36303A}" = lport=139 | protocol=6 | dir=in | app=system |
"{63E37D90-5763-4915-BE9D-3B9FB3A1997F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{69DA33E3-276F-4544-9E5A-69C1A5AB4EE1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F2E9C2C-AF9E-4747-9357-A8663890CADB}" = rport=139 | protocol=6 | dir=out | app=system |
"{7945CAB0-6D27-40CE-A90A-3B36E6C5B598}" = lport=2869 | protocol=6 | dir=in | app=system |
"{828E27EC-6420-452F-A996-FAA346F42FD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8418318A-47E1-4EEF-A4BD-48F8CF3851F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85912A1D-5F5A-4B6B-860B-E0870DB4B94F}" = lport=137 | protocol=17 | dir=in | app=system |
"{87BCD290-64D3-496B-92D3-0488B515BC4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89F9E947-CB62-4459-88C5-9D81B4842EA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E92C99A-A327-414E-B73F-7079A665F905}" = rport=10243 | protocol=6 | dir=out | app=system |
"{906FE008-0EAA-4E62-85BA-76D407DD0687}" = rport=137 | protocol=17 | dir=out | app=system |
"{986F2D9B-A9D7-403D-9026-455FA55774CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF92E995-BE3A-4795-A5A9-3472076111A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD7545C7-E961-4F32-BE06-E8AE04CFD602}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E33501E4-90D4-425D-8E10-AE30A0A17FBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{E875A66C-D015-4726-8AA2-9D70A81F452D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA1FCE68-F62A-4195-A0CF-A5A67EA42052}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0421EBFD-8CC9-45C8-AEB0-3BC954B4FD0C}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{04DBF13B-B721-4B58-AE7B-C91DE7EF9F67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05444F98-93B4-40A6-AF23-9331086F80D6}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{0AD4C029-2EDD-4DC1-98A5-FECD28C41531}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{0CE77901-712F-47C0-97EA-BA36A67B4378}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{14CB8FFA-951B-4D21-A4A2-4AB44CD2133F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{157380EB-431F-49E5-987A-33068610BDB2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DA80EA2-F07F-49C0-B3E2-D9E10E22D38F}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{26859F1D-B03B-4294-A7F2-99D9AAD39CA7}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{3063EAC0-E342-4D88-954F-CC845586AAD5}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{3AD447E7-AF70-4E6A-BD51-978D98178DC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F1FEA3F-BC3F-41F7-B11E-3046D435E2C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41BCB6CA-BEDD-4EEC-B2BA-648FA35A22EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{485ED3D0-DD70-4F33-B09E-C1E25D0832FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52579E4B-9A8E-4650-BCAC-B88A5A88ACF5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{61B5CC84-046B-4DCF-AA94-BC1D23D0513F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68158B37-B109-4814-8ABC-7881A79EC574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AD91CD4-5583-46F6-8C0A-C7B5FD19E0B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8CD352FB-8928-4592-8B64-7529DCAE34CC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{904B931D-2508-4348-B017-ABBA4952017A}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{9332445D-59CF-479F-919A-48316E80B2B1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A032B31C-9DD9-48F4-95C1-7233DA5FAECF}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{A25C2BD2-5F08-4D9C-B6E2-7DC338915E45}" = protocol=6 | dir=out | app=system |
"{AEBFED56-CA62-494E-B143-D4682B4B173A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C353BFDC-2064-48B5-9AD6-E41A69E45E44}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{CF34D254-4FCC-4C3A-B1C5-39A13254946B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D57C7C2A-F539-4579-BC86-6D0DF62E3357}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E147A0E1-253A-492F-8141-213488DB5B96}" = dir=in | app=en_conquer2.0_5611_p2p.exe |
"{E2ECF05F-60A6-4457-9C44-D3F0FA05CFD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA9E62A7-0945-4E09-9E46-124697234CD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDCF4EF9-51B4-4E9A-A093-77230FE1BED9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE662EF0-384D-4188-AEEB-C645DA42D950}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F1E7A01B-5721-4B44-9BE4-1F3DAF910ACB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3B9DA6F-EDAC-4678-98CD-D95B9A68F76C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F40F0637-0218-414C-B464-4EB62BAA9937}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBD8EE51-F56C-47B5-AC2D-453E9E04F05B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"TCP Query User{302A2A88-1AFD-4EA6-A334-4EF7AC5C37A0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{4872A4DD-7911-4FE0-BF9F-385C386BBAA6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5AAE26C9-BC25-452A-9D49-5C3E896E19B0}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{5FD64024-64E6-4903-8BF5-0F41EA2CAEF4}C:\users\awesome\downloads\en_conquer2.0_5611_p2p.exe" = protocol=6 | dir=in | app=c:\users\awesome\downloads\en_conquer2.0_5611_p2p.exe |
"TCP Query User{6C6010D6-9D96-4AE4-A1EC-2A38B72509C5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{87A58C5E-C0F3-41AD-9E47-C44B5D87CD95}C:\users\awesome\desktop\savednodus\bmc\black magic and cheerios.exe" = protocol=6 | dir=in | app=c:\users\awesome\desktop\savednodus\bmc\black magic and cheerios.exe |
"TCP Query User{BC727016-0693-4E30-8024-07CDA6CC18FB}C:\program files\logmein rescue technician console\logmeinrescuetechnicianconsole_x86\lmirtechconsole.exe" = protocol=6 | dir=in | app=c:\program files\logmein rescue technician console\logmeinrescuetechnicianconsole_x86\lmirtechconsole.exe |
"TCP Query User{C485DC76-26A6-49D1-8349-14325F9A5081}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{05EB1F42-9D28-4930-A9A4-D9855C20CCBF}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{1515A523-629E-4E13-BAD6-CC33A6FB3C35}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{245F6B37-3D8D-42B0-90DC-DCFBC54A2456}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7360A953-D338-4BEC-A45B-CD4484105BB5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{8CE1D748-FC29-415A-9928-19BAF0331AFE}C:\users\awesome\desktop\savednodus\bmc\black magic and cheerios.exe" = protocol=17 | dir=in | app=c:\users\awesome\desktop\savednodus\bmc\black magic and cheerios.exe |
"UDP Query User{944BC02E-1D74-44EF-9019-C2D3DD5FE59D}C:\program files\logmein rescue technician console\logmeinrescuetechnicianconsole_x86\lmirtechconsole.exe" = protocol=17 | dir=in | app=c:\program files\logmein rescue technician console\logmeinrescuetechnicianconsole_x86\lmirtechconsole.exe |
"UDP Query User{C8A3BD0B-6ADF-497F-9143-E04CEDB4919C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{C9985BF4-E9DC-4D49-81D8-30E687D7244B}C:\users\awesome\downloads\en_conquer2.0_5611_p2p.exe" = protocol=17 | dir=in | app=c:\users\awesome\downloads\en_conquer2.0_5611_p2p.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04587046-E062-A70D-10C0-108318D5AD2C}" = ccc-utility
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{07FD2F53-6822-7CE3-6811-3AD8E697A5AB}" = ccc-utility
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C38A07F-1DDF-E2B2-3A74-9F8D08D2A4B3}" = CCC Help Dutch
"{0C4B62E3-BEEB-A320-1ECC-C8EA53F9739C}" = CCC Help Thai
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBB0249-BCFE-5D05-0E0D-B57AF25F9557}" = Catalyst Control Center Localization All
"{1FD53608-9508-1679-48D2-717A2AFB3B0B}" = Skins
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3759CC1E-8259-4B0D-862A-078EABFFD97F}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{37E8B4FD-785B-8EBC-7A32-6B5E703F5838}" = CCC Help English
"{3840944B-55B4-C8F6-451D-35F2E77F2649}" = Catalyst Control Center Graphics Full Existing
"{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software
"{3AEFE39F-E123-0C17-DE54-0EC559FEA1AA}" = CCC Help Czech
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7A7831-FE65-1026-F9EA-BF39F7BC3375}" = CCC Help Korean
"{40AF6D9C-557C-22E0-FDDF-F4D2D5D9B896}" = CCC Help Finnish
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{47C67E25-8475-115C-2231-C56E927E6B45}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B6D5F50-47FE-2FE3-661F-33756CCB0D48}" = CCC Help Polish
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{58AD6029-C294-08CF-85EC-7F4D26420917}" = CCC Help Spanish
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{77C3933F-A477-081C-FB44-6EF9792434DD}" = Catalyst Control Center Graphics Light
"{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
"{8000251D-3F26-B842-14F2-CD28B1094E99}" = Catalyst Control Center Graphics Full New
"{812F9789-A7FA-604D-FCC8-DA7D92EE1032}" = CCC Help German
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85304D84-FC34-7A24-5B6A-D216B77F6225}" = CCC Help Greek
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89B552EA-1C1E-6C04-1CCF-2CC8E9FB1C05}" = CCC Help Turkish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft Mouse and Keyboard Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E41AB0-72CB-4233-BE8E-D303C4E33BAA}" = Microsoft Security Client
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A6CBFF09-BFBF-7243-EABF-596088645914}" = CCC Help Portuguese
"{A847F5DA-9B94-0EEA-D554-6A1A1570C5D3}" = CCC Help Danish
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AC0081B6-1624-1B4F-7D51-4DAE59FA8D03}" = CCC Help Chinese Traditional
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD04BDEA-DCCD-15AA-F70C-44F23D0020D4}" = CCC Help Italian
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AF0068AB-786D-FB3D-4055-FAD4DBAACA8C}" = CCC Help Japanese
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B106B636-CAE2-B7BC-2988-3FD21DB1E0C7}" = Application Profiles
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B4D81323-E455-1933-6401-299B7E13E5CD}" = CCC Help Norwegian
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9C66B24-1FA8-EFF5-EBE2-701B1F0441B4}" = ccc-core-static
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0544715-692E-02F6-C8E3-5C15CC06C110}" = Catalyst Control Center Core Implementation
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{D1CF9BAD-2DA6-A309-DA60-5864E92DC9E3}" = CCC Help Hungarian
"{D3BBF36F-E1E5-A34A-D9AA-2677D4C124DD}" = Catalyst Control Center Graphics Previews Vista
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DF8FE9-6BF0-2E76-697F-0D6CEDF0E58D}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BA788A-D028-36D8-116B-FAB835CD2E56}" = CCC Help Chinese Standard
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F8335120-9D31-8397-C6C4-9425BA52AD33}" = AMD Fuel
"{FA79A820-F535-D2E8-EF2E-8CB3F2361D41}" = CCC Help Russian
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CL-Eye Driver" = CL-Eye Driver
"Clownfish" = Clownfish for Skype
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials Prerelease
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnlineArmor_is1" = Online Armor 5.5
"OpenVPN" = OpenVPN 2.2.2
"SignCut" = SignCut (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.3
"WhoCrashed_is1" = WhoCrashed 3.06
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3757435952-539883156-3484808010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2012 4:05:21 PM | Computer Name = Awesome-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2012 4:23:04 PM | Computer Name = Awesome-PC | Source = System Restore | ID = 8193
Description =

Error - 8/23/2012 4:23:08 PM | Computer Name = Awesome-PC | Source = System Restore | ID = 8193
Description =

Error - 8/23/2012 5:42:34 PM | Computer Name = Awesome-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/23/2012 5:45:57 PM | Computer Name = Awesome-PC | Source = VSS | ID = 8194
Description =

Error - 8/23/2012 5:47:51 PM | Computer Name = Awesome-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Agnitum Firewall Driver. System Error: The system cannot find the file
specified. .

Error - 8/23/2012 5:47:51 PM | Computer Name = Awesome-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SandBox. System Error: The system cannot find the file specified. .

Error - 8/23/2012 5:55:21 PM | Computer Name = Awesome-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Agnitum Firewall Driver. System Error: The system cannot find the file
specified. .

Error - 8/23/2012 5:55:21 PM | Computer Name = Awesome-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SandBox. System Error: The system cannot find the file specified. .

Error - 8/23/2012 6:03:25 PM | Computer Name = Awesome-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/23/2012 4:03:52 PM | Computer Name = Awesome-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/23/2012 4:03:53 PM | Computer Name = Awesome-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache MpFilter OADevice oahlpXX SandBox spldr Wanarpv6

Error - 8/23/2012 4:04:01 PM | Computer Name = Awesome-PC | Source = DCOM | ID = 10005
Description =

Error - 8/23/2012 4:04:07 PM | Computer Name = Awesome-PC | Source = DCOM | ID = 10005
Description =

Error - 8/23/2012 4:04:13 PM | Computer Name = Awesome-PC | Source = DCOM | ID = 10005
Description =

Error - 8/23/2012 4:04:13 PM | Computer Name = Awesome-PC | Source = DCOM | ID = 10005
Description =

Error - 8/23/2012 4:23:04 PM | Computer Name = Awesome-PC | Source = DCOM | ID = 10005
Description =

Error - 8/23/2012 5:42:54 PM | Computer Name = Awesome-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 8/23/2012 5:43:11 PM | Computer Name = Awesome-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 8/23/2012 6:02:58 PM | Computer Name = Awesome-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
AwesomeAsColor
Active Member
 
Posts: 7
Joined: August 21st, 2012, 7:37 pm

Re: Am I Infected? (Help)

Unread postby askey127 » August 23rd, 2012, 7:27 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware