Safesurf and surfguard infection..with dds. :)

T

tokebuddude

New member
DDS (Ver_10-03-17.01) - NTFSX64
Run by John at 2:20:16.64 on Thu 09/30/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.3722 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\John\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Razer\Naga\NagaTray.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\drivers\safesurf.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\mif5ba~1\office14\URLREDIR.DLL
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [RemoteControl10] "c:\program files (x86)\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [Razer Naga Driver] c:\program files (x86)\razer\naga\NagaTray.exe
mRun: [Lycosa] "c:\program files (x86)\razer\lycosa\razerhid.exe"
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [IME14 CHT Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] c:\progra~2\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [Windows LSASS Service] c:\program files (x86)\dao\svchost.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [jsafesurf] c:\windows\syswow64\drivers\safesurf.exe
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\john\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files (x86)\trillian\trillian.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\mif5ba~1\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun-x64: [IME14 CHT Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun-x64: [IME14 JPN Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun-x64: [IME14 KOR Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun-x64: [IME14 CHS Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-29 69152]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-8-31 1477728]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/29 18:05:37];c:\program files (x86)\cyberlink\powerdvd10\navfilter\000.fcl [2010-4-2 146928]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-8-31 2480048]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-8-31 252512]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-8-29 20352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\drivers\RzSynapse.sys [2010-4-21 73216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-30 1153368]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-9-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-9-17 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\dragon age\bin_ship\daupdatersvc.service.exe [2010-9-28 25832]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-8-29 19544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-29 31800]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-30 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-09-30 06:13:33 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-30 06:13:33 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-29 15:54:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-29 15:39:04 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-29 15:17:22 0 d-----w- c:\programdata\Lavasoft
2010-09-29 15:17:22 0 d-----w- c:\program files (x86)\Lavasoft
2010-09-29 15:08:41 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-29 14:52:19 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-29 14:03:52 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 13:40:35 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-29 13:40:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 04:34:05 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-09-29 04:31:05 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2010-09-29 04:31:05 0 d-----w- c:\program files (x86)\common files\Merge Modules
2010-09-29 04:29:54 0 d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-09-29 04:29:52 0 d-----w- c:\program files\Microsoft Help Viewer
2010-09-28 22:34:08 0 d-----w- c:\users\john\appdata\roaming\Crayon Physics Deluxe
2010-09-28 22:33:05 0 d-----w- c:\windows\syswow64\system32
2010-09-26 23:15:38 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-26 23:15:38 206848 ----a-w- c:\windows\system32\mfps.dll
2010-09-26 23:15:38 196608 ----a-w- c:\windows\syswow64\mfreadwrite.dll
2010-09-26 23:15:38 1619456 ----a-w- c:\windows\syswow64\WMVDECOD.DLL
2010-09-26 23:15:37 4068864 ----a-w- c:\windows\system32\mf.dll
2010-09-26 23:15:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-09-26 23:15:36 3181568 ----a-w- c:\windows\syswow64\mf.dll
2010-09-26 23:13:27 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-09-26 23:13:26 1495040 ----a-w- c:\windows\syswow64\ExplorerFrame.dll
2010-09-26 23:12:49 0 d-----w- c:\program files (x86)\Feedback Tool
2010-09-26 22:57:04 0 d-----w- c:\program files (x86)\SystemRequirementsLab
2010-09-26 14:28:04 0 d-----w- c:\program files\iPod
2010-09-26 14:28:00 0 d-----w- c:\program files\iTunes
2010-09-26 14:28:00 0 d-----w- c:\program files (x86)\iTunes
2010-09-26 14:26:27 0 d-----w- c:\program files\Bonjour
2010-09-26 14:26:27 0 d-----w- c:\program files (x86)\Bonjour
2010-09-25 06:31:44 0 d-----w- c:\program files (x86)\Sid Meier's Civilization V
2010-09-24 13:32:22 0 d-----w- c:\program files (x86)\1C Company
2010-09-24 13:26:55 0 d-----w- c:\users\john\appdata\roaming\Ubisoft
2010-09-24 09:03:28 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-09-24 09:03:28 1080 ----a-w- c:\windows\system32\settings.sfm
2010-09-23 04:13:59 0 d-----w- c:\program files (x86)\PopCap Games
2010-09-23 03:44:58 0 d-----w- c:\programdata\PopCap Games
2010-09-22 03:57:27 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-09-21 00:04:36 390 ----a-w- c:\windows\syswow64\tversity.cookies
2010-09-20 14:13:03 0 d-----w- c:\programdata\LightScribe
2010-09-20 14:05:11 0 d-----w- c:\programdata\Nero
2010-09-20 14:04:22 0 d-----w- c:\program files (x86)\Nero
2010-09-19 14:12:22 0 d-----w- c:\programdata\BioWare
2010-09-19 05:37:46 0 d-----w- c:\windows\syswow64\URTTEMP
2010-09-19 05:36:48 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-09-19 05:36:47 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-09-19 05:36:45 669184 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-09-18 18:35:31 0 d-----w- c:\users\john\appdata\roaming\SquareLogic
2010-09-17 21:44:43 53248 ------w- c:\windows\Ctregrun.exe
2010-09-17 21:43:53 0 d-----w- c:\programdata\Creative Labs
2010-09-17 21:37:37 0 d-----w- c:\program files\Creative
2010-09-17 21:37:09 0 d-----w- c:\program files (x86)\common files\Creative
2010-09-17 21:37:05 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-09-17 21:18:05 36016 ----a-w- c:\windows\system32\BMXState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
2010-09-17 21:18:05 32088 ----a-w- c:\windows\system32\BMXCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
2010-09-17 21:18:05 32088 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
2010-09-17 21:18:05 11564 ----a-w- c:\windows\system32\DVCState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
2010-09-17 21:17:47 4931577 ----a-w- c:\windows\{00000009-00000000-00000001-00001102-00000004-20021102}.BAK
2010-09-17 21:16:35 4931577 ----a-w- c:\windows\{00000009-00000000-00000001-00001102-00000004-20021102}.CDF
2010-09-17 21:16:07 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-09-17 21:15:00 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2010-09-17 21:15:00 73728 ----a-w- c:\windows\syswow64\CmdRtr.DLL
2010-09-17 21:15:00 190976 ----a-w- c:\windows\system32\APOMgr64.DLL
2010-09-17 21:15:00 159 ---ha-r- c:\windows\ctfile.rfc
2010-09-17 21:15:00 148480 ----a-w- c:\windows\syswow64\APOMngr.DLL
2010-09-17 21:12:43 10240 ----a-w- c:\windows\system32\CTDCRES.DLL
2010-09-17 20:41:17 0 d-----w- c:\programdata\Creative
2010-09-17 20:39:35 36016 ----a-w- c:\windows\system32\BMXStateBkp-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
2010-09-17 20:38:56 4174814 ------w- c:\windows\syswow64\CT4MGM.SF2
2010-09-17 20:38:56 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-09-17 20:38:54 0 d-----w- c:\windows\syswow64\Defaults
2010-09-17 20:37:47 7062 ----a-w- c:\windows\syswow64\audiopid.vxd
2010-09-17 20:36:32 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-17 20:36:32 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-17 20:36:31 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-09-17 20:36:31 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-09-17 20:36:31 0 d-----w- c:\program files (x86)\OpenAL
2010-09-17 20:34:54 12288 ----a-w- c:\windows\system32\INRES.DLL
2010-09-17 20:34:54 0 d-----w- c:\windows\syswow64\Data
2010-09-17 20:34:54 0 d-----w- c:\windows\system32\Data
2010-09-17 20:34:52 0 d-----w- c:\program files (x86)\Creative
2010-09-17 02:54:10 0 d-----w- c:\windows\Google Earth Pro 4.2
2010-09-17 02:54:10 0 d-----w- c:\program files (x86)\Google Earth Pro 4.2
2010-09-16 13:16:35 203776 ----a-w- c:\windows\syswow64\clrviddc.dll
2010-09-16 13:15:10 0 d-----w- c:\program files (x86)\common files\xing shared
2010-09-16 13:12:52 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-09-16 13:12:45 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-09-16 13:12:45 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-09-16 13:12:31 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-09-16 12:06:07 0 d-----w- c:\users\john\appdata\roaming\OnLive App
2010-09-16 12:04:51 0 d-----w- c:\program files (x86)\OnLive
2010-09-15 19:01:28 0 d-----w- c:\program files (x86)\CCleaner
2010-09-15 18:45:52 71168 ----a-w- c:\windows\syswow64\ijl11pro.DLL
2010-09-15 18:45:52 609584 ----a-w- c:\windows\syswow64\COMCTL32.OCX
2010-09-15 18:45:52 29696 ----a-w- c:\windows\syswow64\VB5STKIT.DLL
2010-09-15 18:45:52 111376 ----a-w- c:\windows\syswow64\MSINET.OCX
2010-09-15 13:04:08 0 d-----w- c:\programdata\Game Room
2010-09-15 13:03:25 0 d-----w- c:\program files (x86)\Microsoft Games
2010-09-15 12:53:41 0 d-----w- c:\program files (x86)\Microsoft Corporation
2010-09-15 07:23:26 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 23:43:49 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-09-14 23:43:49 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-09-14 23:43:49 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-09-14 23:43:49 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-09-14 23:43:48 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-09-14 23:43:48 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-09-12 23:35:06 0 d-----w- c:\programdata\Real
2010-09-12 23:35:06 0 d-----w- c:\program files (x86)\common files\Real
2010-09-12 19:40:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-11 23:38:32 0 d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-09-11 23:38:31 0 d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2010-09-11 21:28:46 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-09-11 21:28:46 50688 ----a-w- c:\windows\syswow64\ff_acm.acm
2010-09-11 21:28:45 0 d-----w- c:\program files (x86)\ffdshow
2010-09-11 21:25:47 0 d-----w- c:\program files (x86)\TVersity Codec Pack
2010-09-10 00:40:23 0 d-----w- c:\users\john\appdata\roaming\Dropbox
2010-09-08 15:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-09-07 03:50:14 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-09-07 00:55:20 0 d-----w- c:\windows\syswow64\xlive
2010-09-07 00:55:20 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-09-07 00:54:52 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-09-07 00:54:52 452440 ----a-w- c:\windows\syswow64\d3dx10_40.dll
2010-09-07 00:54:52 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-09-07 00:54:52 2036576 ----a-w- c:\windows\syswow64\D3DCompiler_40.dll
2010-09-07 00:54:51 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-07 00:54:51 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-09-07 00:01:35 0 d-----w- c:\users\john\appdata\roaming\EVEMon
2010-09-07 00:01:30 0 d-----w- c:\program files (x86)\EVEMon
2010-09-06 15:56:15 45 ----a-w- c:\windows\syswow64\initdebug.nfo
2010-09-06 15:56:15 0 d-----w- c:\program files (x86)\SpeedFan
2010-09-05 21:17:36 0 d-----w- c:\users\john\appdata\roaming\cYo
2010-09-02 12:54:29 422 ----a-w- c:\windows\system32\mapisvc.inf
2010-09-02 12:54:16 0 d-----w- c:\program files\Microsoft Small Business
2010-09-02 12:53:58 0 d-----w- c:\program files (x86)\Microsoft Chart Controls
2010-09-02 12:51:50 50200 ----a-w- c:\windows\syswow64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll
2010-09-02 12:51:36 79896 ----a-w- c:\windows\syswow64\perf-MSSQL$MSSMLBIZ-sqlctr10.1.2531.0.dll
2010-09-02 12:48:52 0 d-----w- c:\windows\syswow64\1033
2010-09-02 12:48:52 0 d-----w- c:\windows\system32\1033
2010-09-02 12:48:52 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-01 13:48:55 39 ----a-w- c:\windows\vbaddin.ini
2010-09-01 13:43:01 0 d-----w- c:\program files (x86)\MSECache
2010-09-01 13:17:54 0 d-----w- c:\program files\common files\DESIGNER
2010-09-01 13:17:08 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-09-01 13:16:28 0 d-----w- c:\program files\Microsoft Sync Framework
2010-09-01 13:16:28 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-01 13:13:56 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-09-01 13:11:50 0 d-----w- c:\program files\Microsoft Analysis Services
2010-09-01 13:11:49 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-09-01 13:03:18 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:45:47 65536 --sha-w- c:\users\john\ntuser.dat{661675d4-b593-11df-a802-001fbc00e313}.TM.blf
2010-09-01 06:45:47 524288 --sha-w- c:\users\john\ntuser.dat{661675d4-b593-11df-a802-001fbc00e313}.TMContainer00000000000000000002.regtrans-ms
2010-09-01 06:45:47 524288 --sha-w- c:\users\john\ntuser.dat{661675d4-b593-11df-a802-001fbc00e313}.TMContainer00000000000000000001.regtrans-ms
2010-09-01 06:08:22 0 d-----w- c:\program files (x86)\Microsoft SQL Server
2010-09-01 05:37:04 0 d-----w- c:\program files\Microsoft Office
2010-09-01 05:37:03 0 d-----w- c:\programdata\Microsoft Help
2010-09-01 05:18:57 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-09-01 05:18:30 0 d-----w- c:\users\john\appdata\roaming\DAEMON Tools Lite
2010-09-01 05:18:28 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:17:21 0 d-----w- c:\users\john\appdata\roaming\DAEMON Tools Net
2010-09-01 01:54:45 252512 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-09-01 01:54:37 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-09-01 01:54:34 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-09-01 01:27:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Find3M ====================

2010-09-12 23:35:08 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-09-01 04:55:48 460088 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-09-01 04:47:30 10199040 ----a-w- c:\windows\syswow64\mshtml.dll
2010-09-01 04:46:36 1355264 ----a-w- c:\windows\syswow64\jscript9.dll
2010-09-01 04:45:42 12348928 ----a-w- c:\windows\syswow64\ieframe.dll
2010-09-01 04:44:24 1122304 ----a-w- c:\windows\syswow64\wininet.dll
2010-09-01 04:44:22 441856 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-09-01 04:44:16 1097728 ----a-w- c:\windows\syswow64\urlmon.dll
2010-09-01 04:44:06 424960 ----a-w- c:\windows\syswow64\vbscript.dll
2010-09-01 04:43:34 208384 ----a-w- c:\windows\syswow64\webcheck.dll
2010-09-01 04:43:26 128000 ----a-w- c:\windows\syswow64\occache.dll
2010-09-01 04:43:24 166400 ----a-w- c:\windows\syswow64\msrating.dll
2010-09-01 04:43:22 23552 ----a-w- c:\windows\syswow64\licmgr10.dll
2010-09-01 04:43:22 109568 ----a-w- c:\windows\syswow64\url.dll
2010-09-01 04:43:18 65024 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-09-01 04:43:12 142848 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- c:\windows\syswow64\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- c:\windows\syswow64\RegisterIEPKEYs.exe
2010-09-01 04:43:04 227840 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-09-01 04:43:00 130560 ----a-w- c:\windows\syswow64\ieakeng.dll
2010-09-01 04:41:56 601088 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:40:40 215552 ----a-w- c:\windows\system32\msls31.dll
2010-09-01 01:54:23 271456 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-08-29 22:41:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_RzSynapse_01007.Wdf
2010-08-29 22:03:19 353576 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-08-29 22:03:19 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-08-16 06:50:45 1137664 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:50:43 1543168 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:50:42 899072 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:50:42 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:50:42 1844224 ----a-w- c:\windows\system32\d3d10warp.dll
2010-08-16 06:14:36 1076224 ----a-w- c:\windows\syswow64\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- c:\windows\syswow64\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- c:\windows\syswow64\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- c:\windows\syswow64\d3d10warp.dll
2010-08-02 18:50:00 3695400 ----a-w- c:\windows\syswow64\ieapfltr.dat
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-28 22:26:12 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-07-28 22:26:12 2032232 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-07-28 22:26:00 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-07-28 22:25:48 476264 ----a-w- c:\windows\system32\RtkApi64.dll
2010-07-28 22:25:48 2618984 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-07-28 22:25:48 1213544 ----a-w- c:\windows\system32\RTCOM64.dll
2010-07-28 22:25:38 76904 ----a-w- c:\windows\system32\RCoInst64.dll
2010-07-28 22:25:38 372328 ----a-w- c:\windows\system32\RCoRes64.dat
2010-07-27 22:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:55:50 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 22:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 22:44:10 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
2010-07-27 22:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 17:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-22 20:48:58 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2010-07-22 20:48:50 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2010-07-22 20:48:44 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2010-07-22 20:48:26 74064 ----a-w- c:\windows\syswow64\SFCOM.dll
2010-07-22 20:37:14 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2010-07-09 20:27:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-07-09 20:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 20:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-06 15:48:02 1756160 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:20:32.95 ===============

This is my DDS log as per request. I know that I have safesurf and surfguard here, that I don't know how to get rid of. I don't know of anything else that I'm infected with. Any help would be greatly appreciated
 
Last edited by a moderator:
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Otl

OTL logfile created on: 10/4/2010 2:47:51 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 65.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 26.75 Gb Free Space | 17.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.39 Gb Total Space | 141.74 Gb Free Space | 15.22% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 15.63 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYJANE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\John\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (ImeDictUpdateService) -- C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TVersityMediaServer) -- C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DAUpdaterSvc) -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (MSSQLServerADHelper100) -- C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MSSMLBIZ) SQL Server Agent (MSSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 0F 6D 2A 55 63 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/16 09:15:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/09/30 11:13:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/30 02:18:34 | 000,420,665 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14505 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 CHS Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 CHT Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 JPN Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 KOR Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IME14 CHS Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 CHT Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 JPN Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 KOR Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [windows lsass service] C:\Program Files (x86)\DAO\svchost.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 10:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06116247-b8fd-11df-9d7a-001fbc00e313}\Shell - "" = AutoRun
O33 - MountPoints2\{06116247-b8fd-11df-9d7a-001fbc00e313}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7041bd77-c5bc-11df-94f0-001fbc00e313}\Shell - "" = AutoRun
O33 - MountPoints2\{7041bd77-c5bc-11df-94f0-001fbc00e313}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
Continued

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\HandBrake
[2010/10/04 13:24:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HandBrake
[2010/10/04 13:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
[2010/09/30 12:46:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/30 11:42:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/30 11:15:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG10
[2010/09/30 11:14:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/09/30 11:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010/09/30 11:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/09/30 11:13:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/09/30 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/09/30 11:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/09/30 02:49:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/09/30 02:49:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/30 02:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/30 02:49:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/30 02:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/30 02:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/30 02:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/30 02:07:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/30 02:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/29 11:39:04 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/09/29 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sunbelt Software
[2010/09/29 11:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/29 11:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/09/29 11:08:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/29 10:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/29 10:03:52 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/29 00:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/29 00:33:02 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Visual Studio 2010
[2010/09/29 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2010/09/29 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/09/29 00:29:54 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010/09/29 00:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/09/29 00:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010/09/29 00:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/09/29 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Nero
[2010/09/28 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2010/09/28 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Crayon Physics Deluxe
[2010/09/28 18:33:53 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/09/28 18:33:53 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/09/28 18:33:38 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/09/28 18:33:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system32
[2010/09/28 01:39:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Creative
[2010/09/27 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Games
[2010/09/26 19:16:40 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/26 19:16:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/26 19:16:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/09/26 19:16:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/09/26 19:16:39 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/09/26 19:16:39 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/09/26 19:16:39 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/09/26 19:16:39 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/26 19:16:39 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/26 19:16:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/26 19:16:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/26 19:16:39 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/09/26 19:16:39 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/09/26 19:16:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/26 19:16:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/09/26 19:16:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/26 19:16:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/09/26 19:16:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/09/26 19:16:38 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/09/26 19:16:38 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/26 19:16:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/09/26 19:16:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/26 19:16:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/26 19:16:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/09/26 19:16:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/09/26 19:16:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/09/26 19:16:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/26 19:16:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/09/26 19:16:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/09/26 19:16:31 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/26 19:16:30 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/09/26 19:16:30 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/09/26 19:16:30 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/09/26 19:16:30 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/09/26 19:16:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/09/26 19:16:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/09/26 19:16:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/09/26 19:16:30 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/09/26 19:16:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/09/26 19:16:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/09/26 19:16:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/09/26 19:16:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/09/26 19:16:29 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/09/26 19:16:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/09/26 19:16:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/26 19:16:29 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/26 19:16:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/09/26 19:16:28 | 002,431,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/26 19:16:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/09/26 19:16:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/26 19:16:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/09/26 19:16:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/26 19:16:27 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/09/26 19:16:27 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/09/26 19:16:27 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/09/26 19:16:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/09/26 19:16:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/09/26 19:16:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/09/26 19:16:26 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/09/26 19:16:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/09/26 19:16:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/09/26 19:16:26 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/09/26 19:16:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/09/26 19:16:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/09/26 19:16:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/09/26 19:16:26 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/09/26 19:16:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/09/26 19:16:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/09/26 19:16:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/09/26 19:16:25 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/09/26 19:16:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/09/26 19:16:25 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/09/26 19:16:24 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/09/26 19:16:24 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/26 19:16:24 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/09/26 19:16:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/09/26 19:16:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/09/26 19:16:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/09/26 19:16:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/09/26 19:16:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/09/26 19:15:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/09/26 19:15:38 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/09/26 19:15:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/09/26 19:15:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/09/26 19:15:37 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/09/26 19:15:37 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/09/26 19:15:36 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/09/26 19:14:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/09/26 19:14:59 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/09/26 19:14:59 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/09/26 19:14:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/09/26 19:14:58 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/09/26 19:14:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/09/26 19:14:56 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/09/26 19:14:56 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/09/26 19:14:24 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/09/26 19:14:23 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/09/26 19:14:23 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/09/26 19:14:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/09/26 19:13:27 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2010/09/26 19:13:26 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2010/09/26 19:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/09/26 18:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/09/26 10:49:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SKIDROW
[2010/09/26 10:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/26 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/26 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/26 10:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/26 10:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/25 15:17:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/25 02:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2010/09/24 09:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C Company
[2010/09/24 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Ubisoft
[2010/09/24 01:55:11 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Syberia Saves
[2010/09/24 01:47:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/09/23 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2010/09/22 23:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/09/21 23:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/21 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Nero_AG
[2010/09/20 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Nero
[2010/09/20 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\NeroVision
[2010/09/20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/09/20 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Nero
[2010/09/20 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/09/20 10:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/09/20 10:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/09/20 09:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/09/19 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/09/19 09:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/19 01:40:02 | 000,000,000 | RH-D | C] -- C:\Users\John\AppData\Roaming\SecuROM
[2010/09/19 01:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2010/09/19 01:37:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/09/18 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SquareLogic
[2010/09/17 17:44:43 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010/09/17 17:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/09/17 17:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/09/17 17:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/09/17 17:37:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010/09/17 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/09/17 17:12:43 | 000,010,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTDCRES.DLL
[2010/09/17 16:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/09/17 16:38:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Defaults
[2010/09/17 16:36:32 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/17 16:36:32 | 000,123,480 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/17 16:36:31 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/17 16:36:31 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/09/17 16:34:54 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
[2010/09/17 16:34:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2010/09/17 16:34:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2010/09/17 16:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/09/16 22:55:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Google
[2010/09/16 22:54:10 | 000,000,000 | ---D | C] -- C:\Windows\Google Earth Pro 4.2
[2010/09/16 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Earth Pro 4.2
[2010/09/16 09:16:35 | 000,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\clrviddc.dll
[2010/09/16 09:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/16 09:12:52 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/16 09:12:45 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/16 09:12:45 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/16 09:12:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/16 08:08:54 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\OnLive App
[2010/09/16 08:08:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\OnLive App
[2010/09/16 08:06:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\OnLive App
[2010/09/16 08:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2010/09/15 15:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/15 14:45:52 | 000,609,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCTL32.OCX
[2010/09/15 14:45:52 | 000,111,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010/09/15 14:45:52 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5STKIT.DLL
[2010/09/15 09:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Game Room
[2010/09/15 09:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/09/15 08:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2010/09/14 19:43:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\THQ
[2010/09/14 19:43:49 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/09/14 19:43:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/09/14 19:43:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/09/14 19:43:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/09/14 19:43:48 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/09/14 19:43:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/09/14 13:20:04 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Amnesia
[2010/09/13 16:28:00 | 000,027,216 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/12 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/12 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/12 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/12 19:35:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
[2010/09/11 19:38:32 | 000,000,000 | ---D | C] -- C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
[2010/09/11 19:38:31 | 000,000,000 | ---D | C] -- C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
[2010/09/11 19:23:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AliensVsPredator
[2010/09/11 18:41:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\4A Games
[2010/09/11 17:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/09/11 17:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/09/11 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\TVersity
[2010/09/09 20:41:50 | 000,000,000 | R--D | C] -- C:\Users\John\Documents\My Dropbox
[2010/09/09 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Dropbox
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/07 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Dedication Games
[2010/09/07 03:48:58 | 000,381,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/09/06 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Futuremark
[2010/09/06 23:50:14 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010/09/06 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\My Games
[2010/09/06 20:55:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/06 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/09/06 20:54:52 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/09/06 20:54:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/09/06 20:54:52 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/09/06 20:54:52 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/09/06 20:54:51 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/09/06 20:54:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/09/06 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\EVEMon
[2010/09/06 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVEMon
[2010/09/06 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/09/06 10:16:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Wings of Prey
[2010/09/05 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\cYo
[2010/09/05 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\cYo
[2010/09/05 10:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/04 14:50:01 | 008,650,752 | -HS- | M] () -- C:\Users\John\ntuser.dat
[2010/10/04 14:13:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995303643-1020073317-2850314873-1000UA.job
[2010/10/04 13:24:55 | 000,001,023 | ---- | M] () -- C:\Users\John\Desktop\Handbrake.lnk
[2010/10/04 12:28:18 | 000,000,390 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010/10/04 10:16:20 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 10:16:20 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 10:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995303643-1020073317-2850314873-1000Core.job
[2010/10/04 10:12:05 | 095,358,634 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/04 10:08:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 10:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 10:08:16 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 02:33:17 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/04 02:33:17 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/04 02:33:17 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/04 02:33:17 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/04 02:33:17 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/04 02:32:41 | 003,615,086 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/10/03 19:38:28 | 000,887,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 19:38:28 | 000,736,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 19:38:28 | 000,149,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 18:06:44 | 000,007,596 | ---- | M] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/10/02 04:18:06 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/10/02 04:18:06 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/10/01 11:13:55 | 620,951,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/30 14:14:07 | 000,001,316 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/30 14:14:07 | 000,001,292 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2010/09/30 11:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/09/30 11:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/09/30 02:49:28 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 02:23:54 | 000,003,713 | ---- | M] () -- C:\Users\John\Documents\Attach.zip
[2010/09/30 02:18:34 | 000,420,665 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/30 02:06:54 | 000,001,108 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/30 02:06:51 | 000,000,909 | ---- | M] () -- C:\Users\John\Desktop\ERUNT.lnk
[2010/09/29 11:17:43 | 000,001,166 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 10:52:20 | 000,002,097 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/09/29 00:18:00 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Dead Rising 2.lnk
[2010/09/28 18:33:38 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/09/28 13:45:36 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010/09/28 13:41:13 | 000,111,648 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/28 13:40:33 | 000,419,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/28 13:38:09 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/09/28 12:36:18 | 000,000,681 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2010/09/26 19:21:50 | 000,001,441 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/25 03:01:07 | 000,001,764 | ---- | M] () -- C:\Users\John\Desktop\Civ_V_Manual_English.pdf - Shortcut.lnk
[2010/09/25 03:00:50 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/25 03:00:10 | 000,001,636 | ---- | M] () -- C:\Users\John\Desktop\Launcher.exe - Shortcut (2).lnk
[2010/09/24 09:15:41 | 000,001,156 | ---- | M] () -- C:\Users\John\Desktop\Truth.exe - Shortcut.lnk
[2010/09/24 09:15:28 | 000,000,987 | ---- | M] () -- C:\Users\John\Desktop\Eufloria.exe - Shortcut.lnk
[2010/09/24 09:13:43 | 000,000,652 | ---- | M] () -- C:\Users\John\Desktop\Death to Spies.exe - Shortcut.lnk
[2010/09/24 09:13:26 | 000,000,996 | ---- | M] () -- C:\Users\John\Desktop\Majesty2.exe - Shortcut.lnk
[2010/09/24 01:54:45 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Syberia DVD.lnk
[2010/09/23 22:22:03 | 000,001,351 | ---- | M] () -- C:\Users\John\Desktop\Play Plants vs. Zombies.lnk
[2010/09/23 19:11:37 | 000,001,032 | ---- | M] () -- C:\Users\John\Desktop\launcher.exe - Shortcut.lnk
[2010/09/23 19:09:28 | 000,000,991 | ---- | M] () -- C:\Users\John\Desktop\Amnesia.exe.lnk
[2010/09/23 19:08:21 | 000,001,204 | ---- | M] () -- C:\Users\John\Desktop\tru.exe - Shortcut.lnk
[2010/09/19 21:36:27 | 000,003,584 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 01:38:21 | 000,898,866 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/19 01:36:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/19 01:36:47 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/19 01:36:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/17 18:51:11 | 000,000,503 | ---- | M] () -- C:\Users\John\Documents\log.htm
[2010/09/17 17:19:58 | 004,931,577 | ---- | M] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/09/17 17:19:58 | 004,931,577 | ---- | M] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.BAK
[2010/09/17 17:15:01 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/17 17:15:01 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/17 17:15:01 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/17 17:15:01 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/17 17:15:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/16 09:16:31 | 000,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\clrviddc.dll
[2010/09/16 09:15:22 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/16 09:15:16 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/16 09:15:16 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/16 09:14:51 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/12 19:35:08 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/12 15:40:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/12 10:41:20 | 000,002,515 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/09 20:41:50 | 000,001,018 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/09/06 11:56:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/09/05 12:37:21 | 000,001,266 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 13:24:55 | 000,001,023 | ---- | C] () -- C:\Users\John\Desktop\Handbrake.lnk
[2010/10/04 10:12:05 | 095,358,634 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/03 18:06:44 | 000,007,596 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/10/01 11:13:55 | 620,951,991 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/30 11:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/09/30 11:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/09/30 02:49:28 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 02:23:54 | 000,003,713 | ---- | C] () -- C:\Users\John\Documents\Attach.zip
[2010/09/30 02:13:46 | 000,001,316 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/30 02:13:46 | 000,001,292 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2010/09/30 02:06:54 | 000,001,108 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/30 02:06:51 | 000,000,909 | ---- | C] () -- C:\Users\John\Desktop\ERUNT.lnk
[2010/09/29 11:54:34 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/09/29 11:17:43 | 000,001,166 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 10:52:20 | 000,002,097 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/09/29 00:18:00 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Dead Rising 2.lnk
[2010/09/28 13:45:36 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010/09/28 13:38:09 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/09/28 12:36:18 | 000,000,681 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2010/09/26 19:16:39 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/26 19:16:39 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/25 03:01:07 | 000,001,764 | ---- | C] () -- C:\Users\John\Desktop\Civ_V_Manual_English.pdf - Shortcut.lnk
[2010/09/25 03:00:50 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/25 03:00:10 | 000,001,636 | ---- | C] () -- C:\Users\John\Desktop\Launcher.exe - Shortcut (2).lnk
[2010/09/24 09:15:41 | 000,001,156 | ---- | C] () -- C:\Users\John\Desktop\Truth.exe - Shortcut.lnk
[2010/09/24 09:15:28 | 000,000,987 | ---- | C] () -- C:\Users\John\Desktop\Eufloria.exe - Shortcut.lnk
[2010/09/24 09:13:43 | 000,000,652 | ---- | C] () -- C:\Users\John\Desktop\Death to Spies.exe - Shortcut.lnk
[2010/09/24 09:13:26 | 000,000,996 | ---- | C] () -- C:\Users\John\Desktop\Majesty2.exe - Shortcut.lnk
[2010/09/24 05:03:28 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 05:03:28 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 01:54:45 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Syberia DVD.lnk
[2010/09/23 22:22:03 | 000,001,351 | ---- | C] () -- C:\Users\John\Desktop\Play Plants vs. Zombies.lnk
[2010/09/23 19:11:37 | 000,001,032 | ---- | C] () -- C:\Users\John\Desktop\launcher.exe - Shortcut.lnk
[2010/09/23 19:09:28 | 000,000,991 | ---- | C] () -- C:\Users\John\Desktop\Amnesia.exe.lnk
[2010/09/23 19:07:56 | 000,001,204 | ---- | C] () -- C:\Users\John\Desktop\tru.exe - Shortcut.lnk
[2010/09/20 20:04:36 | 000,000,390 | ---- | C] () -- C:\Windows\SysWow64\tversity.cookies
[2010/09/19 21:36:27 | 000,003,584 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 01:36:48 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/19 01:36:47 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/19 01:36:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/17 18:51:11 | 000,000,503 | ---- | C] () -- C:\Users\John\Documents\log.htm
[2010/09/17 17:18:05 | 000,036,016 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,032,088 | ---- | C] () -- C:\Windows\SysNative\BMXCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,032,088 | ---- | C] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,011,564 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:17:47 | 004,931,577 | ---- | C] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.BAK
[2010/09/17 17:16:35 | 004,931,577 | ---- | C] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/09/17 17:15:00 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/09/17 17:15:00 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/17 17:15:00 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/09/17 17:15:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/17 17:15:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/09/17 16:39:35 | 000,036,016 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 16:38:56 | 004,174,814 | ---- | C] () -- C:\Windows\SysWow64\CT4MGM.SF2
[2010/09/17 16:38:56 | 004,174,814 | ---- | C] () -- C:\Windows\SysNative\CT4MGM.SF2
[2010/09/17 16:37:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010/09/12 15:40:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/11 17:28:46 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/11 17:28:46 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2010/09/09 20:41:50 | 000,001,018 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/06 11:56:15 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/09/05 10:48:04 | 000,002,515 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/29 16:49:40 | 000,898,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/04 10:08:10 | 000,003,020 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/08/29 18:52:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/04 10:08:16 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 10:08:18 | 2138,230,783 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
 
Extras

OTL Extras logfile created on: 9/30/2010 2:07:49 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 19.89 Gb Free Space | 13.34% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.39 Gb Total Space | 165.58 Gb Free Space | 17.78% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 15.63 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYJANE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\John\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\John\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{29F41953-2103-4EF2-8328-AD0EA7480D80}" = Business Contact Manager for Microsoft Outlook 2010
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{79CC7D89-6A9B-4193-99D5-1A967D2C19EE}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" =
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0402-1000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-1000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0404-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040B-1000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-1000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0411-1000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0412-1000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0414-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0418-1000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041E-1000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041F-1000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-1000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0422-1000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0424-1000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-1000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-1000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-1000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-1000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0439-1000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-043F-1000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-1000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0447-1000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0449-1000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-044A-1000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044B-1000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044E-1000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-0456-1000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0804-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0814-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{FE71CC93-19DF-419E-90BE-DC71F0BEA692}" =
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004B-0000-1000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{3EB2BE04-348D-4419-8569-57030D4B8552}" =
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0409-1000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"ComicRack" = ComicRack v0.9.129
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Revo Uninstaller Pro Retail zoo_is1" = Revo Uninstaller Pro 2.4.1
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233F252D-1742-473C-AAD9-3DEB9C0E46E6}" = Syberia DVD
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D530901-0614-4537-B4CE-EA1000028301}" = Game Room
"{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ERUNT_is1" = ERUNT 1.1j
"EVEMon" = EVEMon
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnLive" = OnLive
"OpenAL" = OpenAL
"Plants vs. Zombies" = Plants vs. Zombies
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 43100" = World of Zoo
"Steam App 46600" = Swarm Arena
"Steam App 70310" = VVVVVV Demo
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Trillian" = Trillian
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"uTorrent" = µTorrent
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worms Reloaded_is1" = Worms Reloaded

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 2:24:20 AM | Computer Name = Maryjane | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 9/29/2010 9:57:01 AM | Computer Name = Maryjane | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
time stamp: 0x4c7e0414 Faulting module name: MSHTML.dll, version: 9.0.7930.16406,
time stamp: 0x4c7e04e9 Exception code: 0xc0000005 Fault offset: 0x002c5519 Faulting
process id: 0x15a4 Faulting application start time: 0x01cb5fde2b46c74e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 6e4e9d8b-cbd1-11df-b7de-001fbc00e313

Error - 9/29/2010 11:08:31 AM | Computer Name = Maryjane | Source = MsiInstaller | ID = 11935
Description =

Error - 9/29/2010 11:09:39 AM | Computer Name = Maryjane | Source = MsiInstaller | ID = 11935
Description =

Error - 9/29/2010 11:21:16 AM | Computer Name = Maryjane | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/29/2010 11:43:56 PM | Computer Name = Maryjane | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000005 Fault offset: 0x000000000000773f
Faulting
process id: 0x494 Faulting application start time: 0x01cb5feca4e6fa00 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: f36ea1e1-cc44-11df-95eb-001fbc00e313

Error - 9/30/2010 1:05:39 AM | Computer Name = Maryjane | Source = Bonjour Service | ID = 100
Description = 516: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/30/2010 1:05:39 AM | Computer Name = Maryjane | Source = Bonjour Service | ID = 100
Description = 536: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/30/2010 1:05:39 AM | Computer Name = Maryjane | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/30/2010 1:05:39 AM | Computer Name = Maryjane | Source = Bonjour Service | ID = 100
Description = 376: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 9/30/2010 1:42:01 AM | Computer Name = Maryjane | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 9/30/2010 2:01:46 AM | Computer Name = Maryjane | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 0 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 4 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 2 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 6 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 5 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 3 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 7 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/30/2010 2:02:41 AM | Computer Name = Maryjane | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >
 
Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
[2010/09/28 18:33:53 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/09/28 18:33:38 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
:Files
C:\Windows\SysWow64\system32 /s
:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report & fresh OTL.txt log.
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsafesurf deleted successfully.
C:\Windows\SysWOW64\drivers\safesurf.exe moved successfully.
C:\Windows\SysWOW64\drivers\surfguard.exe moved successfully.
C:\Windows\SysWOW64\drivers\up.exe moved successfully.
========== FILES ==========
C:\Windows\SysWow64\system32\sys folder moved successfully.
C:\Windows\SysWow64\system32 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Acronis Agent User
->Temp folder emptied: 385852 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JDubry
->Temp folder emptied: 350385 bytes
->Temporary Internet Files folder emptied: 46807869 bytes
->Flash cache emptied: 57244 bytes

User: John
->Temp folder emptied: 130764684 bytes
->Temporary Internet Files folder emptied: 713050726 bytes
->Google Chrome cache emptied: 17262983 bytes
->Flash cache emptied: 152853 bytes

User: Public

User: TJ
->Java cache emptied: 0 bytes
->Flash cache emptied: 42525 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3231022 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 871.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10052010_084728

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\John\AppData\Local\Temp\~DF03BF6511AABEC6DC.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF09F5E0B6063C69E1.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF0DAE9A5233670B6D.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF1627D6E5F640C5CB.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF1C462B50F79040C2.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF21784E766506D5A1.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF225472DBBA128F72.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF278C85B5AE7DDDDB.TMP not found!
File\Folder C:\Users\John\AppData\Local\Temp\~DF2BB2FE425081D71D.TMP not found!
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
 
The Eset AV detected no threats.


OTL logfile created on: 10/5/2010 10:22:15 AM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 33.73 Gb Free Space | 22.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.39 Gb Total Space | 138.13 Gb Free Space | 14.83% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 15.63 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYJANE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\John\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (ImeDictUpdateService) -- C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TVersityMediaServer) -- C:\Users\John\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DAUpdaterSvc) -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (MSSQLServerADHelper100) -- C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MSSMLBIZ) SQL Server Agent (MSSMLBIZ) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 0F 6D 2A 55 63 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/16 09:15:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/09/30 11:13:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/30 02:18:34 | 000,420,665 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14505 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 CHS Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 CHT Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 JPN Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IME14 KOR Setup] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IME14 CHS Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 CHT Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 JPN Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IME14 KOR Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [windows lsass service] C:\Program Files (x86)\DAO\svchost.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 10:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06116247-b8fd-11df-9d7a-001fbc00e313}\Shell - "" = AutoRun
O33 - MountPoints2\{06116247-b8fd-11df-9d7a-001fbc00e313}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7041bd77-c5bc-11df-94f0-001fbc00e313}\Shell - "" = AutoRun
O33 - MountPoints2\{7041bd77-c5bc-11df-94f0-001fbc00e313}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 09:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/05 08:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/04 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\HandBrake
[2010/10/04 13:24:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HandBrake
[2010/10/04 13:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
[2010/09/30 12:46:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/30 11:42:36 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/30 11:15:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG10
[2010/09/30 11:14:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/09/30 11:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010/09/30 11:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/09/30 11:13:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/09/30 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/09/30 11:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/09/30 02:49:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/09/30 02:49:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/30 02:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/30 02:49:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/30 02:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/30 02:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/30 02:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/30 02:07:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/30 02:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/29 11:39:04 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/09/29 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sunbelt Software
[2010/09/29 11:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/29 11:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/09/29 11:08:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/29 10:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/29 10:03:52 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/29 00:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/09/29 00:33:02 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Visual Studio 2010
[2010/09/29 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2010/09/29 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/09/29 00:29:54 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010/09/29 00:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/09/29 00:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010/09/29 00:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/09/29 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Nero
[2010/09/28 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2010/09/28 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Crayon Physics Deluxe
[2010/09/28 18:33:53 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/09/28 01:39:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Creative
[2010/09/27 22:25:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Games
[2010/09/26 19:16:40 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/26 19:16:40 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/26 19:16:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/09/26 19:16:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/09/26 19:16:39 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/09/26 19:16:39 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/09/26 19:16:39 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/09/26 19:16:39 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/26 19:16:39 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/26 19:16:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/26 19:16:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/26 19:16:39 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/09/26 19:16:39 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/09/26 19:16:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/26 19:16:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/09/26 19:16:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/26 19:16:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/09/26 19:16:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/09/26 19:16:38 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/09/26 19:16:38 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/26 19:16:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/09/26 19:16:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/26 19:16:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/26 19:16:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/09/26 19:16:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/09/26 19:16:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/09/26 19:16:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/26 19:16:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/09/26 19:16:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/09/26 19:16:31 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/26 19:16:30 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/09/26 19:16:30 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/09/26 19:16:30 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/09/26 19:16:30 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/09/26 19:16:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/09/26 19:16:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/09/26 19:16:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/09/26 19:16:30 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/09/26 19:16:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/09/26 19:16:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/09/26 19:16:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/09/26 19:16:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/09/26 19:16:29 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/09/26 19:16:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/09/26 19:16:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/26 19:16:29 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/26 19:16:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/09/26 19:16:28 | 002,431,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/26 19:16:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/09/26 19:16:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/26 19:16:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/09/26 19:16:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/26 19:16:27 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/09/26 19:16:27 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/09/26 19:16:27 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/09/26 19:16:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/09/26 19:16:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/09/26 19:16:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/09/26 19:16:26 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/09/26 19:16:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/09/26 19:16:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/09/26 19:16:26 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/09/26 19:16:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/09/26 19:16:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/09/26 19:16:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/09/26 19:16:26 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/09/26 19:16:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/09/26 19:16:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/09/26 19:16:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/09/26 19:16:25 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/09/26 19:16:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/09/26 19:16:25 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/09/26 19:16:24 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/09/26 19:16:24 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/26 19:16:24 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/09/26 19:16:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/09/26 19:16:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/09/26 19:16:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/09/26 19:16:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/09/26 19:16:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/09/26 19:15:38 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/09/26 19:15:38 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/09/26 19:15:38 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/09/26 19:15:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/09/26 19:15:37 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/09/26 19:15:37 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/09/26 19:15:36 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/09/26 19:14:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/09/26 19:14:59 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/09/26 19:14:59 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/09/26 19:14:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/09/26 19:14:58 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/09/26 19:14:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/09/26 19:14:56 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/09/26 19:14:56 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/09/26 19:14:24 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/09/26 19:14:23 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/09/26 19:14:23 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/09/26 19:14:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/09/26 19:13:27 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2010/09/26 19:13:26 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2010/09/26 19:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/09/26 18:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/09/26 10:49:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SKIDROW
[2010/09/26 10:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/26 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/26 10:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/26 10:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/26 10:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/25 15:17:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/25 02:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2010/09/24 09:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C Company
[2010/09/24 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Ubisoft
[2010/09/24 01:55:11 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Syberia Saves
[2010/09/24 01:47:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/09/23 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2010/09/22 23:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/09/21 23:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/09/21 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Nero_AG
[2010/09/20 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Nero
[2010/09/20 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\NeroVision
[2010/09/20 10:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/09/20 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Nero
[2010/09/20 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/09/20 10:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/09/20 10:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/09/20 09:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/09/19 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/09/19 09:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/19 01:40:02 | 000,000,000 | RH-D | C] -- C:\Users\John\AppData\Roaming\SecuROM
[2010/09/19 01:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2010/09/19 01:37:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/09/18 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SquareLogic
[2010/09/17 17:44:43 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010/09/17 17:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/09/17 17:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/09/17 17:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/09/17 17:37:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010/09/17 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/09/17 17:12:43 | 000,010,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\CTDCRES.DLL
[2010/09/17 16:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/09/17 16:38:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Defaults
[2010/09/17 16:36:32 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/17 16:36:32 | 000,123,480 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/17 16:36:31 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/17 16:36:31 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/09/17 16:34:54 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
[2010/09/17 16:34:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2010/09/17 16:34:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2010/09/17 16:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/09/16 22:55:24 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Google
[2010/09/16 22:54:10 | 000,000,000 | ---D | C] -- C:\Windows\Google Earth Pro 4.2
[2010/09/16 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Earth Pro 4.2
[2010/09/16 09:16:35 | 000,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\clrviddc.dll
[2010/09/16 09:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/16 09:12:52 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/16 09:12:45 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/16 09:12:45 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/16 09:12:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/16 08:08:54 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\OnLive App
[2010/09/16 08:08:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\OnLive App
[2010/09/16 08:06:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\OnLive App
[2010/09/16 08:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2010/09/15 15:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/15 14:45:52 | 000,609,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCTL32.OCX
[2010/09/15 14:45:52 | 000,111,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010/09/15 14:45:52 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5STKIT.DLL
[2010/09/15 09:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Game Room
[2010/09/15 09:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/09/15 08:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2010/09/14 19:43:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\THQ
[2010/09/14 19:43:49 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/09/14 19:43:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/09/14 19:43:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/09/14 19:43:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/09/14 19:43:48 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/09/14 19:43:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/09/14 13:20:04 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Amnesia
[2010/09/13 16:28:00 | 000,027,216 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/12 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/12 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/12 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/12 19:35:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
[2010/09/11 19:23:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AliensVsPredator
[2010/09/11 17:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/09/11 17:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVersity Codec Pack
[2010/09/11 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\TVersity
[2010/09/09 20:41:50 | 000,000,000 | R--D | C] -- C:\Users\John\Documents\My Dropbox
[2010/09/09 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Dropbox
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/07 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Dedication Games
[2010/09/07 03:48:58 | 000,381,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/09/06 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Futuremark
[2010/09/06 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\My Games
[2010/09/06 20:55:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/09/06 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/09/06 20:54:52 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/09/06 20:54:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/09/06 20:54:52 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/09/06 20:54:52 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/09/06 20:54:51 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/09/06 20:54:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/09/06 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\EVEMon
[2010/09/06 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVEMon
[2010/09/06 11:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/09/06 10:16:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Wings of Prey
[2010/09/05 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\cYo
[2010/09/05 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\cYo
[2010/09/05 10:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/10/05 10:24:38 | 008,650,752 | -HS- | M] () -- C:\Users\John\ntuser.dat
[2010/10/05 10:13:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995303643-1020073317-2850314873-1000UA.job
[2010/10/05 10:13:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995303643-1020073317-2850314873-1000Core.job
[2010/10/05 08:58:33 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 08:58:33 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 08:51:20 | 000,000,390 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010/10/05 08:51:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 08:50:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 08:50:40 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 08:49:46 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/05 08:49:46 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/05 08:49:46 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/05 08:49:46 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/05 08:49:46 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/10/05 08:42:20 | 003,629,375 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/10/05 08:24:58 | 095,391,947 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/03 19:38:28 | 000,887,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 19:38:28 | 000,736,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 19:38:28 | 000,149,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 18:06:44 | 000,007,596 | ---- | M] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/10/02 04:18:06 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/10/02 04:18:06 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/10/01 11:13:55 | 620,951,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/30 14:14:07 | 000,001,316 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/30 14:14:07 | 000,001,292 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2010/09/30 11:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/09/30 11:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/09/30 02:49:28 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 02:23:54 | 000,003,713 | ---- | M] () -- C:\Users\John\Documents\Attach.zip
[2010/09/30 02:18:34 | 000,420,665 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/30 02:06:54 | 000,001,108 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/30 02:06:51 | 000,000,909 | ---- | M] () -- C:\Users\John\Desktop\ERUNT.lnk
[2010/09/29 11:17:43 | 000,001,166 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 10:52:20 | 000,002,097 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/09/29 00:18:00 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Dead Rising 2.lnk
[2010/09/28 13:45:36 | 000,000,645 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010/09/28 13:41:13 | 000,111,648 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/28 13:40:33 | 000,419,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/28 13:38:09 | 000,000,638 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/09/28 12:36:18 | 000,000,681 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2010/09/26 19:21:50 | 000,001,441 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/25 03:01:07 | 000,001,764 | ---- | M] () -- C:\Users\John\Desktop\Civ_V_Manual_English.pdf - Shortcut.lnk
[2010/09/25 03:00:50 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/25 03:00:10 | 000,001,636 | ---- | M] () -- C:\Users\John\Desktop\Launcher.exe - Shortcut (2).lnk
[2010/09/24 09:15:41 | 000,001,156 | ---- | M] () -- C:\Users\John\Desktop\Truth.exe - Shortcut.lnk
[2010/09/24 09:15:28 | 000,000,987 | ---- | M] () -- C:\Users\John\Desktop\Eufloria.exe - Shortcut.lnk
[2010/09/24 09:13:43 | 000,000,652 | ---- | M] () -- C:\Users\John\Desktop\Death to Spies.exe - Shortcut.lnk
[2010/09/24 09:13:26 | 000,000,996 | ---- | M] () -- C:\Users\John\Desktop\Majesty2.exe - Shortcut.lnk
[2010/09/24 01:54:45 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Syberia DVD.lnk
[2010/09/23 22:22:03 | 000,001,351 | ---- | M] () -- C:\Users\John\Desktop\Play Plants vs. Zombies.lnk
[2010/09/23 19:11:37 | 000,001,032 | ---- | M] () -- C:\Users\John\Desktop\launcher.exe - Shortcut.lnk
[2010/09/23 19:09:28 | 000,000,991 | ---- | M] () -- C:\Users\John\Desktop\Amnesia.exe.lnk
[2010/09/23 19:08:21 | 000,001,204 | ---- | M] () -- C:\Users\John\Desktop\tru.exe - Shortcut.lnk
[2010/09/19 21:36:27 | 000,003,584 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 01:38:21 | 000,898,866 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/19 01:36:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/19 01:36:47 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/19 01:36:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/17 18:51:11 | 000,000,503 | ---- | M] () -- C:\Users\John\Documents\log.htm
[2010/09/17 17:19:58 | 004,931,577 | ---- | M] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/09/17 17:19:58 | 004,931,577 | ---- | M] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.BAK
[2010/09/17 17:15:01 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/17 17:15:01 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/17 17:15:01 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/17 17:15:01 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/17 17:15:00 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/16 09:16:31 | 000,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\Windows\SysWow64\clrviddc.dll
[2010/09/16 09:15:22 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/16 09:15:16 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/16 09:15:16 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/16 09:14:51 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys
[2010/09/12 19:35:08 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/12 15:40:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/12 10:41:20 | 000,002,515 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/09 20:41:50 | 000,001,018 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/09/06 11:56:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/09/05 12:37:21 | 000,001,266 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

========== Files Created - No Company Name ==========

[2010/10/05 08:24:58 | 095,391,947 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/03 18:06:44 | 000,007,596 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2010/10/01 11:13:55 | 620,951,991 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/30 11:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/09/30 11:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/09/30 02:49:28 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 02:23:54 | 000,003,713 | ---- | C] () -- C:\Users\John\Documents\Attach.zip
[2010/09/30 02:13:46 | 000,001,316 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/30 02:13:46 | 000,001,292 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2010/09/30 02:06:54 | 000,001,108 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/30 02:06:51 | 000,000,909 | ---- | C] () -- C:\Users\John\Desktop\ERUNT.lnk
[2010/09/29 11:54:34 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/09/29 11:17:43 | 000,001,166 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 10:52:20 | 000,002,097 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/09/29 00:18:00 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Dead Rising 2.lnk
[2010/09/28 13:45:36 | 000,000,645 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010/09/28 13:38:09 | 000,000,638 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010/09/28 12:36:18 | 000,000,681 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age Origins.lnk
[2010/09/26 19:16:39 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/26 19:16:39 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/25 03:01:07 | 000,001,764 | ---- | C] () -- C:\Users\John\Desktop\Civ_V_Manual_English.pdf - Shortcut.lnk
[2010/09/25 03:00:50 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/25 03:00:10 | 000,001,636 | ---- | C] () -- C:\Users\John\Desktop\Launcher.exe - Shortcut (2).lnk
[2010/09/24 09:15:41 | 000,001,156 | ---- | C] () -- C:\Users\John\Desktop\Truth.exe - Shortcut.lnk
[2010/09/24 09:15:28 | 000,000,987 | ---- | C] () -- C:\Users\John\Desktop\Eufloria.exe - Shortcut.lnk
[2010/09/24 09:13:43 | 000,000,652 | ---- | C] () -- C:\Users\John\Desktop\Death to Spies.exe - Shortcut.lnk
[2010/09/24 09:13:26 | 000,000,996 | ---- | C] () -- C:\Users\John\Desktop\Majesty2.exe - Shortcut.lnk
[2010/09/24 05:03:28 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/09/24 05:03:28 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010/09/24 01:54:45 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Syberia DVD.lnk
[2010/09/23 22:22:03 | 000,001,351 | ---- | C] () -- C:\Users\John\Desktop\Play Plants vs. Zombies.lnk
[2010/09/23 19:11:37 | 000,001,032 | ---- | C] () -- C:\Users\John\Desktop\launcher.exe - Shortcut.lnk
[2010/09/23 19:09:28 | 000,000,991 | ---- | C] () -- C:\Users\John\Desktop\Amnesia.exe.lnk
[2010/09/23 19:07:56 | 000,001,204 | ---- | C] () -- C:\Users\John\Desktop\tru.exe - Shortcut.lnk
[2010/09/20 20:04:36 | 000,000,390 | ---- | C] () -- C:\Windows\SysWow64\tversity.cookies
[2010/09/19 21:36:27 | 000,003,584 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 01:36:48 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/19 01:36:47 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/19 01:36:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/09/17 18:51:11 | 000,000,503 | ---- | C] () -- C:\Users\John\Documents\log.htm
[2010/09/17 17:18:05 | 000,036,016 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,032,088 | ---- | C] () -- C:\Windows\SysNative\BMXCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,032,088 | ---- | C] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:18:05 | 000,011,564 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 17:17:47 | 004,931,577 | ---- | C] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.BAK
[2010/09/17 17:16:35 | 004,931,577 | ---- | C] () -- C:\Windows\{00000009-00000000-00000001-00001102-00000004-20021102}.CDF
[2010/09/17 17:15:00 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/09/17 17:15:00 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/17 17:15:00 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/09/17 17:15:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/17 17:15:00 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/09/17 16:39:35 | 000,036,016 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000001-00001102-00000004-20021102}.rfx
[2010/09/17 16:38:56 | 004,174,814 | ---- | C] () -- C:\Windows\SysWow64\CT4MGM.SF2
[2010/09/17 16:38:56 | 004,174,814 | ---- | C] () -- C:\Windows\SysNative\CT4MGM.SF2
[2010/09/17 16:37:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010/09/12 15:40:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/11 17:28:46 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/11 17:28:46 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2010/09/09 20:41:50 | 000,001,018 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/06 11:56:15 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/09/05 10:48:04 | 000,002,515 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/29 16:49:40 | 000,898,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
 
Let's see the final steps :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top