TechSpot

6 steps completed, please review results

By teklord
Jul 20, 2010
  1. All,

    I have completed the six recommended steps in the "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread. Please review the attached files and check for Viruses/Spyware/Malware. Confident I have something hidden on my system that these scanners aren't detecting like rootkits. CPU usage jumps intermittently from 0-1% to 15% when nothing is open in the background. The internet lags like I am using a PC at the library(that is hella slow!) I torrented lots of software and I believe that is where I got them from.

    I got the following message in GMER when I initiated the scan, "C:\Windows\system32\config\system: The system cannot find the file specified." It won't save any info to the GMER log file, please advise. Thank you for giving me your time and attention.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    GMER won't run on Windows 7 64-bit

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================================

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  3. teklord

    teklord TS Guru Topic Starter Posts: 481

    Thx Broni, will do my best to post back ASAP.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Sure thing :)
     
  5. teklord

    teklord TS Guru Topic Starter Posts: 481

    K, Broni. Please review the attached files. thx
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Rootkits are rather unheard of on 64-bit system due to its unique structure.

    Your MBR is surely clean.

    Process Explorer looks perfect.
    System Idle Process is listed at 94.54%
    CPU usage little bit over 5%.

    Let's run couple more checks...

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. teklord

    teklord TS Guru Topic Starter Posts: 481

    I already ran OTL in the past. It didn't update that log but it did for the other. Here is the OTL.txt results.


    OTL logfile created on: 7/20/2010 11:44:45 PM - Run 2
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Oran Hanson\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1397.26 Gb Total Space | 348.03 Gb Free Space | 24.91% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ORANHANSON-PC
    Current User Name: Oran Hanson
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/20 19:48:45 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/07/20 19:48:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/07/09 14:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
    PRC - [2010/07/04 23:02:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Oran Hanson\Desktop\OTL.exe
    PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    PRC - [2010/04/16 19:30:12 | 000,581,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/09 14:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_43094.dll
    MOD - [2010/07/04 23:02:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Oran Hanson\Desktop\OTL.exe
    MOD - [2010/05/21 19:20:58 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
    MOD - [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
    MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
    MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/07/17 21:10:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/07/04 05:42:46 | 001,352,832 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/06/15 15:39:17 | 000,107,832 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2010/06/15 15:39:11 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/05/20 20:43:04 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/04/22 05:50:36 | 000,413,696 | ---- | M] (PowerUp Software, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
    SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
    SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2010/07/04 05:43:04 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
    DRV:64bit: - [2010/06/06 06:40:56 | 000,020,544 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD)
    DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/27 11:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/05/20 21:14:29 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/05/06 04:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
    DRV:64bit: - [2010/03/18 04:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2010/03/09 21:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/12/21 14:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
    DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV:64bit: - [2009/11/22 15:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2009/11/11 16:35:26 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2009/11/03 16:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2009/10/21 04:11:29 | 000,066,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
    DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/09/17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
    DRV - [2010/05/21 17:53:09 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
    DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
    DRV - [2005/05/13 16:00:58 | 000,117,884 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\xbcd.sys -- (XBCD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 95 B3 53 56 24 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========
     
  8. teklord

    teklord TS Guru Topic Starter Posts: 481

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.selectedEngine: "eBay"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://by135w.bay135.mail.live.com/default.aspx?wa=wsignin1.0"
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
    FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.69.1
    FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
    FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
    FF - prefs.js..extensions.enabledItems: doudehou@gmail.com:0.2.19
    FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
    FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF882F01}:0.2.104
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 19:21:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/20 19:48:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/20 19:48:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/05/30 23:38:17 | 000,000,000 | ---D | M]

    [2010/05/20 20:13:02 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Extensions
    [2010/07/20 16:42:24 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions
    [2010/05/20 20:26:30 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/06/17 12:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/05/20 20:25:51 | 000,000,000 | ---D | M] (Phoenity Classic) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{069FB356-C69F-7349-D092-AB28AF882F01}
    [2010/07/09 18:53:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/05/20 20:46:39 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2010/07/13 02:57:45 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
    [2010/06/11 16:01:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/05/20 20:26:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/07/09 18:53:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/14 14:47:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/06/17 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/05/20 20:26:30 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
    [2010/06/03 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\afom@idevfh
    [2010/07/10 21:41:23 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\DeviceDetection@logitech.com
    [2010/06/03 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\doudehou@gmail.com
    [2010/05/20 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\DTToolbar@toolbarnet.com
    [2010/07/13 02:57:46 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\extensions\support@lastpass.com
    [2010/05/20 21:14:54 | 000,002,059 | ---- | M] () -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla\Firefox\Profiles\iv6zswp3.default\searchplugins\daemon-search.xml
    [2010/07/20 16:42:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/10 04:21:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/06/05 19:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/30 23:26:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010/06/05 19:03:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
    O2:64bit: - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
     
  9. teklord

    teklord TS Guru Topic Starter Posts: 481

    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O4 - Startup: C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
    O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\Shell - "" = AutoRun
    O33 - MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
    O33 - MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\Shell - "" = AutoRun
    O33 - MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
    Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
    Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
    Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
    Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
    Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
    Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
    Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
    Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
    Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
    Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========


    [2010/07/20 16:06:08 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\eBayISAPI.dll_files
    [2010/07/18 22:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/07/18 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/07/18 22:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/07/18 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
    [2010/07/18 22:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/07/18 21:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 Extended Edition
    [2010/07/17 21:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
    [2010/07/17 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Creative ALchemy install
    [2010/07/10 21:57:15 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Leadertech
    [2010/07/10 21:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
    [2010/07/10 21:56:50 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
    [2010/07/10 21:55:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
    [2010/07/10 21:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
    [2010/07/10 21:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
    [2010/07/10 21:52:26 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Logitech
    [2010/07/10 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Logitech
    [2010/07/10 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Logishrd
    [2010/07/10 21:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
    [2010/07/10 21:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/07/10 21:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
    [2010/07/10 21:49:50 | 017,374,864 | ---- | C] (Logitech ) -- C:\Users\Oran Hanson\Desktop\lgps304b_x64.exe
    [2010/07/10 17:31:38 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\WLDM
    [2010/07/09 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\My Received Files
    [2010/07/09 19:15:27 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Tracing
    [2010/07/09 19:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/07/09 19:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2010/07/09 19:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2010/07/09 19:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2010/07/09 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/07/06 17:41:07 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Yahoo
    [2010/07/06 17:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2010/07/06 17:39:59 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Yahoo!
    [2010/07/06 17:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2010/07/06 17:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2010/07/05 23:00:09 | 009,248,995 | ---- | C] (Saitek ) -- C:\Users\Oran Hanson\Desktop\Saitek_P3000_Wireless_Pad_SD6_15_64_Drivers.exe
    [2010/07/05 22:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blueMSX
    [2010/07/05 19:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
    [2010/07/05 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
    [2010/07/04 23:02:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Oran Hanson\Desktop\OTL.exe
    [2010/07/04 18:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RootkitRevealer
    [2010/07/04 05:44:11 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
    [2010/07/04 05:44:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2010/07/04 05:31:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/07/04 05:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2010/07/04 05:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2010/07/04 05:25:28 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\DX9.0c 6-10
    [2010/07/02 04:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GtkRadiant 1.5.0
    [2010/07/02 04:15:56 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\q3map_2.5.16_win32_x86
    [2010/07/02 00:42:56 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Halo 2 keygen
    [2010/06/28 20:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2010/06/28 20:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
    [2010/06/28 20:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyboardTest
    [2010/06/28 20:08:45 | 001,658,344 | ---- | C] (PassMark Software ) -- C:\Users\Oran Hanson\Desktop\keytest.exe
    [2010/06/24 08:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/06/21 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
     
  10. teklord

    teklord TS Guru Topic Starter Posts: 481

    [2010/06/21 18:35:59 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\PowerUp Software
    [2010/06/21 18:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
    [2010/06/21 18:27:50 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
    [2010/06/21 18:26:51 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Pinnacle Game Profiler V5-Mbb
    [2010/06/21 16:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010/06/21 16:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2010/06/21 16:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2010/06/21 16:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
    [2010/06/21 16:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
    [2010/06/21 16:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010/06/19 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\SCDA-Online
    [2010/06/19 17:48:54 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\SCDA-Offline
    [2010/06/19 15:30:48 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Fallout3
    [2010/06/19 15:20:27 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Neverwinter Nights 2
    [2010/06/19 15:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
    [2010/06/15 15:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Volition Inc
    [2010/06/14 22:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
    [2010/06/14 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\SKIDROW
    [2010/06/14 16:14:41 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Games for Windows - LIVE Demos
    [2010/06/13 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2010/06/13 19:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2010/06/13 13:44:35 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\AliensVsPredator
    [2010/06/12 23:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
    [2010/06/12 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
    [2010/06/12 00:41:55 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\uTorrent
    [2010/06/11 21:37:57 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft Games
    [2010/06/11 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
    [2010/06/11 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Bioshock
    [2010/06/11 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Bioshock
    [2010/06/11 21:25:31 | 000,000,000 | RH-D | C] -- C:\Users\Oran Hanson\AppData\Roaming\SecuROM
    [2010/06/11 16:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
    [2010/06/11 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Scanner
    [2010/06/11 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA Yahoo! Anti-Spy
    [2010/06/11 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Ubisoft
    [2010/06/11 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Prototype
    [2010/06/11 14:19:52 | 000,000,000 | ---D | C] -- C:\Root
    [2010/06/10 18:00:07 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Square Enix
    [2010/06/10 04:22:46 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\skypePM
    [2010/06/10 04:22:02 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Skype
    [2010/06/10 04:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2010/06/10 04:21:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2010/06/10 04:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/06/09 19:53:04 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Eidos
    [2010/06/09 18:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2010/06/09 18:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos
    [2010/06/09 17:10:57 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Electronic Arts
    [2010/06/09 16:55:47 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Electronic Arts
    [2010/06/09 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
    [2010/06/09 12:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
    [2010/06/09 11:44:26 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\BioWare
    [2010/06/09 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
    [2010/06/09 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
    [2010/06/09 00:59:09 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Malwarebytes
    [2010/06/09 00:59:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/06/09 00:58:59 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/06/09 00:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/06/09 00:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/06/08 16:20:46 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Ubisoft
    [2010/06/08 16:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
    [2010/06/08 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\InstallShield
    [2010/06/08 11:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
    [2010/06/08 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
    [2010/06/07 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Activision
    [2010/06/07 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Activision
    [2010/06/07 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Activision
    [2010/06/07 18:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/06/07 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/06/07 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2010/06/07 18:21:30 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Adobe
    [2010/06/06 22:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
    [2010/06/06 22:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
    [2010/06/06 18:55:35 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Mods & Backup
    [2010/06/06 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\SparkIV 0.6.6
    [2010/06/06 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\GTA IV Mods
    [2010/06/06 07:31:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
    [2010/06/06 06:24:54 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\Rockstar Games
    [2010/06/06 06:10:41 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Rockstar Games
    [2010/06/06 05:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
    [2010/06/05 21:48:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\CAPCOM
    [2010/06/05 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/06/05 21:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAPCOM
    [2010/06/05 21:30:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
    [2010/06/05 21:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2010/06/05 19:41:27 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\CAPCOM
    [2010/06/05 19:27:55 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Downloaded Installations
    [2010/06/05 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2010/06/05 19:04:33 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\SystemRequirementsLab
    [2010/06/05 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/06/05 19:04:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/06/05 19:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/06/05 19:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/06/03 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\IDEVFH
    [2010/06/02 11:38:41 | 000,000,000 | ---D | C] -- C:\ATI
    [2010/06/01 01:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro
    [2010/05/31 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2010/05/30 23:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2010/05/30 23:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
    [2010/05/30 23:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
    [2010/05/30 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2010/05/30 22:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2010/05/30 22:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2010/05/30 22:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2010/05/30 22:53:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2010/05/30 22:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2010/05/30 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/05/30 22:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2010/05/30 22:50:22 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Microsoft Help
    [2010/05/30 22:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2010/05/30 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2010/05/30 22:49:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2010/05/29 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
    [2010/05/29 11:42:41 | 000,019,432 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys
    [2010/05/28 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Ventrilo
    [2010/05/28 11:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2010/05/28 11:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2010/05/28 11:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTFast
    [2010/05/27 12:36:31 | 000,000,000 | ---D | C] -- C:\World of Warcraft
    [2010/05/27 12:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2010/05/27 12:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
    [2010/05/27 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Game Shortcuts
    [2010/05/27 12:30:20 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\Unused Desktop Shortcuts
    [2010/05/27 12:00:10 | 000,458,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2010/05/27 11:59:40 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2010/05/27 11:58:42 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2010/05/27 11:58:24 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
    [2010/05/27 11:58:18 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
    [2010/05/27 11:58:10 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
    [2010/05/27 11:58:06 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2010/05/27 11:58:02 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
    [2010/05/27 11:57:58 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
    [2010/05/27 11:35:18 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
    [2010/05/27 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Blizzard Entertainment
    [2010/05/27 10:03:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
     
  11. teklord

    teklord TS Guru Topic Starter Posts: 481

    [2010/05/26 11:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
    [2010/05/26 10:45:24 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
    [2010/05/26 10:44:47 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
    [2010/05/26 10:17:39 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\MX 300 Drivers
    [2010/05/26 10:14:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
    [2010/05/25 19:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\id Software
    [2010/05/25 19:14:15 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
    [2010/05/23 20:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NifTools
    [2010/05/23 11:30:06 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
    [2010/05/23 11:29:58 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Oblivion
    [2010/05/22 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Desktop\x64
    [2010/05/22 19:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBCD
    [2010/05/22 19:26:41 | 000,020,544 | ---- | C] (Redcl0ud) -- C:\Windows\SysNative\drivers\xbcd.sys
    [2010/05/22 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2010/05/22 16:38:36 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\ElevatedDiagnostics
    [2010/05/22 15:59:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\pcsx2
    [2010/05/22 15:58:19 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\pcsx2
    [2010/05/22 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Diagnostics
    [2010/05/22 01:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
    [2010/05/21 22:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/05/21 22:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010/05/21 22:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2010/05/21 22:48:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Apple
    [2010/05/21 22:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/05/21 22:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010/05/21 20:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2010/05/21 20:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/05/21 20:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
    [2010/05/21 20:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
    [2010/05/21 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\DivX
    [2010/05/21 19:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2010/05/21 19:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/05/21 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2010/05/21 19:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2010/05/21 19:20:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/05/21 19:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2010/05/21 19:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2010/05/21 19:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2010/05/21 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Real
    [2010/05/21 19:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2010/05/21 19:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2010/05/21 17:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    [2010/05/21 08:49:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/05/21 01:38:06 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\My Games
    [2010/05/21 01:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
    [2010/05/21 01:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
    [2010/05/21 00:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
    [2010/05/21 00:46:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2010/05/21 00:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
    [2010/05/21 00:20:19 | 000,085,424 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
    [2010/05/21 00:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
    [2010/05/21 00:14:18 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Creative
    [2010/05/20 23:55:10 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\Documents\ForceField Shared Files
    [2010/05/20 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\CheckPoint
    [2010/05/20 23:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010/05/20 23:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2010/05/20 23:45:18 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
    [2010/05/20 23:45:18 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
    [2010/05/20 23:45:18 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
    [2010/05/20 23:45:18 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
    [2010/05/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
    [2010/05/20 23:43:10 | 000,066,048 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
    [2010/05/20 23:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/05/20 23:42:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2010/05/20 23:41:27 | 000,370,176 | ---- | C] (Elitegroup Computer Systems Ltd.) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Reboot.exe
    [2010/05/20 23:41:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Tools
    [2010/05/20 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultra Utility
    [2010/05/20 21:38:31 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\WinZip
    [2010/05/20 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\WinRAR
    [2010/05/20 21:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
    [2010/05/20 21:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
    [2010/05/20 21:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/05/20 21:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/05/20 21:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
    [2010/05/20 21:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
    [2010/05/20 21:13:58 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\DAEMON Tools Lite
    [2010/05/20 21:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2010/05/20 21:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2010/05/20 20:58:07 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\ATI
    [2010/05/20 20:58:07 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\ATI
    [2010/05/20 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010/05/20 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2010/05/20 20:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO
    [2010/05/20 20:46:36 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Xfire
    [2010/05/20 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
    [2010/05/20 20:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
    [2010/05/20 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
    [2010/05/20 20:43:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
    [2010/05/20 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
    [2010/05/20 20:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
    [2010/05/20 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
    [2010/05/20 20:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
    [2010/05/20 20:42:10 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2010/05/20 20:42:10 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2010/05/20 20:42:10 | 000,123,480 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
    [2010/05/20 20:42:10 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
    [2010/05/20 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2010/05/20 20:41:05 | 000,012,288 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
    [2010/05/20 20:41:05 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
    [2010/05/20 20:41:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
    [2010/05/20 20:41:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
    [2010/05/20 20:40:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2010/05/20 20:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2010/05/20 20:38:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Macromedia
    [2010/05/20 20:38:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Adobe
    [2010/05/20 20:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2010/05/20 20:32:53 | 000,020,968 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
    [2010/05/20 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2010/05/20 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Google
    [2010/05/20 20:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2010/05/20 20:12:52 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Mozilla
    [2010/05/20 20:12:52 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Mozilla
    [2010/05/20 20:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/05/20 19:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2010/05/20 19:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2010/05/20 19:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2010/05/20 19:43:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2010/05/20 01:55:21 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Microsoft Games
    [2010/05/20 01:54:45 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\MigWiz
    [2010/05/20 01:50:42 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Searches
    [2010/05/20 01:50:42 | 000,000,000 | -H-D | C] -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2010/05/20 01:50:34 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Identities
    [2010/05/20 01:50:33 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Contacts
    [2010/05/20 01:50:32 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\VirtualStore
    [2010/05/20 01:48:26 | 000,000,000 | --SD | C] -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Videos
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Saved Games
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Pictures
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Music
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Links
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Favorites
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Downloads
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\My Documents
    [2010/05/20 01:48:26 | 000,000,000 | R--D | C] -- C:\Users\Oran Hanson\Desktop
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\AppData\Local\Temporary Internet Files
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Templates
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Start Menu
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\SendTo
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Recent
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\PrintHood
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\NetHood
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Documents\My Videos
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Documents\My Pictures
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Documents\My Music
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\My Documents
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Local Settings
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\AppData\Local\History
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Cookies
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\Application Data
    [2010/05/20 01:48:26 | 000,000,000 | -HSD | C] -- C:\Users\Oran Hanson\AppData\Local\Application Data
    [2010/05/20 01:48:26 | 000,000,000 | -H-D | C] -- C:\Users\Oran Hanson\AppData
    [2010/05/20 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Temp
    [2010/05/20 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Local\Microsoft
    [2010/05/20 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\Oran Hanson\AppData\Roaming\Media Center Programs
    [2010/05/20 01:48:16 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2010/05/06 04:21:46 | 000,125,456 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
    [2010/05/05 21:18:18 | 000,218,112 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\ctdvinst.dll
    [2010/05/05 21:18:16 | 000,073,728 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysNative\ctcoinst.dll
    [2010/05/05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
    [2010/05/05 19:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
    [2010/05/04 17:26:20 | 000,000,000 | ---D | C] -- C:\Game patches, mods, etc
    [2010/04/28 17:27:32 | 000,053,328 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LMouFiltCoInst.dll
    [2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/20 23:51:14 | 003,670,016 | -HS- | M] () -- C:\Users\Oran Hanson\NTUSER.DAT
    [2010/07/20 21:34:21 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/20 21:34:21 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/20 20:40:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/07/20 20:40:32 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/07/20 20:40:32 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/07/20 20:34:46 | 004,971,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/07/20 20:33:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/20 20:33:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/20 20:33:14 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/20 20:32:39 | 000,061,040 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/07/20 20:32:39 | 000,061,040 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/07/20 20:32:39 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/07/20 20:32:15 | 006,500,656 | -H-- | M] () -- C:\Users\Oran Hanson\AppData\Local\IconCache.db
    [2010/07/20 19:23:40 | 001,252,853 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\BIG_BOSS+1.3.rar
    [2010/07/20 16:06:10 | 000,007,397 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\eBayISAPI.dll.htm
    [2010/07/18 22:22:01 | 000,108,840 | ---- | M] () -- C:\Users\Oran Hanson\AppData
     
  12. teklord

    teklord TS Guru Topic Starter Posts: 481

    \Local\GDIPFONTCACHEV1.DAT
    [2010/07/18 20:29:24 | 000,136,676 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\xmas06_stacieshomeftporch.jpg
    [2010/07/18 20:27:57 | 000,142,728 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\xmas06_ftporch_olliethecollie.jpg
    [2010/07/17 17:56:53 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2010/07/17 17:56:53 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2010/07/17 17:56:53 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
    [2010/07/17 17:56:53 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
    [2010/07/17 17:56:53 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2010/07/17 17:34:36 | 000,200,222 | ---- | M] () -- C:\Users\Oran Hanson\Documents\cc_20100717_173423.reg
    [2010/07/16 17:22:31 | 000,002,181 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Xpadder.ini
    [2010/07/10 21:58:40 | 000,001,362 | ---- | M] () -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2010/07/10 21:56:50 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
    [2010/07/10 21:49:56 | 017,374,864 | ---- | M] (Logitech ) -- C:\Users\Oran Hanson\Desktop\lgps304b_x64.exe
    [2010/07/10 17:30:53 | 001,257,472 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\WLDMWWEN.msi
    [2010/07/10 03:15:24 | 000,000,437 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\SaitekP3000.xpadderprofile
    [2010/07/10 03:15:17 | 000,640,463 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\My Saitek P3000 RF Game-Pad.xpaddercontroller
    [2010/07/09 18:49:32 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
    [2010/07/09 18:26:09 | 000,001,248 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\cpuz.cvf
    [2010/07/09 14:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/07/09 14:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
    [2010/07/06 17:39:13 | 000,001,169 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/07/05 23:00:21 | 009,248,995 | ---- | M] (Saitek ) -- C:\Users\Oran Hanson\Desktop\Saitek_P3000_Wireless_Pad_SD6_15_64_Drivers.exe
    [2010/07/05 22:28:39 | 000,002,493 | ---- | M] () -- C:\Users\Public\Desktop\blueMSX.lnk
    [2010/07/05 19:58:53 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\3DMark03.lnk
    [2010/07/04 23:37:43 | 000,001,041 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/07/04 23:02:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Oran Hanson\Desktop\OTL.exe
    [2010/07/04 05:44:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2010/07/04 05:43:52 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
    [2010/07/04 05:43:04 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
    [2010/07/04 05:31:36 | 000,001,174 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/07/02 04:20:30 | 007,919,104 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\GtkRadiant-1.5.0.msi
    [2010/07/02 04:15:44 | 001,906,817 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\q3map_2.5.16_win32_x86.zip
    [2010/07/02 00:14:14 | 002,177,024 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Halo_2_KeyGen_By_PyRoFol.exe
    [2010/06/28 20:08:53 | 001,658,344 | ---- | M] (PassMark Software ) -- C:\Users\Oran Hanson\Desktop\keytest.exe
    [2010/06/28 14:55:46 | 018,714,577 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\GearsofWar.themepack
    [2010/06/28 14:54:42 | 004,878,799 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Porsche_Windows7.themepack
    [2010/06/28 14:52:56 | 010,795,685 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Ferrari_Win7Theme.themepack
    [2010/06/23 21:29:23 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
    [2010/06/23 18:51:03 | 000,009,677 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\oblivion_484.zip
    [2010/06/22 00:43:54 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
    [2010/06/21 19:10:55 | 000,010,100 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\oblivion_210.zip
    [2010/06/21 19:07:35 | 000,019,336 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\xbox360_154.zip
    [2010/06/21 18:21:32 | 009,780,729 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Pinnacle Game Profiler V5-Mbb.rar
    [2010/06/21 18:12:18 | 005,710,767 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\obliv_xbox360_manual_web.pdf
    [2010/06/19 18:18:54 | 000,072,977 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\xinput_r120.zip
    [2010/06/19 18:16:21 | 000,637,623 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\x360ce.App-2.0.2.62.zip
    [2010/06/19 17:44:08 | 002,482,922 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\SCDANODVD-NETSHOW.rar
    [2010/06/19 15:16:45 | 005,764,076 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\flt-graw.rar
    [2010/06/15 15:39:17 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/06/15 15:39:11 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/06/15 15:39:11 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/06/12 23:24:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2010/06/12 17:13:07 | 000,001,110 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
    [2010/06/10 04:22:48 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/06/09 12:07:19 | 000,007,349 | ---- | M] () -- C:\Users\Oran Hanson\Documents\DAOriginsConfigReport2010-06-09.xml
    [2010/06/09 11:27:55 | 000,001,098 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon Age Origins.lnk
    [2010/06/08 20:56:30 | 000,614,059 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\My XBCD XBox Gamepad.xpaddercontroller
    [2010/06/06 06:40:56 | 000,020,544 | ---- | M] (Redcl0ud) -- C:\Windows\SysNative\drivers\xbcd.sys
    [2010/06/01 01:15:55 | 000,002,007 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner Pro.lnk
    [2010/05/31 10:37:38 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
    [2010/05/31 10:03:25 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2010/05/31 10:03:25 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2010/05/30 23:37:05 | 078,297,600 | ---- | M] () -- C:\Users\Oran Hanson\Documents\kis.en.msi
    [2010/05/30 23:28:57 | 000,604,140 | -HS- | M] () -- C:\Windows\SysNative\drivers\ISwift3.dat
    [2010/05/29 17:36:56 | 000,000,271 | ---- | M] () -- C:\Windows\kaillera.ini
    [2010/05/29 11:42:41 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
    [2010/05/28 11:22:15 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/05/28 11:18:42 | 000,000,951 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\WTFast.lnk
    [2010/05/27 15:41:04 | 000,041,485 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Profession
    [2010/05/27 12:03:08 | 000,057,480 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
    [2010/05/27 12:00:10 | 000,458,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
    [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
    [2010/05/27 11:58:42 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
    [2010/05/27 11:58:24 | 000,421,376 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
    [2010/05/27 11:58:18 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
    [2010/05/27 11:58:10 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
    [2010/05/27 11:58:06 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
    [2010/05/27 11:58:02 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
    [2010/05/27 11:57:58 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
    [2010/05/27 11:35:18 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
    [2010/05/27 11:34:44 | 000,534,960 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
    [2010/05/27 11:31:14 | 000,534,960 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
    [2010/05/26 11:18:27 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
    [2010/05/25 14:31:57 | 000,050,466 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\for you
    [2010/05/24 23:05:27 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2010/05/23 18:36:59 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2010/05/23 11:30:06 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
    [2010/05/22 19:38:56 | 000,000,272 | ---- | M] () -- C:\Users\Oran Hanson\Documents\Logitech Xbox controller.xgi
    [2010/05/22 16:40:44 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer
    [2010/05/21 19:20:58 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/05/21 00:54:12 | 000,001,015 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\SpeedFan.lnk
    [2010/05/21 00:54:11 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
    [2010/05/20 23:55:22 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/05/20 21:47:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/05/20 21:14:29 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/05/20 20:46:35 | 000,001,007 | ---- | M] () -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
    [2010/05/20 20:46:35 | 000,000,995 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
    [2010/05/20 20:12:49 | 000,001,971 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/05/20 20:12:49 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/05/20 01:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2010/05/20 01:53:07 | 000,524,288 | -HS- | M] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2010/05/20 01:53:07 | 000,065,536 | -HS- | M] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2010/05/20 01:51:01 | 000,001,445 | ---- | M] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/05/20 01:48:26 | 000,000,020 | -HS- | M] () -- C:\Users\Oran Hanson\ntuser.ini
    [2010/05/17 17:32:52 | 109,038,630 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Media1.cab
    [2010/05/06 04:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
    [2010/05/05 21:18:22 | 000,012,288 | ---- | M] (Creative Technology Limited) -- C:\Windows\SysNative\INRES.DLL
    [2010/05/05 21:18:18 | 000,218,112 | ---- | M] (Creative Technology Limited) -- C:\Windows\SysNative\ctdvinst.dll
    [2010/05/05 21:18:16 | 000,073,728 | ---- | M] (Creative Technology Limited) -- C:\Windows\SysNative\ctcoinst.dll
    [2010/05/05 20:57:24 | 000,018,432 | ---- | M] () -- C:\Windows\SysNative\regplib.exe
    [2010/05/05 20:37:52 | 000,021,204 | ---- | M] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/05/05 20:37:52 | 000,021,204 | ---- | M] () -- C:\Windows\SysNative\instwdm.ini
    [2010/05/05 20:37:50 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\ctzapxx.ini
    [2010/05/05 20:01:50 | 000,011,776 | ---- | M] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
    [2010/05/05 19:59:10 | 000,060,928 | ---- | M] ( ) -- C:\Windows\SysWow64\a3d.dll
    [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWow64\CTXFIRES.DLL
    [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysNative\CtxfiRes.dll
    [2010/05/05 19:46:30 | 000,321,512 | ---- | M] () -- C:\Windows\SysWow64\ctdlang.dat
    [2010/05/05 19:46:30 | 000,321,512 | ---- | M] () -- C:\Windows\SysNative\ctdlang.dat
    [2010/05/05 19:46:30 | 000,056,509 | ---- | M] () -- C:\Windows\SysWow64\ctdnlstr.dat
    [2010/05/05 19:46:30 | 000,056,509 | ---- | M] () -- C:\Windows\SysNative\ctdnlstr.dat
    [2010/05/05 19:38:22 | 000,007,680 | ---- | M] () -- C:\Windows\SysWow64\enlocstr.exe
    [2010/05/05 19:38:18 | 000,012,800 | ---- | M] ( ) -- C:\Windows\SysWow64\killapps.exe
    [2010/05/04 13:35:38 | 000,021,360 | ---- | M] () -- C:\Windows\atiogl.xml
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/04/29 10:37:26 | 000,002,137 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/04/29 10:37:26 | 000,002,137 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
    [2010/04/28 17:27:32 | 000,053,328 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\LMouFiltCoInst.dll
    [2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    [2010/04/26 17:03:03 | 000,002,434 | ---- | M] () -- C:\Users\Oran Hanson\Desktop\Xpadder [5.7].nfo
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/20 19:23:35 | 001,252,853 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\BIG_BOSS+1.3.rar
    [2010/07/20 16:06:08 | 000,007,397 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\eBayISAPI.dll.htm
    [2010/07/18 20:29:23 | 000,136,676 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\xmas06_stacieshomeftporch.jpg
    [2010/07/18 20:27:55 | 000,142,728 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\xmas06_ftporch_olliethecollie.jpg
    [2010/07/17 17:34:30 | 000,200,222 | ---- | C] () -- C:\Users\Oran Hanson\Documents\cc_20100717_173423.reg
    [2010/07/17 17:24:40 | 000,061,040 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/07/17 17:24:40 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/07/10 21:58:40 | 000,001,362 | ---- | C] () -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2010/07/10 17:30:51 | 001,257,472 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\WLDMWWEN.msi
    [2010/07/09 18:26:09 | 000,001,248 | ---- | C] () -- C:\Users\Oran Hanson\Desktop
     
  13. teklord

    teklord TS Guru Topic Starter Posts: 481

    \cpuz.cvf
    [2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/07/09 14:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
    [2010/07/06 18:29:18 | 000,000,437 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\SaitekP3000.xpadderprofile
    [2010/07/06 17:39:13 | 000,001,169 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/07/05 23:38:16 | 000,640,463 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\My Saitek P3000 RF Game-Pad.xpaddercontroller
    [2010/07/05 22:28:39 | 000,002,493 | ---- | C] () -- C:\Users\Public\Desktop\blueMSX.lnk
    [2010/07/05 19:58:53 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\3DMark03.lnk
    [2010/07/04 09:17:47 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
    [2010/07/04 05:31:36 | 000,001,174 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/07/02 04:20:23 | 007,919,104 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\GtkRadiant-1.5.0.msi
    [2010/07/02 04:15:37 | 001,906,817 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\q3map_2.5.16_win32_x86.zip
    [2010/07/02 00:14:02 | 002,177,024 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Halo_2_KeyGen_By_PyRoFol.exe
    [2010/06/28 14:55:41 | 018,714,577 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\GearsofWar.themepack
    [2010/06/28 14:54:40 | 004,878,799 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Porsche_Windows7.themepack
    [2010/06/28 14:52:52 | 010,795,685 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Ferrari_Win7Theme.themepack
    [2010/06/23 18:51:00 | 000,009,677 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\oblivion_484.zip
    [2010/06/22 00:43:54 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
    [2010/06/21 19:10:55 | 000,010,100 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\oblivion_210.zip
    [2010/06/21 19:07:42 | 000,019,216 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\xbox360.igd
    [2010/06/21 19:07:33 | 000,019,336 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\xbox360_154.zip
    [2010/06/21 18:27:50 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
    [2010/06/21 18:27:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
    [2010/06/21 18:27:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
    [2010/06/21 18:26:47 | 009,780,729 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Pinnacle Game Profiler V5-Mbb.rar
    [2010/06/21 18:12:18 | 005,710,767 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\obliv_xbox360_manual_web.pdf
    [2010/06/21 16:10:16 | 006,350,419 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\atioglxx.dl_
    [2010/06/19 18:18:53 | 000,072,977 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\xinput_r120.zip
    [2010/06/19 18:16:19 | 000,637,623 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\x360ce.App-2.0.2.62.zip
    [2010/06/19 17:48:54 | 000,002,195 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\SCDANODVD-NETSHOW.nfo
    [2010/06/19 17:44:01 | 002,482,922 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\SCDANODVD-NETSHOW.rar
    [2010/06/19 15:17:16 | 000,002,508 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\fltdox.nfo
    [2010/06/19 15:15:56 | 005,764,076 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\flt-graw.rar
    [2010/06/12 23:24:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2010/06/12 17:13:07 | 000,001,110 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
    [2010/06/10 04:22:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/06/09 21:31:43 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2010/06/09 12:07:18 | 000,007,349 | ---- | C] () -- C:\Users\Oran Hanson\Documents\DAOriginsConfigReport2010-06-09.xml
    [2010/06/09 11:27:55 | 000,001,098 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon Age Origins.lnk
    [2010/06/09 00:59:04 | 000,001,041 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/06/08 22:27:53 | 000,002,181 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Xpadder.ini
    [2010/06/08 20:56:29 | 000,614,059 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\My XBCD XBox Gamepad.xpaddercontroller
    [2010/06/08 20:51:49 | 001,713,152 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Xpadder [5.7].exe
    [2010/06/08 20:51:49 | 000,002,434 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Xpadder [5.7].nfo
    [2010/06/06 06:58:50 | 109,038,630 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Media1.cab
    [2010/06/01 01:15:55 | 000,002,007 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Cleaner Pro.lnk
    [2010/05/30 23:36:18 | 078,297,600 | ---- | C] () -- C:\Users\Oran Hanson\Documents\kis.en.msi
    [2010/05/30 23:28:53 | 000,604,140 | -HS- | C] () -- C:\Windows\SysNative\drivers\ISwift3.dat
    [2010/05/30 23:26:17 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
    [2010/05/30 23:26:17 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
    [2010/05/29 17:36:25 | 000,000,271 | ---- | C] () -- C:\Windows\kaillera.ini
    [2010/05/29 11:42:41 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
    [2010/05/28 11:22:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/05/28 11:18:42 | 000,000,951 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\WTFast.lnk
    [2010/05/27 15:40:57 | 000,041,485 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\Profession
    [2010/05/27 12:03:08 | 000,057,480 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
    [2010/05/27 11:34:44 | 000,534,960 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
    [2010/05/27 11:31:14 | 000,534,960 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
    [2010/05/26 11:18:37 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/05/26 11:18:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/05/26 11:18:27 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2010/05/25 14:31:54 | 000,050,466 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\for you
    [2010/05/23 18:36:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/05/23 13:24:54 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010/05/22 19:38:55 | 000,000,272 | ---- | C] () -- C:\Users\Oran Hanson\Documents\Logitech Xbox controller.xgi
    [2010/05/22 16:40:44 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
    [2010/05/21 00:54:12 | 000,001,015 | ---- | C] () -- C:\Users\Oran Hanson\Desktop\SpeedFan.lnk
    [2010/05/21 00:54:10 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
    [2010/05/20 23:54:48 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/05/20 21:47:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2010/05/20 21:14:29 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
    [2010/05/20 20:56:31 | 000,061,040 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-10031102}.rfx
    [2010/05/20 20:46:35 | 000,001,007 | ---- | C] () -- C:\Users\Oran Hanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
    [2010/05/20 20:46:35 | 000,000,995 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
    [2010/05/20 20:43:47 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
    [2010/05/20 20:42:09 | 000,190,976 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
    [2010/05/20 20:42:09 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/05/20 20:42:09 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
    [2010/05/20 20:42:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/05/20 20:42:09 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
    [2010/05/20 20:32:53 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2010/05/20 20:12:49 | 000,001,971 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/05/20 20:12:49 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/05/20 01:51:01 | 000,001,445 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/05/20 01:48:26 | 003,670,016 | -HS- | C] () -- C:\Users\Oran Hanson\NTUSER.DAT
     
  14. teklord

    teklord TS Guru Topic Starter Posts: 481

    [2010/05/20 01:48:26 | 000,524,288 | -HS- | C] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2010/05/20 01:48:26 | 000,524,288 | -HS- | C] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2010/05/20 01:48:26 | 000,262,144 | -HS- | C] () -- C:\Users\Oran Hanson\ntuser.dat.LOG1
    [2010/05/20 01:48:26 | 000,065,536 | -HS- | C] () -- C:\Users\Oran Hanson\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2010/05/20 01:48:26 | 000,000,290 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010/05/20 01:48:26 | 000,000,272 | ---- | C] () -- C:\Users\Oran Hanson\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010/05/20 01:48:26 | 000,000,020 | -HS- | C] () -- C:\Users\Oran Hanson\ntuser.ini
    [2010/05/20 01:48:26 | 000,000,000 | -HS- | C] () -- C:\Users\Oran Hanson\ntuser.dat.LOG2
    [2010/05/05 20:57:24 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\regplib.exe
    [2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/05/05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysNative\instwdm.ini
    [2010/05/05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
    [2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
    [2010/05/05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CtxfiRes.dll
    [2010/05/05 19:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
    [2010/05/05 19:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysNative\ctdlang.dat
    [2010/05/05 19:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
    [2010/05/05 19:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysNative\ctdnlstr.dat
    [2010/05/05 19:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
    [2010/05/04 13:35:38 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml
    [2010/04/29 10:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/04/29 10:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
    [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

    ========== LOP Check ==========

    [2010/06/07 18:34:42 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Activision
    [2010/06/25 23:00:05 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Bioshock
    [2010/05/20 23:55:09 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\CheckPoint
    [2010/05/20 21:26:05 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\DAEMON Tools Lite
    [2010/02/23 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\DAEMON Tools Pro
    [2010/07/10 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Leadertech
    [2010/06/21 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\PowerUp Software
    [2010/06/05 19:04:33 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\SystemRequirementsLab
    [2010/06/08 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\Ubisoft
    [2010/07/18 20:54:18 | 000,000,000 | ---D | M] -- C:\Users\Oran Hanson\AppData\Roaming\uTorrent
    [2009/07/14 00:08:49 | 000,027,142 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2010/03/25 11:45:48 | 056,364,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\10-3_agp-hotfix_xp32_dd_ccc.exe
    [2010/07/20 20:33:11 | 000,005,309 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/02/23 03:37:22 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/03/25 11:34:59 | 003,396,856 | ---- | M] (Piriform Ltd) -- C:\ccsetup229.exe
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/07/20 20:33:14 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/24 16:14:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/09/26 15:34:16 | 003,875,138 | ---- | M] () -- C:\Max Payne 2 - The Fall of Max Payne.mp3
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/07/20 20:33:13 | 4294,238,208 | -HS- | M] () -- C:\pagefile.sys
    [2001/05/06 02:07:04 | 000,000,192 | ---- | M] () -- C:\Reference.html
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2010/03/02 16:44:48 | 000,000,271 | ---- | M] () -- C:\XBCD Setup.xgi

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/13 20:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\user32.dll /md5 >
    [2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2009/07/13 20:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2009/07/13 20:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:SummaryInformation
    @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:DocumentSummaryInformation
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
    < End of report >
     
  15. teklord

    teklord TS Guru Topic Starter Posts: 481

    Updated Extras.txt coming soon.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK :).......
     
  17. teklord

    teklord TS Guru Topic Starter Posts: 481

    I took the old Extras.txt file out from about 2-3 weeks ago off my desktop so it would save a new one but OTL won't do it. Advice?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    That's fine. I don't see anything serious anyway, mostly some minor garbage...

    Update your Java version here: http://www.java.com/en/download/installed.jsp
    During installation, make sure to UN-check any pre-checked extra "garbage" installation, like Yahoo toolbar, or others.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab  (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
      O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O33 - MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\Shell - "" = AutoRun
      O33 - MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
      O33 - MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\Shell - "" = AutoRun
      O33 - MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe -- File not found
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
      @Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
      @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:SummaryInformation
      @Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:DocumentSummaryInformation
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  19. teklord

    teklord TS Guru Topic Starter Posts: 481

    I get the following error message: "Cannot create file C:\Windows\System32\drivers\etc\Hosts." Then, OTL freezes or seems to be doing nothing. Advice?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes, remove [resethosts] line from my script.
     
  21. teklord

    teklord TS Guru Topic Starter Posts: 481

    Requested log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
    Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
    File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
    File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ not found.
    File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ not found.
    File c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a0003f-647f-11df-8379-4487fc5cf0cb}\ not found.
    File E:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d53263ed-65ed-11df-aec4-4487fc5cf0cb}\ not found.
    File F:\FarCryAutoCD.exe not found.
    File/Folder C:\Windows\SysNative\drivers\*.tmp not found.
    Unable to delete ADS C:\Windows\SysWow64\zlib.dll:SummaryInformation .
    Unable to delete ADS C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation .
    Unable to delete ADS C:\Windows\system32\zlib.dll:SummaryInformation .
    Unable to delete ADS C:\Windows\system32\zlib.dll:DocumentSummaryInformation .
    Unable to delete ADS C:\ProgramData\TEMP:BC359956 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Oran Hanson
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98438 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43084719 bytes
    ->Flash cache emptied: 894 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 41.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Oran Hanson
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.7.1 log created on 07212010_011013

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
    File\Folder C:\Users\Oran Hanson\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Cool :)

    I'm getting ready for bed, but if you're not....

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    ===================================================================

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMOPRTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  23. teklord

    teklord TS Guru Topic Starter Posts: 481

    I'll be up, will reply soon
     
  24. teklord

    teklord TS Guru Topic Starter Posts: 481

    Your Temp File Cleaner link is broken. Will dl another version.
     
  25. teklord

    teklord TS Guru Topic Starter Posts: 481

    oops, accidentally posted
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...