PDA

View Full Version : Infected - Jetswap Safesurf / Safeguard



Maxybo
2010-10-04, 03:12
Hi

Needs some help getting rid of this one, nasty to kill as keeps loading itself back in. Tried killing via msconfig and reg, also tried killing the files once i killed the processes but something i am missing keeps loading it back in.

Any help you can give on this one would be great guys :)

Cheers

Attached the attach file also, forgot that one :)


DDS (Ver_10-03-17.01) - NTFSX64
Run by Maxybo at 1:04:11.79 on 04/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.6135.4360 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\system\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe
E:\itunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe
C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Windows\regedit.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\drivers\safesurf.exe
C:\Windows\SysWOW64\drivers\surfguard.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Maxybo\Desktop\Removal\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - "c:\program files\bitdefender\bitdefender 2010\antispam32\IEToolbar.dll"
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [MSIAfterburner] "c:\program files (x86)\msi afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [Matrox PowerDesk] "c:\program files (x86)\matrox graphics\powerdesk\Matrox.PDesk.Startup.exe"
mRun: [iTunesHelper] "e:\itunes\iTunesHelper.exe"
mRun: [jsafesurf] c:\windows\syswow64\drivers\safesurf.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10i_Plugin.exe -update plugin
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll"
mRun-x64: [BitDefender Antiphishing Helper 32] "c:\program files\bitdefender\bitdefender 2010\antispam32\IEShow.exe"
mRun-x64: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun-x64: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\maxybo\appdata\roaming\mozilla\firefox\profiles\3djj8rmt.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - plugin: e:\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 88144]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-1-4 89680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 103944]
R2 Matrox.Pdesk3.ServicesHost;Matrox.Pdesk3.ServicesHost;c:\program files (x86)\matrox graphics\powerdesk\Matrox.PDesk.Services.exe [2010-5-21 3645256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-9-10 369256]
R2 Win_Updater;Win32 Updater;c:\windows\syswow64\system\svchost.exe [2010-8-21 1405440]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-1-29 163936]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 RTCore64;RTCore64;c:\program files (x86)\msi afterburner\RTCore64.sys [2010-6-7 14648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [2008-2-15 178304]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-17 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 278224]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-9-4 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-3 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-3 9096]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-9-18 155752]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-03 22:51:53 0 d-----w- c:\users\maxybo\appdata\roaming\Malwarebytes
2010-10-03 22:51:46 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 22:51:46 0 d-----w- c:\programdata\Malwarebytes
2010-10-03 22:51:46 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-10-03 22:38:42 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-03 22:38:42 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-10-03 22:10:29 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-10-03 22:10:29 86408 ----a-w- c:\windows\syswow64\setupempdrv03.exe
2010-10-03 22:10:29 8456 ----a-w- c:\windows\syswow64\EuGdiDrv.sys
2010-10-03 22:10:29 2209920 ----a-w- c:\windows\system32\BootMan.exe
2010-10-03 22:10:29 1774720 ----a-w- c:\windows\syswow64\BootMan.exe
2010-10-03 22:10:29 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2010-10-03 22:10:29 14848 ----a-w- c:\windows\syswow64\EuEpmGdi.dll
2010-10-03 22:10:29 14216 ----a-w- c:\windows\syswow64\epmntdrv.sys
2010-10-03 22:10:29 11264 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-10-03 22:10:29 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2010-10-03 22:10:24 0 d-----w- c:\program files (x86)\EASEUS
2010-09-28 20:27:02 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-28 20:26:59 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-28 20:26:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-25 12:52:44 0 ----a-w- c:\windows\syswow64\DotNet.exe
2010-09-25 12:13:01 0 d-----w- c:\users\maxybo\Tracing
2010-09-25 12:10:56 0 d-----w- c:\program files (x86)\Microsoft
2010-09-25 12:10:44 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-09-25 12:01:54 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-09-25 10:49:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-09-24 17:12:58 0 d-----w- c:\programdata\Codemasters
2010-09-24 17:12:44 17686528 ----a-w- c:\windows\syswow64\mkl_blueripple.dll
2010-09-24 17:12:44 1380352 ----a-w- c:\windows\syswow64\rapture3d_oal.dll
2010-09-24 17:12:43 0 d-----w- c:\program files (x86)\BRS
2010-09-24 17:12:40 0 d-----w- c:\windows\syswow64\xlive
2010-09-24 17:12:39 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-09-23 09:33:38 0 d-----w- c:\windows\syswow64\directx
2010-09-22 19:51:12 0 d-----w- c:\users\maxybo\appdata\roaming\NVIDIA
2010-09-22 19:50:33 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-09-22 19:50:33 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-09-22 19:50:33 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-09-22 19:50:33 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-09-22 19:50:32 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-09-22 19:50:32 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-09-22 19:50:29 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-09-22 19:50:29 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-09-21 20:14:57 0 d-----w- c:\users\maxybo\appdata\roaming\Atlus
2010-09-20 19:18:04 0 d-----w- c:\program files (x86)\common files\Steam
2010-09-19 19:14:30 0 d-----w- c:\programdata\Fugazo
2010-09-19 19:13:10 4286 ----a-w- c:\windows\syswow64\ico.ico
2010-09-19 19:13:10 0 d-----w- c:\windows\syswow64\system
2010-09-19 19:13:09 0 d-----w- c:\windows\syswow64\webem
2010-09-19 00:14:17 0 d-----w- c:\program files\iTunes
2010-09-19 00:14:17 0 d-----w- c:\program files\iPod
2010-09-19 00:14:05 0 d-----w- c:\program files\common files\Apple
2010-09-19 00:14:02 0 d-----w- c:\program files\Bonjour
2010-09-19 00:14:02 0 d-----w- c:\program files (x86)\Bonjour
2010-09-18 16:44:44 0 d-----w- c:\programdata\NVIDIA
2010-09-18 15:30:04 0 d-----w- c:\programdata\Sun
2010-09-18 15:29:56 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-18 15:29:56 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-18 15:29:56 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-18 15:29:56 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-14 20:56:50 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-14 20:56:46 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 20:52:27 0 d-----w- c:\programdata\eSellerate
2010-09-10 23:55:12 5792360 ----a-w- c:\windows\system32\nvcpl.dll
2010-09-10 23:55:00 990312 ----a-w- c:\windows\system32\nvvsvc.exe
2010-09-10 23:55:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-09-10 23:55:00 2570344 ----a-w- c:\windows\system32\nvsvc64.dll
2010-09-10 23:55:00 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-09-10 23:55:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-09-08 10:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-09-06 19:04:08 0 d-----w- c:\program files\Hewlett-Packard
2010-09-06 19:04:07 0 ----a-w- c:\windows\HPMProp.INI
2010-09-06 19:03:56 0 d-----w- c:\programdata\Hewlett-Packard
2010-09-05 18:57:27 0 d-----w- c:\program files (x86)\Microsoft Games
2010-09-04 19:09:20 788 ----a-w- c:\windows\system32\DVCState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
2010-09-04 19:09:20 61256 ----a-w- c:\windows\system32\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
2010-09-04 19:09:20 61256 ----a-w- c:\windows\system32\BMXState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
2010-09-04 19:08:31 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-09-04 19:08:31 0 d-----w- c:\program files (x86)\common files\Creative
2010-09-04 19:08:26 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-09-04 19:08:19 0 d-----w- c:\program files\Creative
2010-09-04 19:08:15 0 d-----w- c:\program files (x86)\Creative
2010-09-04 19:08:07 107008 ----a-w- c:\windows\system32\cttele64.dll
2010-09-04 19:07:33 0 d-----w- c:\windows\system32\Data
2010-09-04 16:24:58 0 d-----w- C:\Games
2010-09-04 16:20:23 0 d-----w- c:\users\maxybo\appdata\roaming\YoudaGames

==================== Find3M ====================

2010-09-24 17:12:43 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-24 17:12:43 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-09-07 20:09:02 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2010-09-07 20:08:55 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2010-09-07 20:08:54 1308776 ----a-w- c:\windows\system32\nvgenco64.dll
2010-09-04 19:08:05 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-04 19:08:05 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-08-09 18:53:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-08 19:35:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-03 12:54:48 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-07-31 19:12:02 737280 ----a-w- c:\windows\iun6002.exe
2010-07-30 19:32:45 286720 ----a-w- c:\windows\iun506.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 17:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:55:50 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 17:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-09 22:38:00 930272 ----a-w- c:\windows\system32\dpinst.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:04:20.74 ===============

Blade81
2010-10-07, 17:25
Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Maxybo
2010-10-08, 22:23
Scan only generated one file, the extra file did not generate, i ran it a few times as directed but only the report below was given.


OTL logfile created on: 08/10/2010 20:16:02 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Maxybo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.15 Gb Total Space | 14.83 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive D: | 56.25 Gb Total Space | 9.37 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 11.96 Gb Free Space | 81.61% Space Free | Partition Type: NTFS
Drive F: | 83.00 Gb Total Space | 49.93 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive G: | 141.85 Gb Total Space | 0.74 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive H: | 48.82 Gb Total Space | 7.05 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 917.07 Gb Total Space | 882.85 Gb Free Space | 96.27% Space Free | Partition Type: NTFS

Computer Name: HOMER
Current User Name: Maxybo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
PRC - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe (Matrox Graphics Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\bdimguiaux.exe (BitDefender S.R.L.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_54\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Hooks.dll (Matrox Graphics Inc.)
MOD - C:\Windows\SysWOW64\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\newdev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\devrtl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Matrox.Pdesk3.ServicesHost) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (BdfNdisf) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 2E 90 DC CC 64 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/20 17:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/23 13:19:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/23 13:19:10 | 000,000,000 | ---D | M]

[2010/07/30 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Extensions
[2010/10/05 21:02:59 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Firefox\Profiles\3djj8rmt.default\extensions
[2010/09/19 22:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Firefox\Profiles\3djj8rmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/03 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Firefox\Profiles\3djj8rmt.default\extensions\foxmarks@kei.com
[2010/10/05 21:02:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 16:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/18 23:13:11 | 000,000,000 | ---D | M] - M:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 20:10:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/10/08 20:10:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/10/08 20:10:41 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/10/08 20:10:41 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/10/08 20:10:41 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/10/08 20:10:41 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/10/08 20:10:41 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/10/08 20:10:41 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/10/08 20:10:41 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/10/08 20:10:41 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/10/08 20:10:41 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/10/08 20:10:41 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/10/08 20:10:41 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/10/08 20:10:41 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/10/08 20:10:41 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/10/08 20:10:41 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/10/08 20:10:41 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/10/08 20:10:41 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/10/08 20:10:41 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/10/08 20:10:41 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/10/08 20:10:41 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/10/08 20:10:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/10/05 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/05 21:33:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/05 21:32:09 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/05 21:30:43 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/05 21:30:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/05 20:57:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Desktop\Removal
[2010/10/04 00:56:32 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/10/04 00:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/10/04 00:55:57 | 000,211,968 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/03 23:51:53 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Malwarebytes
[2010/10/03 23:51:46 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/03 23:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2010/09/28 21:27:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/25 16:12:16 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\Games for Windows - LIVE Demos
[2010/09/25 14:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/09/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Tracing
[2010/09/25 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/25 13:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/25 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/25 13:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/24 18:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010/09/24 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/24 18:12:44 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2010/09/24 18:12:44 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2010/09/24 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010/09/24 18:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/24 18:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/09/23 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/23 10:33:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/09/22 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Local\My Games
[2010/09/22 20:51:12 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\NVIDIA
[2010/09/22 20:50:35 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\InstallShield Installation Information
[2010/09/22 20:50:33 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/09/22 20:50:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/09/22 20:50:32 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/09/22 20:50:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/09/22 20:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/09/21 21:14:57 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Atlus
[2010/09/20 20:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/09/19 21:31:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/19 20:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/09/19 20:13:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/09/19 20:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/19 14:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/09/19 14:50:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/09/19 01:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/19 01:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/19 01:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/09/19 01:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/19 01:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/09/18 18:01:48 | 000,358,912 | ---- | C] (Orbmu2k) -- C:\Users\Maxybo\Desktop\nvidiaInspector.exe
[2010/09/18 17:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/18 17:43:55 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/18 17:43:55 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/18 17:43:55 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/18 17:43:55 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/18 17:43:55 | 012,787,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/18 17:43:55 | 010,022,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/18 17:43:55 | 007,428,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/18 17:43:55 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/18 17:43:55 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/18 17:43:55 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/18 17:43:55 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/18 17:43:55 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/18 17:43:55 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,159,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/18 17:43:55 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/18 17:43:55 | 001,499,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2010/09/18 17:43:55 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/09/18 17:43:55 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/18 17:43:55 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/18 17:43:55 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/09/18 17:43:55 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/18 17:43:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/09/18 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Desktop\Cracks
[2010/09/18 16:36:42 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\BFBC2
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/18 16:29:56 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/18 16:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/09/14 21:56:50 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/13 21:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/09/11 00:55:12 | 005,792,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

Maxybo
2010-10-08, 22:23
========== Files - Modified Within 30 Days ==========

[2010/10/08 20:16:01 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/08 20:16:01 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/08 20:16:01 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/08 20:15:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 20:15:09 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 20:10:43 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/08 20:10:43 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/08 20:10:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/08 20:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/08 20:09:55 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 20:09:24 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/08 20:09:24 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/08 20:09:24 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/08 20:09:19 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/10/08 20:09:17 | 001,835,008 | -HS- | M] () -- C:\Users\Maxybo\NTUSER.DAT
[2010/10/08 20:08:46 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/07 18:33:30 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/07 18:33:30 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/05 23:11:25 | 006,954,286 | -H-- | M] () -- C:\Users\Maxybo\AppData\Local\IconCache.db
[2010/10/05 21:33:17 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/05 20:57:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 00:56:27 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/10/04 00:01:35 | 271,127,424 | ---- | M] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | M] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 000,001,476 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | M] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:32 | 000,006,840 | ---- | M] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/24 18:12:43 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/24 18:12:43 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/23 23:11:22 | 000,001,700 | ---- | M] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | M] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:42:08 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/21 00:41:49 | 000,000,577 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/19 20:13:10 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/19 14:50:46 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/19 01:14:20 | 000,002,459 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/17 13:21:55 | 000,000,611 | ---- | M] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | M] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/11 07:46:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/11 07:46:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/11 07:46:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/11 07:46:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/11 07:46:00 | 012,787,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/11 07:46:00 | 010,022,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/11 07:46:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/11 07:46:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/11 07:46:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/11 07:46:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/11 07:46:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/11 07:46:00 | 002,934,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,912,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/11 07:46:00 | 002,666,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/11 07:46:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/11 07:46:00 | 001,499,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/11 07:46:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/11 07:46:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,319,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/11 07:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/11 07:46:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/11 07:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/09/11 00:55:12 | 005,792,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

========== Files Created - No Company Name ==========

[2010/10/08 20:10:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/10/08 20:10:50 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/10/08 20:10:50 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/10/08 20:10:50 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/10/08 20:10:50 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/10/08 20:10:50 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/10/08 20:10:50 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/10/08 20:10:50 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/10/08 20:10:45 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/10/08 20:10:43 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/08 20:10:43 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/10/08 20:10:43 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/08 20:10:43 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/10/08 20:10:43 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/10/08 20:10:43 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/10/08 20:10:42 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/10/08 20:10:42 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/10/08 20:10:42 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/10/08 20:10:42 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/10/08 20:10:42 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/10/08 20:10:42 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/10/08 20:10:42 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/10/08 20:10:42 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/10/08 20:10:42 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/10/08 20:10:42 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/10/08 20:10:42 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/10/08 20:10:42 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/10/08 20:10:42 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/10/08 20:10:42 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/10/08 20:10:42 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/10/08 20:10:42 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/10/08 20:10:42 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/10/08 20:10:42 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/10/08 20:10:42 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/10/08 20:10:42 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/10/08 20:10:42 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/10/08 20:10:42 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/10/08 20:10:42 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/10/08 20:10:42 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/10/08 20:10:42 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/10/08 20:10:42 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/10/08 20:10:42 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/10/08 20:10:42 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/10/08 20:10:42 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/10/08 20:10:42 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/10/08 20:10:42 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/10/08 20:10:42 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/10/08 20:10:42 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/10/08 20:10:42 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/10/08 20:10:42 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/10/08 20:10:42 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/10/08 20:10:42 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/10/08 20:10:42 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/10/08 20:10:42 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/10/08 20:10:42 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/10/08 20:10:42 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/10/08 20:10:42 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/10/08 20:10:42 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/10/08 20:10:42 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/10/08 20:10:42 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/10/08 20:10:42 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/10/08 20:10:42 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/10/08 20:10:42 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/10/08 20:10:42 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/10/08 20:10:42 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/10/08 20:10:42 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/10/08 20:10:42 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/10/08 20:10:42 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/10/08 20:10:42 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/10/08 20:10:42 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/10/08 20:10:42 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/10/08 20:10:42 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/10/08 20:10:42 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/10/08 20:10:42 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/10/08 20:10:42 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/10/08 20:10:42 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/10/08 20:10:42 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/10/08 20:10:42 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/10/08 20:10:42 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/10/08 20:10:42 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/10/08 20:10:42 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/10/08 20:10:42 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/10/08 20:10:42 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/10/08 20:10:42 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/10/08 20:10:42 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/10/08 20:10:42 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/10/08 20:10:42 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/10/08 20:10:42 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/10/08 20:10:42 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/10/08 20:10:42 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/10/08 20:10:42 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/10/08 20:10:42 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/10/08 20:10:42 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/10/08 20:10:42 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/10/08 20:10:42 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/10/08 20:10:42 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/10/08 20:10:42 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/10/08 20:10:42 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/10/08 20:10:42 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/10/08 20:10:42 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/10/08 20:10:42 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/10/08 20:10:42 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/10/08 20:10:42 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/10/08 20:10:42 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/10/08 20:10:42 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/10/08 20:10:42 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/10/08 20:10:42 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/10/08 20:10:42 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/10/08 20:10:42 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/10/08 20:10:42 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/10/08 20:10:42 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/10/08 20:10:42 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/10/08 20:10:42 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/10/08 20:10:42 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/10/08 20:10:42 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/10/08 20:10:42 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/10/08 20:10:42 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/10/08 20:10:42 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/10/08 20:10:42 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/10/08 20:10:42 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/10/08 20:10:42 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/10/08 20:10:42 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/10/08 20:10:42 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/10/08 20:10:42 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/10/08 20:10:42 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/10/08 20:10:42 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/10/08 20:10:42 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/10/08 20:10:42 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/10/08 20:10:42 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/10/08 20:10:42 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/10/08 20:10:42 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/10/08 20:10:42 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/10/08 20:10:42 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/10/08 20:10:42 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/10/08 20:10:42 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/10/08 20:10:42 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/10/08 20:10:42 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/10/08 20:10:42 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/10/08 20:10:42 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/10/08 20:10:42 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/10/08 20:10:42 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/10/08 20:10:42 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/10/08 20:10:42 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/10/08 20:10:42 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/10/08 20:10:42 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/10/08 20:10:42 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/10/08 20:10:42 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/10/08 20:10:42 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/10/08 20:10:42 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/10/08 20:10:42 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/10/08 20:10:42 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/10/08 20:10:42 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/10/08 20:10:42 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/10/08 20:10:42 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/10/08 20:10:42 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/10/08 20:10:42 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/10/08 20:10:42 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/10/08 20:10:42 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/10/08 20:10:42 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/10/08 20:10:42 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/10/08 20:10:42 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/10/08 20:10:42 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/10/08 20:10:42 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/10/08 20:10:42 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/10/08 20:10:42 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/10/08 20:10:42 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/10/08 20:10:42 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/10/08 20:10:42 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/10/08 20:10:42 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/10/08 20:10:42 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/10/08 20:10:42 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/10/08 20:10:42 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/10/08 20:10:42 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/10/08 20:10:42 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/10/08 20:10:42 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/10/08 20:10:42 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/10/08 20:10:42 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/10/08 20:10:42 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/10/08 20:10:42 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/10/08 20:10:42 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/10/08 20:10:42 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/10/08 20:10:42 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/10/08 20:10:42 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/10/08 20:10:42 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/10/08 20:10:42 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/10/08 20:10:42 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/10/08 20:10:42 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/10/08 20:10:42 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/10/08 20:10:42 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/10/08 20:10:42 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/10/08 20:10:42 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/10/08 20:10:42 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/10/08 20:10:42 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/10/08 20:10:42 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/10/08 20:10:42 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/10/08 20:10:42 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/10/08 20:10:42 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/10/08 20:10:42 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/10/08 20:10:42 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/10/08 20:10:42 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/10/08 20:10:42 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/10/08 20:10:42 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/10/08 20:10:42 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/10/08 20:10:42 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/10/08 20:10:42 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/10/08 20:10:42 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/10/08 20:10:42 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/10/08 20:10:42 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/10/08 20:10:42 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/10/08 20:10:42 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/10/08 20:10:42 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/10/08 20:10:42 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/10/08 20:10:42 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/10/08 20:10:42 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/10/08 20:10:42 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/10/08 20:10:42 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/10/08 20:10:42 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/10/08 20:10:42 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/10/08 20:10:42 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/10/08 20:10:42 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/10/08 20:10:42 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/10/08 20:10:42 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/10/08 20:10:42 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/10/08 20:10:42 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/10/08 20:10:42 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/10/08 20:10:42 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/10/08 20:10:42 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/10/08 20:10:42 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/10/08 20:10:42 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/10/08 20:10:42 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/10/08 20:10:42 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/10/08 20:10:42 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/10/08 20:10:42 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/10/08 20:10:42 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/10/08 20:10:42 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/10/08 20:10:42 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/10/08 20:10:42 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/10/08 20:10:42 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/10/08 20:10:42 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/10/08 20:10:42 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/10/08 20:10:42 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/10/08 20:10:42 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/10/08 20:10:42 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/10/08 20:10:42 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/10/08 20:10:42 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/10/08 20:10:42 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/10/08 20:10:42 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/10/08 20:10:42 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/10/08 20:10:42 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/10/08 20:10:42 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/10/08 20:10:42 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/10/08 20:10:42 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/10/08 20:10:42 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/10/08 20:10:42 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/10/08 20:10:42 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/10/08 20:10:42 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/10/08 20:10:42 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/10/08 20:10:42 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/10/08 20:10:42 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/10/08 20:10:42 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/10/08 20:10:42 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/10/08 20:10:42 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/10/08 20:10:42 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/10/08 20:10:42 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/10/08 20:10:42 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/10/08 20:10:42 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/10/08 20:10:42 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/10/08 20:10:42 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/10/08 20:10:42 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/10/08 20:10:42 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/10/08 20:10:42 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/10/08 20:10:42 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/10/08 20:10:42 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/10/08 20:10:42 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/10/08 20:10:42 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/10/08 20:10:42 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/10/08 20:10:42 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/10/08 20:10:42 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/10/08 20:10:42 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/10/08 20:10:42 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/10/08 20:10:42 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/10/08 20:10:42 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/10/08 20:10:42 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/10/08 20:10:42 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/10/08 20:10:42 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/10/08 20:10:42 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/10/08 20:10:42 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/10/08 20:10:42 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/10/08 20:10:42 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/10/08 20:10:42 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/10/08 20:10:42 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/10/08 20:10:41 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/10/08 20:10:41 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/10/08 20:10:41 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/10/04 00:56:08 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/10/04 00:00:54 | 271,127,424 | ---- | C] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | C] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 002,209,920 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2010/10/03 23:10:29 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/10/03 23:10:29 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2010/10/03 23:10:29 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/10/03 23:10:29 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2010/10/03 23:10:29 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/10/03 23:10:29 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,001,476 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | C] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:31 | 000,006,840 | ---- | C] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/23 23:11:22 | 000,001,700 | ---- | C] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | C] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:40:34 | 000,000,577 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/21 00:33:42 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/19 20:13:10 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/19 14:50:46 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/19 01:14:20 | 000,002,459 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/17 13:21:55 | 000,000,611 | ---- | C] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | C] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/06 20:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/02 12:52:42 | 000,000,025 | ---- | C] () -- C:\Users\Maxybo\AppData\Roaming\bdfvconp.ini
[2010/07/30 16:41:37 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/30 16:34:13 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/30 16:34:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/21 16:13:52 | 003,547,136 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/16 01:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2004/10/28 15:38:10 | 000,315,728 | ---- | C] () -- C:\Windows\SysWow64\flt1chk3.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/20 17:19:16 | 000,006,540 | ---- | M] () -- C:\bdlog.txt
[2010/10/08 20:09:55 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 20:09:56 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Blade81
2010-10-08, 23:42
Hi again,

Upload C:\Windows\SysWow64\drivers\skybound.gecko.dll file to http://www.virustotal.com and post back the results/a link to the results.

Delete C:\Users\Maxybo\Desktop\Cracks folder. We don't support cracks here.


Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
:Files
C:\Windows\SysWow64\drivers\f
C:\Windows\SysWow64\drivers\surfguard.exe
C:\Windows\SysWow64\drivers\up.exe
:Commands
[emptytemp]


Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log



Uninstall old Adobe Reader versions and get the latest one (9.4) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report & a fresh OTL.txt log.

Maxybo
2010-10-09, 15:49
After reboot it came right back, not sure if that was expected.


skybound.gecko.dll Scan:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 5265ed51df8283652f6889cb37bd1c3d
Date first seen: 2009-09-10 13:19:15 (UTC)
Date last seen: 2010-10-04 11:03:27 (UTC)
Detection ratio: 0/43


OTL Fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsafesurf deleted successfully.
C:\Windows\SysWOW64\drivers\safesurf.exe moved successfully.
C:\Windows\SysWOW64\drivers\surfguard.exe moved successfully.
C:\Windows\SysWOW64\drivers\up.exe moved successfully.
File C:\Windows\SysWow64\drivers\safesurf.exe not found.
========== FILES ==========
File\Folder C:\Windows\SysWow64\system32 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maxybo
->Temp folder emptied: 202072480 bytes
->Temporary Internet Files folder emptied: 58287275 bytes
->Java cache emptied: 3556 bytes
->FireFox cache emptied: 83719843 bytes
->Flash cache emptied: 63492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6640568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 88059006 bytes

Total Files Cleaned = 419.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10052010_213016

Files\Folders moved on Reboot...
C:\Users\Maxybo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\etilqs_xWJK0WTaHTojmbMNGZaB not found!

Registry entries deleted on Reboot...


Adobe Reader removed.

ATF ran on IE and Firefox

Online Scan Complete with following results:

svchost.exe\svchost.exe/svchost.exe\svchost.exe Trojan-Downloader.Win32.Pher.gkp

C:\Windows\SysWOW64\system\svchost.exe/C:\Windows\SysWOW64\system\svchost.exe Trojan-Downloader.Win32.Pher.gkp

C:\Windows\System32\system\svchost.exe Trojan-Downloader.Win32.Pher.gkp

C:\Windows\SysWOW64\system\svchost.exe Trojan-Downloader.Win32.Pher.gkp


Rerun of OTL Scan:

OTL logfile created on: 09/10/2010 13:47:24 - Run 7
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Maxybo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.15 Gb Total Space | 15.19 Gb Free Space | 27.04% Space Free | Partition Type: NTFS
Drive D: | 56.25 Gb Total Space | 9.37 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 11.95 Gb Free Space | 81.59% Space Free | Partition Type: NTFS
Drive F: | 83.00 Gb Total Space | 49.93 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive G: | 141.85 Gb Total Space | 0.74 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive H: | 48.82 Gb Total Space | 7.05 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HOMER
Current User Name: Maxybo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe (Matrox Graphics Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\bdimguiaux.exe (BitDefender S.R.L.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Hooks.dll (Matrox Graphics Inc.)
MOD - C:\Windows\SysWOW64\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\newdev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\devrtl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Matrox.Pdesk3.ServicesHost) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (BdfNdisf) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 2E 90 DC CC 64 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/20 17:19:16 | 000,000,000 | ---D | M]

[2010/10/09 00:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 16:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 11:34:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/10/09 00:25:26 | 000,202,752 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/08 23:01:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/08 20:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/08 20:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/05 21:33:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/05 21:30:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/05 20:57:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Desktop\Removal
[2010/10/04 00:56:32 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/10/03 23:51:53 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Malwarebytes
[2010/10/03 23:51:46 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/03 23:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2010/09/28 21:27:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/25 16:12:16 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\Games for Windows - LIVE Demos
[2010/09/25 14:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/09/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Tracing
[2010/09/25 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/25 13:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/25 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/25 13:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/24 18:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010/09/24 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/24 18:12:44 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2010/09/24 18:12:44 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2010/09/24 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010/09/24 18:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/24 18:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/09/23 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/23 10:33:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/09/22 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Local\My Games
[2010/09/22 20:51:12 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\NVIDIA
[2010/09/22 20:50:35 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\InstallShield Installation Information
[2010/09/22 20:50:33 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/09/22 20:50:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/09/22 20:50:32 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/09/22 20:50:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/09/22 20:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/09/21 21:14:57 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Atlus
[2010/09/20 20:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/09/19 21:31:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/19 20:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/09/19 20:13:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/09/19 20:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/19 14:50:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/09/19 01:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/09/19 01:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/19 01:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/09/18 18:01:48 | 000,358,912 | ---- | C] (Orbmu2k) -- C:\Users\Maxybo\Desktop\nvidiaInspector.exe
[2010/09/18 17:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/18 17:43:55 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/18 17:43:55 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/18 17:43:55 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/18 17:43:55 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/18 17:43:55 | 012,787,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/18 17:43:55 | 010,022,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/18 17:43:55 | 007,428,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/18 17:43:55 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/18 17:43:55 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/18 17:43:55 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/18 17:43:55 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/18 17:43:55 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/18 17:43:55 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,159,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/18 17:43:55 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/18 17:43:55 | 001,499,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2010/09/18 17:43:55 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/09/18 17:43:55 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/18 17:43:55 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/18 17:43:55 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/09/18 17:43:55 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/18 17:43:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/09/18 16:36:42 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\BFBC2
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/18 16:29:56 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/18 16:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/09/14 21:56:50 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/13 21:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/09/11 00:55:12 | 005,792,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/10/09 13:47:32 | 001,835,008 | -HS- | M] () -- C:\Users\Maxybo\NTUSER.DAT
[2010/10/09 13:46:31 | 005,321,383 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.new.exe
[2010/10/09 11:37:06 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/09 11:37:06 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/09 11:37:06 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/09 11:36:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 11:36:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 11:31:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/09 11:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/09 11:31:36 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 00:30:17 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 00:30:17 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 00:30:17 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 00:30:16 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/10/09 00:30:09 | 006,885,637 | -H-- | M] () -- C:\Users\Maxybo\AppData\Local\IconCache.db
[2010/10/09 00:25:28 | 000,202,752 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/08 23:02:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/08 20:21:42 | 000,002,459 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/05 20:57:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 00:01:35 | 271,127,424 | ---- | M] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | M] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 000,001,476 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | M] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:32 | 000,006,840 | ---- | M] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/24 18:12:43 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/24 18:12:43 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/23 23:11:22 | 000,001,700 | ---- | M] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | M] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:42:08 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/21 00:41:49 | 000,000,577 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/19 20:13:10 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/17 13:21:55 | 000,000,611 | ---- | M] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | M] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/11 07:46:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/11 07:46:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/11 07:46:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/11 07:46:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/11 07:46:00 | 012,787,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/11 07:46:00 | 010,022,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/11 07:46:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/11 07:46:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/11 07:46:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/11 07:46:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/11 07:46:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/11 07:46:00 | 002,934,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,912,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/11 07:46:00 | 002,666,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/11 07:46:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/11 07:46:00 | 001,499,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/11 07:46:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/11 07:46:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,319,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/11 07:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/11 07:46:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/11 07:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/09/11 00:55:12 | 005,792,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

========== Files Created - No Company Name ==========

[2010/10/09 11:34:03 | 005,321,383 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.new.exe
[2010/10/04 00:00:54 | 271,127,424 | ---- | C] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | C] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 002,209,920 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2010/10/03 23:10:29 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/10/03 23:10:29 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2010/10/03 23:10:29 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/10/03 23:10:29 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2010/10/03 23:10:29 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/10/03 23:10:29 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,001,476 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | C] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:31 | 000,006,840 | ---- | C] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/23 23:11:22 | 000,001,700 | ---- | C] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | C] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:40:34 | 000,000,577 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/21 00:33:42 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/19 20:13:10 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/19 01:14:20 | 000,002,459 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/17 13:21:55 | 000,000,611 | ---- | C] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | C] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/06 20:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/02 12:52:42 | 000,000,025 | ---- | C] () -- C:\Users\Maxybo\AppData\Roaming\bdfvconp.ini
[2010/07/30 16:41:37 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/30 16:34:13 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/30 16:34:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/21 16:13:52 | 003,547,136 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/16 01:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2004/10/28 15:38:10 | 000,315,728 | ---- | C] () -- C:\Windows\SysWow64\flt1chk3.dll
< End of report >

Blade81
2010-10-09, 17:13
Hi,

Time for a new OTL run.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:Files
C:\Windows\SysWOW64\system
C:\Windows\System32\system
C:\Windows\SysWow64\drivers\f
C:\Windows\SysWow64\drivers\safesurf.exe

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post result report + a new OTL.txt log.

Maxybo
2010-10-09, 17:31
OTL Fix:

========== FILES ==========
C:\Windows\SysWOW64\system folder moved successfully.
File\Folder C:\Windows\System32\system not found.
C:\Windows\SysWow64\drivers\f folder moved successfully.
C:\Windows\SysWow64\drivers\safesurf.exe moved successfully.

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_152827




OTL Scan:

OTL logfile created on: 09/10/2010 15:29:15 - Run 8
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Maxybo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.15 Gb Total Space | 14.45 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
Drive D: | 56.25 Gb Total Space | 9.37 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 11.95 Gb Free Space | 81.57% Space Free | Partition Type: NTFS
Drive F: | 83.00 Gb Total Space | 49.93 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive G: | 141.85 Gb Total Space | 0.63 Gb Free Space | 0.44% Space Free | Partition Type: NTFS
Drive H: | 48.82 Gb Total Space | 7.05 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 917.07 Gb Total Space | 883.00 Gb Free Space | 96.28% Space Free | Partition Type: NTFS

Computer Name: HOMER
Current User Name: Maxybo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.HookHost.exe ()
PRC - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe (Matrox Graphics Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Maxybo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Hooks.dll (Matrox Graphics Inc.)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\newdev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\devrtl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Matrox.Pdesk3.ServicesHost) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe (Matrox Graphics Inc)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (BdfNdisf) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 2E 90 DC CC 64 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/20 17:19:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/09 14:49:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/09 13:53:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/10/09 14:19:42 | 000,000,000 | ---D | M]

[2010/10/09 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Extensions
[2010/10/09 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Firefox\Profiles\cw2hj6hh.default\extensions
[2010/10/09 13:57:29 | 000,000,000 | ---D | M] -- C:\Users\Maxybo\AppData\Roaming\Mozilla\Firefox\Profiles\cw2hj6hh.default\extensions\foxmarks@kei.com
[2010/10/09 14:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 16:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/09 14:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/18 23:13:11 | 000,000,000 | ---D | M] - M:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 14:20:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVP11
[2010/10/09 14:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/10/09 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/10/09 14:19:21 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/10/09 14:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/10/09 13:48:14 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/08 20:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/08 20:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/05 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/05 21:33:17 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/05 21:30:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/05 20:57:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 01:03:22 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Desktop\Removal
[2010/10/04 00:56:32 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/10/03 23:51:53 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Malwarebytes
[2010/10/03 23:51:46 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/03 23:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/03 23:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/03 23:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2010/09/28 21:27:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/25 16:12:16 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\Games for Windows - LIVE Demos
[2010/09/25 14:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/09/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Tracing
[2010/09/25 13:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/25 13:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/25 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/25 13:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/24 18:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010/09/24 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/24 18:12:44 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2010/09/24 18:12:44 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2010/09/24 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010/09/24 18:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/24 18:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/09/23 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/23 10:33:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/09/22 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Local\My Games
[2010/09/22 20:51:12 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\NVIDIA
[2010/09/22 20:50:35 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\InstallShield Installation Information
[2010/09/22 20:50:33 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/09/22 20:50:33 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/09/22 20:50:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/09/22 20:50:32 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/09/22 20:50:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/09/22 20:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/09/21 21:14:57 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\AppData\Roaming\Atlus
[2010/09/20 20:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/09/19 21:31:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/19 20:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/09/19 20:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/19 14:50:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/09/19 01:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/09/19 01:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/19 01:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/19 01:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/09/18 18:01:48 | 000,358,912 | ---- | C] (Orbmu2k) -- C:\Users\Maxybo\Desktop\nvidiaInspector.exe
[2010/09/18 17:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/18 17:43:55 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/18 17:43:55 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/18 17:43:55 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/18 17:43:55 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/18 17:43:55 | 012,787,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/18 17:43:55 | 010,022,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/18 17:43:55 | 007,428,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/18 17:43:55 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/18 17:43:55 | 005,399,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/18 17:43:55 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/18 17:43:55 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/18 17:43:55 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/18 17:43:55 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/18 17:43:55 | 002,159,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/18 17:43:55 | 001,718,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/18 17:43:55 | 001,499,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/18 17:43:55 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2010/09/18 17:43:55 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/18 17:43:55 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/09/18 17:43:55 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/18 17:43:55 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/18 17:43:55 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/09/18 17:43:55 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/18 17:43:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/09/18 16:36:42 | 000,000,000 | ---D | C] -- C:\Users\Maxybo\Documents\BFBC2
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/18 16:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/18 16:29:56 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/18 16:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/09/14 21:56:50 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/13 21:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/09/11 00:55:12 | 005,792,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/10/09 15:29:20 | 001,835,008 | -HS- | M] () -- C:\Users\Maxybo\NTUSER.DAT
[2010/10/09 15:06:17 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/09 15:06:17 | 000,636,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/09 15:06:17 | 000,114,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/09 15:05:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 15:05:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 15:00:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/09 15:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/09 15:00:26 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 14:59:56 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 14:59:56 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 14:59:56 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00231102}.rfx
[2010/10/09 14:57:40 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010/10/09 14:57:34 | 006,889,707 | -H-- | M] () -- C:\Users\Maxybo\AppData\Local\IconCache.db
[2010/10/09 14:47:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/10/09 14:47:32 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/10/09 14:47:32 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/10/09 14:38:24 | 000,002,459 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/09 14:21:08 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/09 13:53:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/09 13:53:32 | 000,001,963 | ---- | M] () -- C:\Users\Maxybo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 13:53:32 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/08 23:02:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Maxybo\Desktop\ATF-Cleaner.exe
[2010/10/05 20:57:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maxybo\Desktop\OTL.exe
[2010/10/04 00:01:35 | 271,127,424 | ---- | M] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | M] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 000,001,476 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | M] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:32 | 000,006,840 | ---- | M] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/24 18:12:43 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/24 18:12:43 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/23 23:11:22 | 000,001,700 | ---- | M] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | M] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:42:08 | 000,000,201 | ---- | M] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/21 00:41:49 | 000,000,577 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/19 20:13:10 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/18 16:29:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/18 16:29:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/18 16:29:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/17 13:21:55 | 000,000,611 | ---- | M] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | M] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/11 07:46:00 | 020,280,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/11 07:46:00 | 018,597,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/11 07:46:00 | 014,899,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/11 07:46:00 | 013,019,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/11 07:46:00 | 012,787,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/11 07:46:00 | 010,022,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/09/11 07:46:00 | 007,428,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/09/11 07:46:00 | 006,470,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/11 07:46:00 | 005,399,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/09/11 07:46:00 | 004,836,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/11 07:46:00 | 003,112,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/11 07:46:00 | 002,934,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,912,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/11 07:46:00 | 002,666,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/11 07:46:00 | 002,159,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/09/11 07:46:00 | 001,718,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/11 07:46:00 | 001,499,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/09/11 07:46:00 | 001,308,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/09/11 07:46:00 | 000,386,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,319,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/09/11 07:46:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/11 07:46:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/11 07:46:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/11 07:46:00 | 000,007,877 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/09/11 00:55:12 | 005,792,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/09/11 00:55:00 | 002,570,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/09/11 00:55:00 | 001,881,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/09/11 00:55:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/09/11 00:55:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

========== Files Created - No Company Name ==========

[2010/10/09 14:19:53 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/10/09 14:19:53 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/10/09 13:53:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/09 13:53:32 | 000,001,963 | ---- | C] () -- C:\Users\Maxybo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/09 13:53:32 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/04 00:00:54 | 271,127,424 | ---- | C] () -- C:\Users\Maxybo\Desktop\bkup.reg
[2010/10/03 23:51:49 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 23:38:48 | 000,001,274 | ---- | C] () -- C:\Users\Maxybo\Desktop\Spybot - Search & Destroy.lnk
[2010/10/03 23:10:29 | 002,209,920 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2010/10/03 23:10:29 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/10/03 23:10:29 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2010/10/03 23:10:29 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/10/03 23:10:29 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2010/10/03 23:10:29 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/10/03 23:10:29 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2010/10/03 23:10:29 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/10/03 23:10:29 | 000,001,476 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 6.1.1 Server Edition.lnk
[2010/09/26 11:44:43 | 000,001,176 | ---- | C] () -- C:\Users\Maxybo\Desktop\f1-Maxybo.exe - Shortcut.lnk
[2010/09/25 13:52:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\DotNet.exe
[2010/09/25 12:59:31 | 000,006,840 | ---- | C] () -- C:\Users\Maxybo\Desktop\biohazard.jpg
[2010/09/25 11:49:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2010/09/23 23:11:22 | 000,001,700 | ---- | C] () -- C:\Users\Maxybo\Desktop\civ5-Maxybo.exe - Shortcut.lnk
[2010/09/23 23:07:34 | 000,000,200 | ---- | C] () -- C:\Users\Maxybo\Desktop\Sid Meier's Civilization V.url
[2010/09/23 13:19:08 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/22 20:49:46 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\Alien Breed 2 Assault.url
[2010/09/21 00:40:34 | 000,000,577 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/21 00:33:42 | 000,000,201 | ---- | C] () -- C:\Users\Maxybo\Desktop\F1 2010.url
[2010/09/19 20:13:10 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/19 01:14:20 | 000,002,459 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/17 13:21:55 | 000,000,611 | ---- | C] () -- C:\Users\Maxybo\Desktop\AirportMadness3.exe - Shortcut.lnk
[2010/09/12 13:43:09 | 000,000,806 | ---- | C] () -- C:\Users\Maxybo\Desktop\AESHelp.lnk
[2010/09/11 23:41:28 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\AESHelp for FSX.lnk
[2010/09/06 20:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/02 12:52:42 | 000,000,025 | ---- | C] () -- C:\Users\Maxybo\AppData\Roaming\bdfvconp.ini
[2010/07/30 16:41:37 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/30 16:34:13 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/30 16:34:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/21 16:13:52 | 003,547,136 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/16 01:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2004/10/28 15:38:10 | 000,315,728 | ---- | C] () -- C:\Windows\SysWow64\flt1chk3.dll
< End of report >

Blade81
2010-10-09, 17:37
Hi,

I see you got Kaspersky Anti-Virus installed there. Keep in mind that if it's trial version you won't get any new updates after 30 days. Also, you already had BitDefender there. No more than one antivirus program should be installed on same workstation.

How's the system running now?

Maxybo
2010-10-09, 17:44
Hi

I think you got it, just did a reboot there and it's not showing as a running process any longer :D What a nastly little thing that is.

Yea i installed Kaspersky as it was recommended over Bitdefenders AV, i have disabled the BD AV while i am using Kaspersky.

What do you recommend as a AV to use?

Many thanks for all your time and help with the safesurf issue, its very much appreciated.

Blade81
2010-10-09, 17:53
You're welcome :)


What do you recommend as a AV to use?
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)

Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)



Let's see the final steps next.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.




Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Maxybo
2010-10-09, 18:55
I have now completed the final steps you have advised, i have also ditched BD and went for Kaspersky as my main protection.

System is now running very well with no problems at all now.

Many thanks again for your help :)

Blade81
2010-10-10, 10:33
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.