Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Browser hijacked - now with DDS log

  1. 2011-11-26, 03:09 #1
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default Browser hijacked - now with DDS log

    Sorry for the previous thread and the wrong log type posted. Here is a DDS log.

    Previous thread: http://forums.spybot.info/showthread.php?t=64487

    Thanks again for any help.



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Run by Cuda at 21:04:02 on 2011-11-25
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.3947 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Cuda\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://iknowsearch.net
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6D3382E0-DBD8-46D4-A614-67C593A25B99} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\2456C6B696E6E233346353 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\3343836445 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\7394535303 : DhcpNameServer = 192.168.1.1 68.238.112.12
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\844534023556E637164796F6E6024374 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}\E4331414E4 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.iknowsearch.net/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-28 98208]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-14 366152]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-28 2253120]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-28 689472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-27 2656280]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
    S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys [2011-8-20 14544]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-11-26 01:57:56 111408 ----a-w- C:\Windows\System32\drivers\54886717.sys
    2011-11-26 01:21:59 78848 ----a-w- C:\Windows\KMSEmulator.exe
    2011-11-26 01:10:16 111616 ----a-w- C:\Windows\SysWow64\g0Qol0.com
    2011-11-26 01:05:34 -------- d-----w- C:\Program Files (x86)\NET Traffic Meter
    2011-11-25 17:45:04 -------- d-----w- C:\Users\Cuda\AppData\Roaming\PhotoScape
    2011-11-25 17:44:53 -------- d-----w- C:\Program Files (x86)\PhotoScape
    2011-11-24 17:34:33 -------- d-----w- C:\Users\Cuda\AppData\Local\Microsoft Games
    2011-11-24 00:32:51 -------- d-----w- C:\Program Files (x86)\LP
    2011-11-23 23:49:36 -------- d-----we C:\Windows\system64
    2011-11-17 01:58:15 -------- d-----w- C:\Program Files (x86)\Trident Web Solutions, Inc
    2011-11-16 01:23:56 -------- d-----w- C:\Windows\pss
    2011-11-11 17:19:47 -------- d-----w- C:\Users\Cuda\AppData\Local\Skyrim
    2011-11-11 17:03:01 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
    2011-11-11 17:03:01 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2011-11-11 17:03:01 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
    2011-11-11 17:03:01 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2011-11-11 17:03:01 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2011-11-11 17:03:01 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
    2011-11-11 17:03:00 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
    2011-11-11 17:03:00 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2011-11-11 17:01:55 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
    2011-11-11 17:00:51 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
    2011-11-11 16:54:56 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
    2011-11-11 16:40:58 502256 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2011-11-10 00:01:54 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-10 00:01:54 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-10 00:01:27 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-10 00:00:58 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-06 17:46:28 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-05 01:54:25 -------- d-----w- C:\Users\Cuda\AppData\Local\Adobe
    2011-11-05 01:27:56 98816 ----a-w- C:\Windows\sed.exe
    2011-11-05 01:27:56 518144 ----a-w- C:\Windows\SWREG.exe
    2011-11-05 01:27:56 256000 ----a-w- C:\Windows\PEV.exe
    2011-11-05 01:27:56 208896 ----a-w- C:\Windows\MBR.exe
    2011-11-04 01:42:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-30 23:33:03 -------- d-----w- C:\Program Files\SAMSUNG
    2011-10-30 23:31:07 -------- d-----w- C:\ProgramData\Samsung
    .
    ==================== Find3M ====================
    .
    2011-10-18 06:43:46 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2011-10-18 06:43:44 95928 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 21:05:04.01 ===============
  2. 2011-11-26, 15:41 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-11-26, 20:47 #3
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-26 14:28:36
    -----------------------------
    14:28:36.425 OS Version: Windows x64 6.1.7600
    14:28:36.440 Number of processors: 8 586 0x2A07
    14:28:36.440 ComputerName: CUDA-PC UserName: Cuda
    14:28:38.437 Initialize success
    14:28:43.523 AVAST engine defs: 11112601
    14:28:46.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:28:46.222 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
    14:28:46.237 Disk 0 MBR read successfully
    14:28:46.237 Disk 0 MBR scan
    14:28:46.237 Disk 0 Windows VISTA default MBR code
    14:28:46.237 Service scanning
    14:28:48.889 Modules scanning
    14:28:48.889 Disk 0 trace - called modules:
    14:28:48.905 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    14:28:48.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006619060]
    14:28:48.905 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006482c80]
    14:28:48.905 5 stdcfltn.sys[fffff8800184bc52] -> nt!IofCallDriver -> [0xfffffa8005f52e40]
    14:28:48.920 7 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f54050]
    14:28:50.496 AVAST engine scan C:\Windows
    14:28:55.394 AVAST engine scan C:\Windows\system32
    14:29:02.836 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
    14:30:25.018 AVAST engine scan C:\Windows\system32\drivers
    14:30:40.384 AVAST engine scan C:\Users\Cuda
    14:33:17.006 File: C:\Users\Cuda\AppData\Local\Temp\akslsunobi **INFECTED** Win32:FakeAlert-BLY [Trj]
    14:33:19.496 File: C:\Users\Cuda\AppData\Local\Temp\mgr.dll **INFECTED** Win32:FakeAlert-BLY [Trj]
    14:33:29.730 File: C:\Users\Cuda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\54a13990-49a30161 **INFECTED** Win32:FakeAlert-BLY [Trj]
    14:36:46.418 AVAST engine scan C:\ProgramData
    14:46:15.405 Scan finished successfully
    14:46:50.238 Disk 0 MBR has been saved successfully to "C:\Users\Cuda\Desktop\MBR.dat"
    14:46:50.244 The log file has been saved successfully to "C:\Users\Cuda\Desktop\aswMBR.txt"
  4. 2011-11-26, 22:31 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Yep, you have a few things going on, lets do this.

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).







    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2011-11-26, 23:04 #5
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default

    ComboFix 11-11-26.04 - Cuda 11/26/2011 16:47:25.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.3099 [GMT -5:00]
    Running from: c:\users\Cuda\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\LP
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-26 21:51 . 2011-11-26 21:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-26 21:51 . 2011-11-26 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-26 01:21 . 2011-11-26 19:28 78848 ----a-w- c:\windows\KMSEmulator.exe
    2011-11-26 01:10 . 2011-11-25 22:13 111616 ----a-w- c:\windows\SysWow64\g0Qol0.com
    2011-11-26 01:05 . 2011-11-26 01:32 -------- d-----w- c:\program files (x86)\NET Traffic Meter
    2011-11-25 17:45 . 2011-11-26 01:32 -------- d-----w- c:\users\Cuda\AppData\Roaming\PhotoScape
    2011-11-25 17:44 . 2011-11-26 01:32 -------- d-----w- c:\program files (x86)\PhotoScape
    2011-11-24 17:34 . 2011-11-24 17:35 -------- d-----w- c:\users\Cuda\AppData\Local\Microsoft Games
    2011-11-17 01:58 . 2011-11-17 01:58 -------- d-----w- c:\program files (x86)\Trident Web Solutions, Inc
    2011-11-11 17:19 . 2011-11-11 17:19 -------- d-----w- c:\users\Cuda\AppData\Local\Skyrim
    2011-11-11 17:03 . 2010-02-04 15:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-11-11 17:03 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2011-11-11 17:03 . 2010-02-04 15:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-11-11 17:03 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2011-11-11 17:03 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2011-11-11 17:03 . 2010-02-04 15:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-11-11 17:03 . 2010-02-04 15:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2011-11-11 17:03 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2011-11-11 17:01 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
    2011-11-11 17:00 . 2008-05-30 19:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
    2011-11-11 16:54 . 2011-11-11 17:19 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
    2011-11-10 00:01 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 00:01 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-10 00:01 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-10 00:00 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 01:54 . 2011-11-25 16:28 -------- d-----w- c:\users\Cuda\AppData\Local\Adobe
    2011-11-04 01:42 . 2011-11-04 01:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-30 23:33 . 2011-10-30 23:33 -------- d-----w- c:\program files\SAMSUNG
    2011-10-30 23:31 . 2011-10-30 23:31 -------- d-----w- c:\programdata\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 06:43 . 2011-10-18 06:43 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2011-10-18 06:43 . 2011-10-18 06:43 95928 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2011-10-15 08:53 . 2011-03-28 07:24 860992 ----a-w- c:\windows\system32\nvumdshimx.dll
    2011-10-15 08:53 . 2011-03-28 07:24 2808128 ----a-w- c:\windows\system32\nvapi64.dll
    2011-10-15 08:53 . 2010-11-29 12:35 1985841 ----a-w- c:\windows\system32\nvcoproc.bin
    2011-10-15 08:53 . 2010-11-29 12:35 137536 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2010-11-29 10:35 539456 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-10-15 08:53 . 2010-11-29 10:35 222528 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2010-11-29 10:35 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2010-11-29 10:35 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2011-10-15 08:53 . 2010-11-29 10:35 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-10-15 08:53 . 2010-11-29 10:35 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll
    2011-10-15 08:53 . 2010-11-29 10:35 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-10-15 08:53 . 2010-11-29 10:35 10406208 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2010-11-29 10:34 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-10-01 03:21 . 2011-10-12 22:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-12 22:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-31 21:00 . 2011-08-15 15:59 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-05_01.39.22 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-04-03 00:34 . 2008-10-27 14:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
    + 2011-11-11 17:01 . 2008-10-27 15:04 70992 c:\windows\SysWOW64\XAPOFX1_2.dll
    - 2011-04-03 00:34 . 2008-07-31 14:41 68616 c:\windows\SysWOW64\XAPOFX1_1.dll
    + 2011-11-11 17:01 . 2008-07-31 15:41 68616 c:\windows\SysWOW64\XAPOFX1_1.dll
    + 2011-11-11 17:01 . 2008-05-30 19:17 65032 c:\windows\SysWOW64\XAPOFX1_0.dll
    - 2011-04-03 00:34 . 2008-05-30 18:17 65032 c:\windows\SysWOW64\XAPOFX1_0.dll
    - 2011-04-03 00:34 . 2009-03-16 18:18 22360 c:\windows\SysWOW64\X3DAudio1_6.dll
    + 2011-11-11 17:02 . 2009-03-16 19:18 22360 c:\windows\SysWOW64\X3DAudio1_6.dll
    - 2011-04-03 00:34 . 2008-10-27 14:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
    + 2011-11-11 17:01 . 2008-10-27 15:04 23376 c:\windows\SysWOW64\X3DAudio1_5.dll
    - 2011-04-03 00:34 . 2008-05-30 18:17 25608 c:\windows\SysWOW64\X3DAudio1_4.dll
    + 2011-11-11 17:01 . 2008-05-30 19:17 25608 c:\windows\SysWOW64\X3DAudio1_4.dll
    - 2011-04-03 00:34 . 2008-03-05 20:00 25608 c:\windows\SysWOW64\X3DAudio1_3.dll
    + 2011-11-11 17:00 . 2008-03-05 21:00 25608 c:\windows\SysWOW64\X3DAudio1_3.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 51024 c:\windows\SysWOW64\vcomp100.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\SysWOW64\vcomp100.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 61248 c:\windows\SysWOW64\OpenCL.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100u.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\SysWOW64\mfcm100.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 60752 c:\windows\SysWOW64\mfc100rus.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\SysWOW64\mfc100rus.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 43344 c:\windows\SysWOW64\mfc100kor.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\SysWOW64\mfc100kor.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\SysWOW64\mfc100ita.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 62288 c:\windows\SysWOW64\mfc100ita.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100fra.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100fra.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\SysWOW64\mfc100esn.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 63824 c:\windows\SysWOW64\mfc100esn.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\SysWOW64\mfc100enu.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 55120 c:\windows\SysWOW64\mfc100enu.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\SysWOW64\mfc100deu.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100deu.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100cht.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100cht.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100chs.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\SysWOW64\mfc100chs.dll
    - 2011-10-09 17:35 . 2011-11-04 22:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2011-10-09 17:35 . 2011-11-26 01:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2011-11-25 12:59 . 2011-11-26 03:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112520111126\index.dat
    + 2011-11-24 13:48 . 2011-11-25 02:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112420111125\index.dat
    + 2011-11-24 01:09 . 2011-11-24 03:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112320111124\index.dat
    + 2011-04-02 22:49 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-02 22:49 . 2011-11-05 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-11-26 02:45 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 04:46 . 2011-10-22 11:12 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-04-02 22:49 . 2011-11-26 21:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-02 22:49 . 2011-11-05 01:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-02 22:49 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-02 22:49 . 2011-11-05 01:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-03 02:01 . 2011-11-05 01:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-03 02:01 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-03 02:01 . 2011-11-05 01:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-03 02:01 . 2011-11-26 21:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-21 17:43 . 2011-07-21 17:43 27648 c:\windows\Installer\2003d42.msp
    + 2011-01-24 22:16 . 2011-01-24 22:16 14336 c:\windows\Installer\1fc8065.msp
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}\ARPPRODUCTICON.exe
    + 2011-11-23 08:04 . 2011-11-23 08:04 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    - 2011-06-21 13:50 . 2011-06-21 13:50 75104 c:\windows\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
    - 2011-04-28 15:52 . 2011-04-28 15:52 10134 c:\windows\Installer\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{925D058B-564A-443A-B4B2-7E90C6432E55}\ARPPRODUCTICON.exe
    - 2011-04-05 04:44 . 2011-04-05 04:44 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
    + 2011-11-23 08:02 . 2011-11-23 08:02 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-03-28 05:21 . 2011-11-19 15:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2011-03-28 05:21 . 2011-03-28 05:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{8557397C-A42D-486F-97B3-A2CBC2372593}\ARPPRODUCTICON.exe
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}\ARPPRODUCTICON.exe
    + 2011-11-25 16:24 . 2011-11-25 16:24 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
    - 2011-04-28 15:53 . 2011-04-28 15:53 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    + 2011-11-25 16:23 . 2011-11-25 16:23 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
    - 2011-04-28 15:51 . 2011-04-28 15:51 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
    + 2010-10-20 20:43 . 2010-10-20 20:43 42880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDS.DLL
    + 2010-10-20 20:43 . 2010-10-20 20:43 46976 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDA.DLL
    + 2010-03-25 14:23 . 2010-03-25 14:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RECALL.DLL
    + 2010-02-28 06:22 . 2010-02-28 06:22 48504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBTRAP.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLRPC.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLACCT.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MLSHEXT.DLL
    + 2010-10-20 20:43 . 2010-10-20 20:43 18816 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTMAPI.DLL
    + 2010-10-20 20:43 . 2010-10-20 20:43 11648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTGMAT.DLL
    + 2010-03-23 01:29 . 2010-03-23 01:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\DLGSETP.DLL
    - 2011-08-20 17:24 . 2011-08-20 17:24 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-11-25 17:47 . 2011-11-25 17:47 2638 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0VJAH68\EpicPlaySetup[1].exe
    + 2011-11-25 17:47 . 2011-11-25 17:48 2638 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65A3IZY0\EpicPlaySetup[1].exe
    + 2011-11-25 23:34 . 2011-11-25 23:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF871EC4-17BD-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:27 . 2011-11-25 23:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBBEEB6C-17BC-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:55 . 2011-11-25 23:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5254EE3-17C0-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-26 01:12 . 2011-11-26 01:12 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6BC1672-17CB-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:53 . 2011-11-25 23:53 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAFFA91D-17C0-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:32 . 2011-11-25 23:32 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B7FF86A4-17BD-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:30 . 2011-11-25 23:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D34C4D3-17BD-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:37 . 2011-11-25 23:37 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73DCF1C7-17BE-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:00 . 2011-11-25 23:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{54E21C24-17B9-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:57 . 2011-11-25 23:57 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CB01B5F-17C1-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:35 . 2011-11-25 23:35 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39ECDBBA-17BE-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 23:28 . 2011-11-25 23:30 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{35ADF006-17BD-11E1-B0C6-BC773710FB34}.dat
    + 2011-11-25 22:59 . 2011-11-25 23:00 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16368F2A-17B9-11E1-B0C6-BC773710FB34}.dat
    - 2011-11-05 01:37 . 2011-11-05 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-26 21:52 . 2011-11-26 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-26 21:52 . 2011-11-26 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-11-05 01:37 . 2011-11-05 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-03-13 05:01 . 2010-03-13 05:01 9592 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLCALL32.DLL
    - 2011-04-03 00:34 . 2009-03-16 18:18 517448 c:\windows\SysWOW64\XAudio2_4.dll
    + 2011-11-11 17:02 . 2009-03-16 19:18 517448 c:\windows\SysWOW64\XAudio2_4.dll
    - 2011-04-03 00:34 . 2008-10-27 14:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
    + 2011-11-11 17:01 . 2008-10-27 15:04 514384 c:\windows\SysWOW64\XAudio2_3.dll
    - 2011-04-03 00:34 . 2008-07-31 14:40 509448 c:\windows\SysWOW64\XAudio2_2.dll
    + 2011-11-11 17:01 . 2008-07-31 15:40 509448 c:\windows\SysWOW64\XAudio2_2.dll
    - 2011-04-03 00:34 . 2008-05-30 18:19 507400 c:\windows\SysWOW64\XAudio2_1.dll
    + 2011-11-11 17:01 . 2008-05-30 19:19 507400 c:\windows\SysWOW64\XAudio2_1.dll
    + 2011-11-11 17:00 . 2008-03-05 21:03 479752 c:\windows\SysWOW64\XAudio2_0.dll
    - 2011-04-03 00:34 . 2008-03-05 20:03 479752 c:\windows\SysWOW64\XAudio2_0.dll
    - 2011-04-03 00:34 . 2009-09-04 21:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
    + 2011-11-11 17:02 . 2009-09-04 22:44 238936 c:\windows\SysWOW64\xactengine3_5.dll
    - 2011-04-03 00:34 . 2009-03-16 18:18 235352 c:\windows\SysWOW64\xactengine3_4.dll
    + 2011-11-11 17:02 . 2009-03-16 19:18 235352 c:\windows\SysWOW64\xactengine3_4.dll
    + 2011-11-11 17:01 . 2008-10-27 15:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
    - 2011-04-03 00:34 . 2008-10-27 14:04 235856 c:\windows\SysWOW64\xactengine3_3.dll
    - 2011-04-03 00:34 . 2008-07-31 14:41 238088 c:\windows\SysWOW64\xactengine3_2.dll
    + 2011-11-11 17:01 . 2008-07-31 15:41 238088 c:\windows\SysWOW64\xactengine3_2.dll
    + 2011-11-11 17:01 . 2008-05-30 19:18 238088 c:\windows\SysWOW64\xactengine3_1.dll
    - 2011-04-03 00:34 . 2008-05-30 18:18 238088 c:\windows\SysWOW64\xactengine3_1.dll
    + 2011-11-11 17:00 . 2008-03-05 21:03 238088 c:\windows\SysWOW64\xactengine3_0.dll
    - 2011-04-03 00:34 . 2008-03-05 20:03 238088 c:\windows\SysWOW64\xactengine3_0.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 716608 c:\windows\SysWOW64\nvumdshim.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 330560 c:\windows\SysWOW64\nvoptimusmft.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 203072 c:\windows\SysWOW64\nvinit.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 301888 c:\windows\SysWOW64\nvdecodemft.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\SysWOW64\msvcr100.dll
    - 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll
    + 2011-11-11 17:02 . 2009-09-04 22:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
    - 2011-04-03 00:34 . 2009-09-04 21:29 235344 c:\windows\SysWOW64\d3dx11_42.dll
    + 2011-11-11 17:01 . 2008-10-15 11:22 452440 c:\windows\SysWOW64\d3dx10_40.dll
    - 2011-04-08 21:58 . 2008-10-15 10:22 452440 c:\windows\SysWOW64\d3dx10_40.dll
    - 2011-04-03 00:34 . 2008-07-10 15:01 467984 c:\windows\SysWOW64\d3dx10_39.dll
    + 2011-11-11 17:01 . 2008-07-10 16:01 467984 c:\windows\SysWOW64\d3dx10_39.dll
    - 2011-04-03 00:34 . 2008-05-30 18:11 467984 c:\windows\SysWOW64\d3dx10_38.dll
    + 2011-11-11 17:01 . 2008-05-30 19:11 467984 c:\windows\SysWOW64\d3dx10_38.dll
    - 2011-04-03 00:34 . 2008-02-06 03:07 462864 c:\windows\SysWOW64\d3dx10_37.dll
    + 2011-11-11 17:00 . 2008-02-06 04:07 462864 c:\windows\SysWOW64\d3dx10_37.dll
    + 2011-11-24 01:09 . 2011-11-24 01:06 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011103120111107\index.dat
    + 2011-10-09 16:48 . 2011-11-26 21:38 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2011-10-09 16:48 . 2011-11-05 01:28 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2010-03-18 13:15 . 2010-03-18 13:15 138056 c:\windows\SysWOW64\atl100.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\SysWOW64\atl100.dll
    + 2009-07-14 05:01 . 2011-11-26 21:52 509804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-11-05 01:36 509804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-11-26 15:17 . 2010-11-26 15:17 532992 c:\windows\Installer\3217ae3.msi
    + 2010-11-26 16:19 . 2010-11-26 16:19 620032 c:\windows\Installer\3217ad3.msi
    + 2010-11-26 18:32 . 2010-11-26 18:32 510976 c:\windows\Installer\3217ac3.msi
    + 2010-11-26 18:32 . 2010-11-26 18:32 607744 c:\windows\Installer\3217abb.msi
    + 2010-11-26 15:45 . 2010-11-26 15:45 606208 c:\windows\Installer\3217aa3.msi
    + 2010-11-26 16:19 . 2010-11-26 16:19 725504 c:\windows\Installer\3217a93.msi
    + 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\2003d2d.msi
    + 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\2003d26.msi
    + 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\1fc8212.msp
    + 2011-03-17 23:19 . 2011-03-17 23:19 304128 c:\windows\Installer\1fc81fb.msp
    + 2010-07-22 07:43 . 2010-07-22 07:43 257024 c:\windows\Installer\1fc8180.msp
    + 2010-07-22 23:28 . 2010-07-22 23:28 287232 c:\windows\Installer\1fc813f.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\1fc80d1.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\1fc805d.msp
    + 2011-08-22 04:19 . 2011-08-22 04:19 133120 c:\windows\Installer\1fc7fec.msp
    + 2011-02-20 04:08 . 2011-02-20 04:08 163840 c:\windows\Installer\1ba09b.msi
    - 2011-08-07 19:08 . 2011-08-07 19:08 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2011-11-23 08:03 . 2011-11-23 08:03 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2011-11-17 01:58 . 2011-11-17 01:58 353118 c:\windows\Installer\{54E7C786-9DFC-437F-B79F-3EE6CECBEDCE}\_FD2A52CEF57BB0DDBD545B.exe
    + 2011-11-17 01:58 . 2011-11-17 01:58 353118 c:\windows\Installer\{54E7C786-9DFC-437F-B79F-3EE6CECBEDCE}\_B4192C41809B4D64202916.exe
    + 2010-02-28 06:33 . 2010-02-28 06:33 821664 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHSVC.EXE
    + 2010-02-28 06:33 . 2010-02-28 06:33 379808 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHBS.EXE
    + 2010-02-28 06:18 . 2010-02-28 06:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\TRANSMGR.DLL
    + 2010-03-23 01:29 . 2010-03-23 01:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST64.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST32.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RTFHTML.DLL
    + 2010-03-01 08:56 . 2010-03-01 08:56 604024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBCONV.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 308584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PSTPRX32.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLPH.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLMIME.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLCTL.DLL
    + 2010-02-28 08:41 . 2010-02-28 08:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
    + 2010-02-28 08:41 . 2010-02-28 08:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
    + 2010-03-30 00:26 . 2010-03-30 00:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
    + 2010-03-30 00:26 . 2010-03-30 00:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
    + 2010-02-28 08:41 . 2010-02-28 08:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
    + 2010-02-28 08:41 . 2010-02-28 08:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
    + 2010-03-01 09:19 . 2010-03-01 09:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
    + 2010-03-01 08:53 . 2010-03-01 08:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSXP32.DLL
    + 2010-03-01 08:53 . 2010-03-01 08:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSMAIN.DLL
    + 2010-03-16 06:58 . 2010-03-16 06:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOUC.EXE
    + 2010-03-16 06:58 . 2010-03-16 06:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
    + 2010-01-10 01:50 . 2010-01-10 01:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSCONV97.DLL
    + 2010-03-01 08:56 . 2010-03-01 08:56 457104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MORPH9.DLL
    + 2010-03-23 01:29 . 2010-03-23 01:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MIMEDIR.DLL
    + 2010-03-23 01:29 . 2010-03-23 01:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MAPIPH.DLL
    + 2010-03-23 01:30 . 2010-03-23 01:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IMPMAIL.DLL
    + 2010-02-28 08:41 . 2010-02-28 08:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
    + 2010-03-23 01:30 . 2010-03-23 01:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ENVELOPE.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CONTAB32.DLL
    + 2010-02-28 06:19 . 2010-02-28 06:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CLVIEW.EXE
    + 2011-11-26 01:20 . 2011-11-26 19:27 223744 c:\windows\assembly\temp\kwrd.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2010-09-14 10:45 . 2010-09-14 10:45 1119592 c:\windows\SysWOW64\sftldr_wow64.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 7041856 c:\windows\SysWOW64\nvwgf2um.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 2401088 c:\windows\SysWOW64\nvcuvid.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 2099520 c:\windows\SysWOW64\nvcuvenc.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 5578560 c:\windows\SysWOW64\nvcuda.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 2458432 c:\windows\SysWOW64\nvapi.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\SysWOW64\mfc100u.dll
    + 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\SysWOW64\mfc100.dll
    - 2011-04-03 00:34 . 2009-09-04 21:29 1892184 c:\windows\SysWOW64\D3DX9_42.dll
    + 2011-11-11 17:02 . 2009-09-04 22:29 1892184 c:\windows\SysWOW64\D3DX9_42.dll
    - 2011-04-03 00:34 . 2009-03-09 19:27 4178264 c:\windows\SysWOW64\D3DX9_41.dll
    + 2011-11-11 17:02 . 2009-03-09 20:27 4178264 c:\windows\SysWOW64\D3DX9_41.dll
    + 2011-11-11 17:01 . 2008-10-15 11:22 4379984 c:\windows\SysWOW64\D3DX9_40.dll
    - 2011-04-08 21:58 . 2008-10-15 10:22 4379984 c:\windows\SysWOW64\D3DX9_40.dll
    + 2011-11-11 17:01 . 2008-07-10 16:00 3851784 c:\windows\SysWOW64\D3DX9_39.dll
    - 2011-04-03 00:34 . 2008-07-10 15:00 3851784 c:\windows\SysWOW64\D3DX9_39.dll
    + 2011-11-11 17:00 . 2008-05-30 19:11 3850760 c:\windows\SysWOW64\D3DX9_38.dll
    - 2011-04-03 00:34 . 2008-05-30 18:11 3850760 c:\windows\SysWOW64\D3DX9_38.dll
    + 2011-11-11 17:00 . 2008-03-05 20:56 3786760 c:\windows\SysWOW64\D3DX9_37.dll
    - 2011-04-03 00:34 . 2008-03-05 19:56 3786760 c:\windows\SysWOW64\D3DX9_37.dll
    + 2011-11-11 17:02 . 2009-09-04 22:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
    - 2011-04-03 00:34 . 2009-09-04 21:29 5501792 c:\windows\SysWOW64\d3dcsx_42.dll
    - 2011-04-03 00:34 . 2009-09-04 21:29 1974616 c:\windows\SysWOW64\D3DCompiler_42.dll
    + 2011-11-11 17:02 . 2009-09-04 22:29 1974616 c:\windows\SysWOW64\D3DCompiler_42.dll
    - 2011-04-08 21:58 . 2008-10-15 10:22 2036576 c:\windows\SysWOW64\D3DCompiler_40.dll
    + 2011-11-11 17:01 . 2008-10-15 11:22 2036576 c:\windows\SysWOW64\D3DCompiler_40.dll
    + 2011-11-11 17:01 . 2008-07-10 16:00 1493528 c:\windows\SysWOW64\D3DCompiler_39.dll
    - 2011-04-03 00:34 . 2008-07-10 15:00 1493528 c:\windows\SysWOW64\D3DCompiler_39.dll
    - 2011-04-03 00:34 . 2008-05-30 18:11 1491992 c:\windows\SysWOW64\D3DCompiler_38.dll
    + 2011-11-11 17:01 . 2008-05-30 19:11 1491992 c:\windows\SysWOW64\D3DCompiler_38.dll
    + 2011-11-11 17:00 . 2008-03-05 20:56 1420824 c:\windows\SysWOW64\D3DCompiler_37.dll
    - 2011-04-03 00:34 . 2008-03-05 19:56 1420824 c:\windows\SysWOW64\D3DCompiler_37.dll
    + 2009-07-14 04:54 . 2011-11-26 21:53 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-26 21:53 8011776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-05 01:39 8011776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-26 21:53 6307840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-05 01:39 6307840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:45 . 2011-11-23 08:23 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2011-10-16 02:15 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-04-03 00:13 . 2011-11-26 21:52 4485084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8645341-3787877179-1305212307-1001-8192.dat
    + 2008-09-15 18:41 . 2008-09-15 18:41 3025920 c:\windows\Installer\5009efa.msi
    + 2010-11-26 19:34 . 2010-11-26 19:34 9998336 c:\windows\Installer\3217aeb.msi
    + 2010-11-26 18:44 . 2010-11-26 18:44 3123200 c:\windows\Installer\3217adb.msi
    + 2010-11-26 14:04 . 2010-11-26 14:04 1911808 c:\windows\Installer\3217acb.msi
    + 2010-11-26 16:44 . 2010-11-26 16:44 1528320 c:\windows\Installer\3217ab3.msi
    + 2010-11-26 18:44 . 2010-11-26 18:44 3670016 c:\windows\Installer\3217a9b.msi
    + 2010-11-26 16:43 . 2010-11-26 16:43 1997312 c:\windows\Installer\3217a8b.msi
    + 2010-11-26 18:32 . 2010-11-26 18:32 2211328 c:\windows\Installer\3217a83.msi
    + 2011-03-18 00:20 . 2011-03-18 00:20 1961984 c:\windows\Installer\2003d0f.msp
    + 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\1fc822b.msp
    + 2011-10-22 20:21 . 2011-10-22 20:21 3463168 c:\windows\Installer\1fc81f3.msp
    + 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\1fc81a2.msp
    + 2011-03-08 18:36 . 2011-03-08 18:36 5902336 c:\windows\Installer\1fc8189.msp
    + 2011-10-27 03:45 . 2011-10-27 03:45 9177600 c:\windows\Installer\1fc8159.msp
    + 2011-07-21 17:45 . 2011-07-21 17:45 3809792 c:\windows\Installer\1fc8107.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\1fc80db.msp
    + 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\1fc8081.msp
    + 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\1fc802d.msi
    + 2011-08-22 04:18 . 2011-08-22 04:18 1585152 c:\windows\Installer\1fc7fe4.msp
    + 2011-08-07 19:13 . 2011-11-23 08:05 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-08-07 19:13 . 2011-11-23 08:05 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2011-08-07 19:13 . 2011-08-07 19:13 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-03-01 09:20 . 2010-03-01 09:20 2102656 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
    + 2010-02-28 06:33 . 2010-02-28 06:33 3207072 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.EXE
    + 2010-02-28 06:33 . 2010-02-28 06:33 4817336 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.DLL
    + 2010-03-25 00:28 . 2010-03-25 00:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLICONS.EXE
    + 2010-03-27 12:45 . 2010-03-27 12:45 5460312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WRD12CNV.DLL
    + 2010-03-25 00:28 . 2010-03-25 00:28 1858400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WORDICON.EXE
    + 2010-03-27 12:38 . 2010-03-27 12:38 1422168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WINWORD.EXE
    + 2010-03-25 14:23 . 2010-03-25 14:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
    + 2010-03-25 00:28 . 2010-03-25 00:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPTICO.EXE
    + 2010-03-09 13:57 . 2010-03-09 13:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPCORE.DLL
    + 2009-07-23 14:01 . 2009-07-23 14:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT
    + 2010-03-30 12:29 . 2010-03-30 12:29 9182056 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONMAIN.DLL
    + 2010-03-30 12:29 . 2010-03-30 12:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTE.EXE
    + 2010-03-23 14:57 . 2010-03-23 14:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OLMAPI32.DLL
    + 2010-03-01 09:20 . 2010-03-01 09:20 2323840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKWORD.DLL
    + 2010-03-01 09:20 . 2010-03-01 09:20 2102656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
    + 2010-03-01 09:20 . 2010-03-01 09:20 3355008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKEXCEL.DLL
    + 2011-11-11 17:12 . 2011-11-11 17:12 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-11 17:12 . 2011-11-11 17:12 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-08-20 17:24 . 2011-08-20 17:24 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 18871616 c:\windows\SysWOW64\nvoglv32.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 13205312 c:\windows\SysWOW64\nvd3dum.dll
    + 2011-11-12 21:42 . 2011-10-15 08:53 17248576 c:\windows\SysWOW64\nvcompiler.dll
    + 2011-07-04 02:04 . 2011-07-04 02:04 26916352 c:\windows\Installer\37131.msi
    + 2010-11-26 18:21 . 2010-11-26 18:21 12719104 c:\windows\Installer\3217aab.msi
    + 2010-08-13 19:08 . 2010-08-13 19:08 41272320 c:\windows\Installer\1fc81dc.msp
    + 2011-07-21 17:36 . 2011-07-21 17:36 66808320 c:\windows\Installer\1fc81c2.msp
    + 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\1fc8120.msp
    + 2010-11-11 17:52 . 2010-11-11 17:52 13486592 c:\windows\Installer\1fc80c8.msp
    + 2011-08-22 04:14 . 2011-08-22 04:14 20647936 c:\windows\Installer\1fc80b1.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\1fc804d.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\1fc8003.msp
    + 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\1fc7fcc.msp
    + 2011-03-08 18:33 . 2011-03-08 18:33 54645248 c:\windows\Installer\1fc7f9b.msp
    + 2011-11-19 15:23 . 2011-11-19 15:23 20333568 c:\windows\Installer\122ead77.msp
    + 2010-03-13 19:08 . 2010-03-13 19:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\OART.DLL
    + 2010-03-23 00:36 . 2010-03-23 00:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004159FA0090400000000000F01FEC\14.0.4763\MSORES.DLL
    + 2010-03-13 04:50 . 2010-03-13 04:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XL12CNV.EXE
    + 2010-03-27 12:38 . 2010-03-27 12:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WWLIB.DLL
    + 2010-03-23 14:57 . 2010-03-23 14:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLOOK.EXE
    + 2010-03-13 04:05 . 2010-03-13 04:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL
    + 2010-03-13 19:08 . 2010-03-13 19:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
    + 2010-03-01 08:56 . 2010-03-01 08:56 10272104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPUB.EXE
    + 2010-03-23 00:36 . 2010-03-23 00:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSORES.DLL
    + 2010-03-25 14:25 . 2010-03-25 14:25 30969208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GROOVE.EXE
    + 2010-03-13 18:53 . 2010-03-13 18:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXCEL.EXE
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
  6. 2011-11-26, 23:04 #6
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default

    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
    R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-08-21 19952]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys [2008-07-27 14544]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-26 c:\windows\Tasks\At10.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At12.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At14.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At16.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At18.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At2.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At20.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At22.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At24.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At26.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At28.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At30.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At32.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At34.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-25 c:\windows\Tasks\At36.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-25 c:\windows\Tasks\At38.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At4.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At40.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At42.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At44.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At46.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At48.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At6.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\At8.job
    - c:\windows\system32\g0Qol0.com [2011-11-26 22:13]
    .
    2011-11-26 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS.exe [2011-08-07 19:05]
    .
    2011-11-26 c:\windows\Tasks\AutoKMSDaily.job
    - c:\windows\AutoKMS.exe [2011-08-07 19:05]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001Core.job
    - c:\users\Cuda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 17:57]
    .
    2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001UA.job
    - c:\users\Cuda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-12 17:57]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "combofix"="c:\combofix\CF19160.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://iknowsearch.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.iknowsearch.net/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-01220171.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-26 16:58:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-26 21:58
    ComboFix2.txt 2011-11-06 17:50
    ComboFix3.txt 2011-11-05 19:59
    ComboFix4.txt 2011-11-05 01:43
    .
    Pre-Run: 60,613,726,208 bytes free
    Post-Run: 60,602,261,504 bytes free
    .
    - - End Of File - - 0C678F7418F264E6EEE261E7DA432A8C
  7. 2011-11-26, 23:05 #7
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default

    Oh - and the goodfix log:


    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 16:45 on 26/11/2011 (Cuda)
    Firefox version 8.0 (en-US)

    ========== GooredScan ==========

    (none)

    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [02:12 05/11/2011]

    C:\Users\Cuda\Application Data\Mozilla\Firefox\Profiles\ldkaumgk.default\extensions\
    (none)

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    (none)

    -=E.O.F=-
  8. 2011-11-26, 23:16 #8
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    You have a very long and complicated Combofix log, I need to look it over very close, I will be away until tomorrow morning so in the meantime lets do this.


    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2011-11-26, 23:30 #9
    Cuda1337
    Cuda1337 is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    14

    Default

    TDSKiller found nothing.

    Here is the OTL.txt

    OTL logfile created on: 11/26/2011 5:24:50 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cuda\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.20% Memory free
    11.83 Gb Paging File | 10.37 Gb Available in Paging File | 87.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.42 Gb Total Space | 56.29 Gb Free Space | 9.68% Space Free | Partition Type: NTFS
    Drive D: | 192.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: CUDA-PC | User Name: Cuda | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Cuda\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
    SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
    SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
    DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
    DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
    DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
    DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
    DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
    DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (WinRing0_1_2_0) -- C:\Users\Cuda\Downloads\ThrottleStop_330\ThrottleStop_330\WinRing0x64.sys (OpenLibSys.org)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://iknowsearch.net
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 09:59:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/30 22:16:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011/04/02 17:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cuda\AppData\Roaming\Mozilla\Extensions
    [2011/09/17 17:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cuda\AppData\Roaming\Mozilla\Firefox\Profiles\ldkaumgk.default\extensions
    [2011/11/11 09:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/11 09:59:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 09:59:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cuda\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Cuda\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: James White = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
    CHR - Extension: Alexa Traffic Rank = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
    CHR - Extension: AdBlock = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\
    CHR - Extension: TweetDeck = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8.2_0\
    CHR - Extension: Flixster = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
    CHR - Extension: HootSuite = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.243_0\
    CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.4.3_0\
    CHR - Extension: Reddit Pictures /pics.fefoo/ = C:\Users\Cuda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pafcjefdljlmkjchkghlekjhpiaccpbp\1.2_0\

    O1 HOSTS File: ([2011/11/26 16:53:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D3382E0-DBD8-46D4-A614-67C593A25B99}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9E27C6B-587B-40A8-845B-760F11C1DBCE}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/07 15:08:54 | 000,000,054 | ---- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/26 17:21:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cuda\Desktop\OTL.exe
    [2011/11/26 16:58:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/26 16:53:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/26 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\Cuda\Desktop\GooredFix Backups
    [2011/11/26 16:43:12 | 004,309,325 | R--- | C] (Swearware) -- C:\Users\Cuda\Desktop\ComboFix.exe
    [2011/11/26 16:42:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Cuda\Desktop\GooredFix.exe
    [2011/11/26 14:22:24 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Cuda\Desktop\aswMBR.exe
    [2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter
    [2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter
    [2011/11/25 20:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NET Traffic Meter
    [2011/11/25 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Roaming\PhotoScape
    [2011/11/25 12:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
    [2011/11/25 12:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
    [2011/11/24 12:34:33 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Microsoft Games
    [2011/11/16 20:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trident Web Solutions, Inc
    [2011/11/15 20:23:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/11/12 16:42:00 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2011/11/12 16:42:00 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2011/11/12 16:42:00 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2011/11/12 16:42:00 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2011/11/12 16:42:00 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
    [2011/11/12 16:42:00 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
    [2011/11/12 16:42:00 | 008,791,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
    [2011/11/12 16:42:00 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2011/11/12 16:42:00 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2011/11/12 16:42:00 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2011/11/12 16:42:00 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2011/11/12 16:42:00 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
    [2011/11/12 16:42:00 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2011/11/12 16:42:00 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2011/11/12 16:42:00 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2011/11/12 16:42:00 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
    [2011/11/12 16:42:00 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
    [2011/11/12 16:42:00 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll
    [2011/11/12 16:42:00 | 000,716,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
    [2011/11/12 16:42:00 | 000,371,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
    [2011/11/12 16:42:00 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
    [2011/11/12 16:42:00 | 000,330,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoptimusmft.dll
    [2011/11/12 16:42:00 | 000,301,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
    [2011/11/12 16:42:00 | 000,249,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys
    [2011/11/12 16:42:00 | 000,241,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
    [2011/11/12 16:42:00 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
    [2011/11/12 16:42:00 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
    [2011/11/12 16:42:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/11/12 16:42:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/11/12 16:42:00 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
    [2011/11/12 16:42:00 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
    [2011/11/11 12:19:47 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Skyrim
    [2011/11/11 12:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
    [2011/11/11 12:03:01 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
    [2011/11/11 12:03:01 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
    [2011/11/11 12:03:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
    [2011/11/11 12:03:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
    [2011/11/11 12:03:01 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
    [2011/11/11 12:03:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
    [2011/11/11 12:03:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
    [2011/11/11 12:03:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
    [2011/11/11 12:02:57 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
    [2011/11/11 12:02:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
    [2011/11/11 12:02:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
    [2011/11/11 12:02:50 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
    [2011/11/11 12:02:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
    [2011/11/11 12:02:40 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
    [2011/11/11 12:02:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
    [2011/11/11 12:02:33 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
    [2011/11/11 12:02:33 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
    [2011/11/11 12:02:29 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
    [2011/11/11 12:02:29 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
    [2011/11/11 12:02:21 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
    [2011/11/11 12:02:21 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
    [2011/11/11 12:02:11 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
    [2011/11/11 12:02:11 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
    [2011/11/11 12:02:07 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
    [2011/11/11 12:02:07 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
    [2011/11/11 12:02:07 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
    [2011/11/11 12:02:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
    [2011/11/11 12:02:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
    [2011/11/11 12:02:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
    [2011/11/11 12:02:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
    [2011/11/11 12:01:55 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
    [2011/11/11 12:01:55 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
    [2011/11/11 12:01:55 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
    [2011/11/11 12:01:55 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
    [2011/11/11 12:01:46 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
    [2011/11/11 12:01:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
    [2011/11/11 12:01:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
    [2011/11/11 12:01:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
    [2011/11/11 12:01:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
    [2011/11/11 12:01:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
    [2011/11/11 12:01:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
    [2011/11/11 12:01:40 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
    [2011/11/11 12:01:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
    [2011/11/11 12:01:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
    [2011/11/11 12:01:33 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
    [2011/11/11 12:01:33 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
    [2011/11/11 12:01:33 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
    [2011/11/11 12:01:33 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
    [2011/11/11 12:01:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
    [2011/11/11 12:01:30 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
    [2011/11/11 12:01:27 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
    [2011/11/11 12:01:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
    [2011/11/11 12:01:27 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
    [2011/11/11 12:01:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
    [2011/11/11 12:01:19 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
    [2011/11/11 12:01:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
    [2011/11/11 12:01:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
    [2011/11/11 12:01:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
    [2011/11/11 12:01:11 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
    [2011/11/11 12:01:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
    [2011/11/11 12:01:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
    [2011/11/11 12:01:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
    [2011/11/11 12:01:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
    [2011/11/11 12:01:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
    [2011/11/11 12:01:01 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
    [2011/11/11 12:01:01 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
    [2011/11/11 12:01:01 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
    [2011/11/11 12:01:01 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
    [2011/11/11 12:00:51 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
    [2011/11/11 12:00:51 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
    [2011/11/11 12:00:47 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
    [2011/11/11 12:00:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
    [2011/11/11 12:00:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
    [2011/11/11 12:00:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
    [2011/11/11 12:00:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
    [2011/11/11 12:00:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
    [2011/11/11 12:00:38 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
    [2011/11/11 12:00:38 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
    [2011/11/11 12:00:38 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
    [2011/11/11 12:00:38 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
    [2011/11/11 12:00:31 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
    [2011/11/11 12:00:31 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
    [2011/11/11 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
    [2011/11/04 20:54:25 | 000,000,000 | ---D | C] -- C:\Users\Cuda\AppData\Local\Adobe
    [2011/11/04 20:27:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/04 20:27:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/04 20:27:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/04 20:27:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/04 20:27:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/03 20:42:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/10/30 18:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
    [2011/10/30 18:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2 C:\Users\Cuda\Desktop\*.tmp files -> C:\Users\Cuda\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/26 17:21:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cuda\Desktop\OTL.exe
    [2011/11/26 17:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
    [2011/11/26 17:07:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 17:07:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 17:04:27 | 000,784,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/26 17:04:27 | 000,663,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/26 17:04:27 | 000,122,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/26 17:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001UA.job
    [2011/11/26 17:00:38 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2011/11/26 17:00:37 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
    [2011/11/26 17:00:32 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2011/11/26 16:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/26 16:59:36 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/26 16:53:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/26 16:43:24 | 004,309,325 | R--- | M] (Swearware) -- C:\Users\Cuda\Desktop\ComboFix.exe
    [2011/11/26 16:42:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Cuda\Desktop\GooredFix.exe
    [2011/11/26 16:38:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8645341-3787877179-1305212307-1001Core.job
    [2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
    [2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
    [2011/11/26 14:46:50 | 000,000,512 | ---- | M] () -- C:\Users\Cuda\Desktop\MBR.dat
    [2011/11/26 14:27:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
    [2011/11/26 14:27:48 | 755,290,210 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/26 14:22:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Cuda\Desktop\aswMBR.exe
    [2011/11/26 14:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
    [2011/11/26 09:33:50 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
    [2011/11/25 23:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
    [2011/11/25 22:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
    [2011/11/25 21:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
    [2011/11/25 21:09:21 | 000,003,036 | ---- | M] () -- C:\Users\Cuda\Desktop\Attach.zip
    [2011/11/25 20:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
    [2011/11/25 19:59:53 | 000,001,243 | ---- | M] () -- C:\Users\Cuda\Desktop\Install Bandwidth Monitor Pro.lnk
    [2011/11/25 19:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
    [2011/11/25 18:25:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
    [2011/11/25 17:16:41 | 000,000,112 | ---- | M] () -- C:\ProgramData\2jHiLI.dat
    [2011/11/25 17:14:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com.b
    [2011/11/25 17:13:53 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\g0Qol0.com
    [2011/11/24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cuda\Desktop\TDSSKiller.exe
    [2011/11/23 18:50:17 | 000,001,211 | ---- | M] () -- C:\Users\Cuda\AppData\Roaming\ahst.lni
    [2011/11/23 14:07:39 | 000,000,132 | ---- | M] () -- C:\Users\Cuda\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2011/11/23 03:02:57 | 000,800,940 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/13 03:17:24 | 005,023,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/10/30 18:48:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2 C:\Users\Cuda\Desktop\*.tmp files -> C:\Users\Cuda\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/26 14:46:50 | 000,000,512 | ---- | C] () -- C:\Users\Cuda\Desktop\MBR.dat
    [2011/11/25 21:09:21 | 000,003,036 | ---- | C] () -- C:\Users\Cuda\Desktop\Attach.zip
    [2011/11/25 20:21:59 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2011/11/25 20:10:16 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com
    [2011/11/25 19:59:53 | 000,001,243 | ---- | C] () -- C:\Users\Cuda\Desktop\Install Bandwidth Monitor Pro.lnk
    [2011/11/25 17:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\g0Qol0.com.b
    [2011/11/25 17:11:19 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
    [2011/11/25 17:11:19 | 000,000,112 | ---- | C] () -- C:\ProgramData\2jHiLI.dat
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
    [2011/11/25 17:11:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
    [2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
    [2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
    [2011/11/25 17:11:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
    [2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
    [2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
    [2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
    [2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
    [2011/11/25 17:11:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
    [2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
    [2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
    [2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
    [2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
    [2011/11/25 17:11:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
    [2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
    [2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
    [2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
    [2011/11/25 17:11:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
    [2011/11/23 18:49:56 | 000,001,211 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\ahst.lni
    [2011/11/23 14:07:39 | 000,000,132 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2011/11/16 20:58:16 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iKnow Image Crop 1.6.3.lnk
    [2011/11/04 21:12:35 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/04 20:27:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/04 20:27:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/04 20:27:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/04 20:27:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/04 20:27:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/30 18:48:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2011/08/10 20:20:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/08/07 14:05:21 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
    [2011/08/07 14:05:21 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2011/06/14 20:36:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/04/12 17:26:28 | 000,003,584 | ---- | C] () -- C:\Users\Cuda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/04 23:44:45 | 000,800,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/02 21:37:37 | 000,000,565 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\myMPQ.ini
    [2011/03/29 02:09:14 | 000,000,120 | ---- | C] () -- C:\Users\Cuda\AppData\Roaming\4c223628.dat
    [2011/03/28 02:24:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/03/28 02:24:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/28 02:24:10 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/03/28 02:24:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2010/04/20 19:21:16 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/04/02 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\App Launcher Gadget
    [2011/07/04 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\avidemux
    [2011/04/02 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\DAEMON Tools Lite
    [2011/08/30 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Executor
    [2011/09/12 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Leadertech
    [2011/04/26 08:43:42 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Mimo
    [2011/05/31 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Personal Video Database
    [2011/11/25 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\PhotoScape
    [2011/05/30 18:31:59 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\PMS
    [2011/11/15 20:12:43 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Rainmeter
    [2011/08/16 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\SoftGrid Client
    [2011/07/19 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Sports Interactive
    [2011/11/25 20:19:18 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Spotify
    [2011/02/15 15:27:57 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\System
    [2011/08/20 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\SystemRequirementsLab
    [2011/04/11 07:56:50 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\The Creative Assembly
    [2011/08/30 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Thunderbird
    [2011/04/04 23:45:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\TP
    [2011/05/03 08:47:51 | 000,000,000 | -HSD | M] -- C:\Users\Cuda\AppData\Roaming\wyUpdate AU
    [2011/07/05 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Cuda\AppData\Roaming\Xilisoft
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
    [2011/11/26 09:33:50 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
    [2011/11/26 14:15:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
    [2011/11/26 14:27:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
    [2011/11/26 14:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
    [2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
    [2011/11/26 16:38:05 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
    [2011/11/26 17:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
    [2011/11/25 18:25:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
    [2011/11/25 19:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
    [2011/11/25 20:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
    [2011/11/25 21:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
    [2011/11/25 22:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
    [2011/11/25 23:17:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
    [2011/11/26 09:33:51 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
    [2011/11/26 17:00:38 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
    [2011/11/26 17:00:37 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
    [2011/08/04 08:48:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 108 bytes -> C:\Windows:

    < End of report >



    Didn't have an extras.txt
  10. 2011-11-26, 23:46 #10
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did you set this as your homepage, can you tell me what it is, I am kind of leary going into a site I know nothing about

    FF - prefs.js..browser.startup.homepage: "http://www.iknowsearch.net/"
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules