Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] I think I have a virus.

Started by RPinney , Nov 14 2009 09:30 AM

  • This topic is locked This topic is locked
48 replies to this topic

#1 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 14 November 2009 - 09:30 AM

I never had this problem until yesterday. I download a lot of things (but I only download from trusted uploaders on a specific site) pretty much daily but I have had norton internet security so I though I would be fine. Yesterday I tried installing Command & Conquer: Generals on my computer (in Windows 7 Ultimate, x86) and I got a bsod about halfway through the installation. Now, whenever I put ANY media into my optical drive, I get a BSOD. I have even tried blank media and I get the same crash. Also, I have tried connecting a different optical drive and I still get the same thing. I installed that same game to my other computers without a problem. Can someone help me? If it's not a simple solution then I was just planning on just installing xp, since I've been having nothing but headaches on windows 7 (I can't even lan 3 computers for gaming).

Edited by RPinney, 14 November 2009 - 09:31 AM.

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 November 2009 - 12:55 PM

Hi RPinney,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Don't know if I can help or not until I get some logs. ;)

  • Download DDS and save it to your desktop from
  • Here
  • here or
  • here.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
  • We Need to check for Rootkits with RootRepeal
    • Download RootRepeal from one of the following locations and save it to your desktop.
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • In the Select Scan dialog, check
      Posted Image
    • Push Ok
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
  • Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

  • Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.

  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 18 November 2009 - 04:29 PM

Ok. I'm about to do all of that stuff but before I do, here is the blue screen information APC_INDEX_MISMATCH STOP: 0x00000001 (yada yada yada, memory location junk, memory location junk, etc.) edit: Ok I ran DDS and it's not supported by windows 7 ("This tool does not support your Operating System") There is no compatibility mode in properties, for the program I ran rootrepeal.exe and I got this error upon opening "FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000dc)" So I press ok then when I hit scan I get this error: "DeviceIoControlError! Error Code = 0x0"

Edited by RPinney, 18 November 2009 - 04:35 PM.

#4 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 18 November 2009 - 04:55 PM

RPinney,

That's interesting because DDS does in fact support Windows 7. It has for several weeks.

No worries. We will just get the information in different ways.

Please download gmer.zip from Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.

Note: Do not run any programs while Gmer is running.


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#5 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 19 November 2009 - 02:02 PM

Also I should note that I have driver genius professional and all my drivers are up to date.

Here is the Gmer scan log:

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-19 13:43:24
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\RYANPI~1\AppData\Local\Temp\uxdyafoc.sys


---- System - GMER 1.0.15 ----

SSDT 86B25DC8 ZwAlpcConnectPort
SSDT 86BC9A18 ZwLoadDriver

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C263F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C261DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C266F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C271A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C86579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CB2748 4 Bytes [C8, 5D, B2, 86] {ENTER 0xb25d, 0x86}
.text ntkrnlpa.exe!RtlSidHashLookup + 45C 82CB295C 4 Bytes [18, 9A, BC, 86]
? System32\Drivers\spey.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 922A1CA0 5 Bytes JMP 86F5E1D8
.text peauth.sys 9FC26C9D 28 Bytes [55, 01, 70, FE, BC, 6D, 34, ...]
.text peauth.sys 9FC26CC1 28 Bytes [55, 01, 70, FE, BC, 6D, 34, ...]
PAGE peauth.sys 9FC2CE20 101 Bytes [8B, 7B, DC, 4E, 3C, 9F, 17, ...]
PAGE peauth.sys 9FC2D02C 102 Bytes [D6, 57, 8E, 42, 12, 79, 99, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9FD00000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9FD00123 629 Bytes [B5, CF, 9F, FE, 05, 34, B5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9FD00399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9FD003FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 9FD004AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75455D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1680] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [70F0B0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8663E1F8
Device \Driver\volmgr \Device\VolMgrControl 8663A1F8
Device \Driver\usbohci \Device\USBPDO-0 86C7E500
Device \Driver\usbohci \Device\USBPDO-1 86C7E500
Device \Driver\usbehci \Device\USBPDO-2 86F611F8
Device \Driver\usbohci \Device\USBPDO-3 86C7E500
Device \Driver\usbohci \Device\USBPDO-4 86C7E500

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbehci \Device\USBPDO-5 86F611F8
Device \Driver\usbohci \Device\USBPDO-6 86C7E500
Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 8663A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8663A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86AA11F8
Device \Driver\cdrom \Device\CdRom1 86AA11F8
Device \Driver\atapi \Device\Ide\IdePort0 8663C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8663C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8663C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8663C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8663C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-2 8663C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B361F8
Device \Driver\USBSTOR \Device\00000084 87A8E500
Device \Driver\USBSTOR \Device\00000085 87A8E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B87A3230-F51D-4058-ABE6-1BC90C310617} 86B361F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP8009 \Device\0000006b spey.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{F506E3E3-385A-440F-BF50-1245C41D261E} 86B361F8
Device \Driver\usbohci \Device\USBFDO-0 86C7E500
Device \Driver\usbohci \Device\USBFDO-1 86C7E500
Device \Driver\usbehci \Device\USBFDO-2 86F611F8
Device \Driver\usbohci \Device\USBFDO-3 86C7E500
Device \Driver\usbohci \Device\USBFDO-4 86C7E500
Device \Driver\sptd \Device\1458286010 spey.sys
Device \Driver\usbehci \Device\USBFDO-5 86F611F8
Device \Driver\usbohci \Device\USBFDO-6 86C7E500
Device \Driver\a28mfdii \Device\Scsi\a28mfdii1Port4Path0Target0Lun0 86F5C1F8
Device \Driver\a28mfdii \Device\Scsi\a28mfdii1 86F5C1F8
Device \Driver\atapi -> \Driver\atapi \Device\Harddisk0\DR0 8663C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x6D 0x85 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD0 0x9B 0xD1 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF9 0xF2 0x68 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x6D 0x85 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD0 0x9B 0xD1 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF9 0xF2 0x68 0x73 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77@CurrentCacheFile C:\Windows\SoftwareDistribution\EventCache\{6AFA6705-4B4B-4E74-A3DE-50307E3F94CC}.bin
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77@FlushCacheFiles

---- EOF - GMER 1.0.15 ----

#6 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 19 November 2009 - 02:14 PM

OTL.txt:

OTL logfile created on: 11/19/2009 2:03:46 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\Ryan Pinney\Documents\My Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208.65 Gb Total Space | 61.65 Gb Free Space | 29.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 371.21 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYANPINNEY-PC
Current User Name: Ryan Pinney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/19 14:02:43 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan Pinney\My Documents\My Downloads\OTL.exe
PRC - [2009/11/14 11:34:09 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/11 17:43:28 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/11/04 09:40:08 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/10 18:28:06 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/08/15 12:19:44 | 01,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe


========== Modules (SafeList) ==========

MOD - [2009/11/19 14:02:43 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan Pinney\My Documents\My Downloads\OTL.exe
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/14 19:32:23 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/11 17:43:28 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 19:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 19:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/06/10 15:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/06/10 15:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/10 18:28:06 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2008/07/10 18:28:06 | 00,369,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008/07/10 18:28:04 | 00,047,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 02:49:34 | 00,258,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/05 16:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/31 08:47:00 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/29 12:43:35 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/29 10:51:31 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP)
DRV - [2009/10/28 16:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/20 00:35:50 | 00,501,888 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 19:50:48 | 00,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1101000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/10/09 15:38:04 | 00,508,976 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/10/08 20:55:01 | 00,171,056 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 20:54:25 | 00,114,736 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 20:54:10 | 00,325,168 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 20:54:10 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1101000.013\SRTSPX.SYS -- (SRTSPX)
DRV - [2009/09/27 22:12:22 | 09,509,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/29 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/20 00:04:54 | 00,189,440 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 19:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 00,021,584 | ---- | M] () -- C:\Windows\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/07/13 19:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 19:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid)
DRV - [2009/07/13 18:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009/07/13 17:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:53:40 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 17:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 17:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 14:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/07/10 02:49:14 | 00,242,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/07/31 17:45:50 | 00,076,800 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/05/31 20:13:20 | 00,238,848 | ---- | M] (Belkin Corporation. ) -- C:\Windows\System32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2006/11/15 15:23:06 | 00,038,144 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2005/06/24 16:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/07/14 15:51:24 | 00,002,048 | ---- | M] () -- C:\Windows\System32\drivers\portio32.sys -- (portio32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 0D 9E 5C B8 58 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.14
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/11/13 16:54:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/11/13 16:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 17:49:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/14 11:34:12 | 00,000,000 | ---D | M]

[2009/11/14 11:34:54 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Extensions
[2009/10/29 10:54:27 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/14 11:34:54 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/19 12:06:31 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Firefox\Profiles\8zdsgzyd.default\extensions
[2009/10/29 11:37:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Firefox\Profiles\8zdsgzyd.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009/10/29 13:06:06 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Firefox\Profiles\8zdsgzyd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/29 13:06:05 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Firefox\Profiles\8zdsgzyd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/13 13:43:33 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla\Firefox\Profiles\8zdsgzyd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/14 11:34:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 17:49:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/14 11:34:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/11/06 17:49:04 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 17:49:04 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/14 11:34:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 17:49:05 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/09 12:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/29 11:03:35 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/09 12:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/10/16 11:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 11:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 11:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 11:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 11:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 11:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 11:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/18 22:27:47 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\ArcSoft
[2009/11/18 22:27:40 | 00,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys
[2009/11/18 22:27:32 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2009/11/18 22:27:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/11/18 22:27:32 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/11/15 04:19:51 | 02,791,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/11/15 04:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/11/15 04:19:47 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/11/15 04:14:24 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\DriverGenius
[2009/11/15 04:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2009/11/15 04:11:19 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\ElevatedDiagnostics
[2009/11/15 04:10:58 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/11/14 20:09:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/11/14 20:09:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/11/14 11:35:04 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\LimeWire
[2009/11/14 11:34:44 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\LimeWire
[2009/11/14 11:34:12 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/11/14 11:34:12 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/14 11:34:12 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/14 11:34:12 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/14 11:34:09 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/14 11:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/11/13 14:09:45 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Tific
[2009/11/13 14:09:39 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Tific
[2009/11/13 14:09:33 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Symantec
[2009/11/13 13:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2009/11/13 12:51:58 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\abgx360
[2009/11/13 11:04:38 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2009/11/13 11:04:37 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2009/11/13 11:04:37 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2009/11/13 11:04:37 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2009/11/13 11:04:37 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2009/11/13 11:04:36 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009/11/13 11:04:35 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/11/13 11:04:35 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009/11/13 11:04:35 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/11/13 11:04:35 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/11/13 11:04:35 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/11/13 11:04:34 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/11/13 11:04:34 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/11/13 11:04:34 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/11/13 11:04:34 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009/11/13 11:04:34 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/11/13 11:04:34 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/11/13 11:04:34 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009/11/13 11:04:34 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/11/13 11:04:33 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/11/13 11:04:33 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009/11/13 11:04:33 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009/11/13 11:04:33 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009/11/13 11:04:33 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009/11/13 11:04:33 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009/11/13 11:04:33 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009/11/13 11:04:33 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009/11/13 11:04:32 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/11/13 11:04:32 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/11/13 11:04:32 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/11/13 11:04:31 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/11/13 11:04:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/11/13 11:04:31 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/11/13 11:04:30 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/11/13 11:04:30 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/11/13 11:04:30 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/11/13 11:04:30 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/11/13 11:04:29 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/11/13 11:04:29 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/11/13 11:04:28 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/11/13 11:04:28 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/11/13 11:04:27 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/11/13 11:04:27 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/11/13 11:04:27 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/11/13 11:04:26 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/11/13 11:04:25 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/11/13 11:04:25 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/11/13 11:04:24 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/11/13 11:04:24 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/11/13 11:04:24 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/11/13 11:04:23 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/11/13 11:04:23 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/11/13 11:04:22 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/11/13 11:04:22 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/11/13 11:04:21 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/11/13 11:04:20 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/11/13 11:04:20 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/11/13 11:04:19 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/11/13 11:04:19 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/11/13 11:04:19 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/11/13 11:04:18 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/11/13 11:04:18 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/11/13 11:04:18 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/11/13 11:04:18 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/11/13 11:04:17 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/11/13 11:04:17 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/11/13 11:04:17 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/11/13 11:04:13 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/11/13 11:04:13 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/11/13 11:04:12 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/11/13 11:04:05 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/11/13 11:04:05 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/11/13 11:04:05 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/11/13 11:04:04 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/11/13 11:04:03 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/11/13 11:04:03 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/11/13 11:04:02 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/11/13 11:04:02 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/11/13 11:04:01 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/11/12 20:43:47 | 00,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/11/12 20:43:47 | 00,328,752 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/11/12 20:43:47 | 00,325,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/11/12 20:43:47 | 00,171,056 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/11/12 20:43:47 | 00,114,736 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/11/12 20:43:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/11/12 20:43:46 | 00,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/11/12 20:43:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1101000.013
[2009/11/12 20:09:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/11/12 20:09:53 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/11/11 17:43:05 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\PunkBuster
[2009/11/06 07:21:53 | 00,000,000 | ---D | C] -- C:\Program Files\Solid WMV to DVD Converter and Burner
[2009/11/06 02:45:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\dvd
[2009/11/06 02:35:25 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2009/11/06 02:35:24 | 00,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2009/11/06 02:35:24 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx
[2009/11/06 02:35:24 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2009/11/06 02:35:24 | 00,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2009/11/06 02:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2009/11/05 18:05:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Desktop\Schoolwork
[2009/11/05 12:52:07 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\SolidDVDBurner
[2009/11/05 12:51:05 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon.ocx
[2009/11/05 12:51:04 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2009/11/05 12:51:04 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2009/11/05 12:51:04 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/11/05 12:51:04 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video to DVD Converter and Burner
[2009/11/04 11:34:47 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\MulletPower
[2009/11/04 11:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2009/11/04 11:24:54 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/11/04 11:24:54 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/11/04 11:24:54 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/11/04 11:24:54 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/11/04 11:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/11/04 11:21:44 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/11/04 11:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2009/11/04 11:16:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Elecard
[2009/11/04 11:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Elecard
[2009/11/04 09:50:18 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 09:40:15 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/11/04 09:40:15 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/11/04 09:40:13 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\My DAP Downloads
[2009/11/04 09:40:09 | 00,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2009/11/04 09:40:09 | 00,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2009/11/04 09:40:06 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2009/11/04 09:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\DAP
[2009/11/04 09:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2009/11/04 07:01:30 | 00,000,000 | ---D | C] -- C:\IExp1.tmp
[2009/11/04 07:01:26 | 00,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2009/11/04 07:01:26 | 00,000,000 | ---D | C] -- C:\IExp0.tmp
[2009/11/04 07:01:25 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2009/11/04 07:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/11/04 07:00:55 | 00,000,000 | ---D | C] -- C:\Windows\WME Assistant
[2009/11/04 06:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/11/04 06:27:27 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009/11/04 06:27:27 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/11/04 06:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/04 05:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/11/04 05:53:54 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/11/04 05:17:29 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Desktop\Mom's Pictures
[2009/11/04 03:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/11/03 16:28:46 | 00,000,000 | ---D | C] -- C:\ASP.NET 3.5 C#
[2009/11/03 16:28:40 | 00,000,000 | ---D | C] -- C:\Murach
[2009/11/03 16:11:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\js
[2009/11/03 16:11:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\images
[2009/11/03 16:11:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\html
[2009/11/03 16:11:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\css
[2009/11/03 16:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2009/11/03 16:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2009/11/03 16:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009/11/03 16:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/03 16:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/03 16:03:12 | 00,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2009/11/03 16:03:12 | 00,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2009/11/03 16:00:30 | 00,000,000 | ---D | C] -- C:\Windows\symbols
[2009/11/03 15:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/11/03 15:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2009/11/03 15:58:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/03 14:29:16 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/02 22:32:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/02 16:50:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/02 16:50:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/02 16:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/02 16:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/02 16:48:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Adobe
[2009/11/02 16:35:50 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2009/11/02 16:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/11/02 16:33:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/02 16:33:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/02 16:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/02 16:30:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/02 15:31:29 | 00,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
[2009/11/02 15:31:17 | 00,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
[2009/11/02 15:30:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\RsFx
[2009/11/02 15:27:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/11/02 15:23:04 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/11/02 15:20:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/11/02 15:15:53 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\Visual Studio 2008
[2009/11/02 15:15:08 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Microsoft Help
[2009/11/02 15:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/02 15:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/02 15:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/11/02 15:13:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/11/02 15:13:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/11/02 15:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/10/31 10:47:06 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\Alcohol 120%
[2009/10/31 08:49:52 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/10/31 08:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\free-downloads.net
[2009/10/31 08:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009/10/31 02:00:54 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/30 21:06:44 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Diagnostics
[2009/10/30 20:44:48 | 00,000,000 | ---D | C] -- C:\TBRASetup
[2009/10/30 02:02:08 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/30 02:02:07 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/30 02:02:07 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/30 02:02:07 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/30 02:02:07 | 00,728,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/30 02:02:07 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/30 02:02:06 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/30 02:02:06 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/30 02:02:06 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/10/30 02:02:06 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/10/30 02:02:06 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/10/29 16:20:20 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/10/29 16:20:20 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/10/29 16:19:46 | 00,490,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2009/10/29 15:54:51 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\CrashDumps
[2009/10/29 15:47:54 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2009/10/29 15:47:30 | 00,000,000 | ---D | C] -- C:\WESTWOOD
[2009/10/29 15:03:40 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Xfire
[2009/10/29 15:03:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009/10/29 15:03:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009/10/29 15:03:30 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire
[2009/10/29 14:40:56 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Activision
[2009/10/29 13:46:03 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/10/29 13:43:12 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Desktop\Games
[2009/10/29 13:31:22 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/10/29 13:12:04 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Documents\My Downloads
[2009/10/29 12:43:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/10/29 12:43:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/10/29 12:43:35 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/10/29 12:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/29 12:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/29 12:43:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2009/10/29 12:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/29 12:35:37 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/10/29 12:33:20 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/10/29 12:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/29 11:55:40 | 00,000,000 | ---D | C] -- C:\Program Files\Prolific
[2009/10/29 11:55:22 | 00,076,800 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys
[2009/10/29 11:55:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/29 11:38:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Macromedia
[2009/10/29 11:37:59 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Adobe
[2009/10/29 11:37:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/10/29 11:37:24 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Megaupload
[2009/10/29 11:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\abgx360
[2009/10/29 11:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\MyMouse
[2009/10/29 11:30:16 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Desktop\xbox
[2009/10/29 11:30:03 | 00,019,968 | ---- | C] (Winford Engineering) -- C:\Windows\System32\portio32.dll
[2009/10/29 11:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\Megaupload
[2009/10/29 11:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/29 11:13:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/10/29 11:13:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/10/29 11:13:27 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/10/29 11:13:27 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/10/29 11:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/10/29 11:06:55 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/29 11:05:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Apple Computer
[2009/10/29 11:05:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Apple Computer
[2009/10/29 11:05:34 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/10/29 11:05:34 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/10/29 11:05:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/10/29 11:05:21 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/29 11:05:21 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/29 11:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/29 11:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/29 11:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/29 11:03:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/10/29 11:03:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/10/29 11:03:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/29 11:03:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Apple
[2009/10/29 11:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/29 11:02:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/10/29 11:02:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/10/29 11:02:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/29 11:02:31 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/10/29 11:02:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\ImgBurn
[2009/10/29 11:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/10/29 11:01:55 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\Desktop\Programs
[2009/10/29 10:54:23 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Mozilla
[2009/10/29 10:54:23 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Mozilla
[2009/10/29 10:54:18 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/29 10:51:31 | 00,021,035 | ---- | C] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys
[2009/10/29 10:51:10 | 00,238,848 | ---- | C] (Belkin Corporation. ) -- C:\Windows\System32\drivers\BLKWGU.sys
[2009/10/29 10:51:09 | 00,038,144 | ---- | C] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\EAPPkt.sys
[2009/10/29 10:51:09 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/29 10:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/10/29 10:50:36 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\InstallShield
[2009/10/29 10:44:07 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Searches
[2009/10/29 10:43:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Identities
[2009/10/29 10:43:56 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Contacts
[2009/10/29 10:43:46 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\VirtualStore
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Templates
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Start Menu
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\SendTo
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Recent
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\PrintHood
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\NetHood
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Documents\My Videos
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Documents\My Pictures
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Documents\My Music
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\My Documents
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Local Settings
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Cookies
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\Application Data
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\AppData\Local\Temporary Internet Files
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\AppData\Local\History
[2009/10/29 10:43:44 | 00,000,000 | -HSD | C] -- C:\Users\Ryan Pinney\AppData\Local\Application Data
[2009/10/29 10:43:43 | 00,000,000 | --SD | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Microsoft
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Videos
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Saved Games
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Pictures
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Music
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Links
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Favorites
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Downloads
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Documents
[2009/10/29 10:43:43 | 00,000,000 | R--D | C] -- C:\Users\Ryan Pinney\Desktop
[2009/10/29 10:43:43 | 00,000,000 | -H-D | C] -- C:\Users\Ryan Pinney\AppData
[2009/10/29 10:43:43 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Roaming\Media Center Programs
[2009/10/29 10:43:43 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Temp
[2009/10/29 10:43:43 | 00,000,000 | ---D | C] -- C:\Users\Ryan Pinney\AppData\Local\Microsoft
[2009/10/22 13:09:40 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/10/22 10:29:23 | 00,000,000 | -HSD | C] -- C:\Recovery
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/19 14:03:49 | 01,835,008 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat
[2009/11/19 13:33:06 | 00,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/19 13:33:06 | 00,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/19 13:32:17 | 00,805,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/19 13:32:17 | 00,680,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/19 13:32:17 | 00,127,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/19 13:28:21 | 00,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/11/19 13:28:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/19 13:28:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/19 13:27:41 | 24,152,71936 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/18 22:27:40 | 00,002,100 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2009/11/18 22:27:31 | 00,884,690 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1101000.013\Cat.DB
[2009/11/18 01:42:46 | 02,823,838 | -H-- | M] () -- C:\Users\Ryan Pinney\AppData\Local\IconCache.db
[2009/11/14 19:30:04 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TMContainer00000000000000000002.regtrans-ms
[2009/11/14 19:30:04 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TMContainer00000000000000000001.regtrans-ms
[2009/11/14 19:30:04 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TM.blf
[2009/11/14 11:34:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/11/14 11:34:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/14 11:34:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/14 11:34:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/13 14:41:32 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:41:32 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:41:31 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TM.blf
[2009/11/13 14:26:29 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:26:29 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:26:29 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TM.blf
[2009/11/13 14:22:45 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:22:45 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:22:44 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TM.blf
[2009/11/13 14:12:30 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:12:30 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:12:29 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TM.blf
[2009/11/13 14:09:27 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:09:27 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:09:27 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TM.blf
[2009/11/13 13:40:45 | 00,002,464 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/11/11 17:43:28 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/11 17:43:28 | 00,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/11 17:43:06 | 00,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/11 05:37:18 | 02,542,458 | ---- | M] () -- C:\Windows\System32\abgx360.exe
[2009/11/08 06:35:02 | 00,218,239 | ---- | M] () -- C:\Users\Ryan Pinney\Desktop\me VS 7 easy computers.png
[2009/11/06 19:07:07 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1101000.013\isolate.ini
[2009/11/06 19:03:08 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/11/05 18:06:43 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/05 16:07:13 | 00,007,493 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/11/05 16:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/11/05 16:06:13 | 00,002,793 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/11/04 09:40:06 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2009/11/03 20:34:46 | 00,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/03 16:14:59 | 00,110,088 | ---- | M] () -- C:\Users\Ryan Pinney\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/03 16:11:24 | 00,000,172 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/10/31 08:47:00 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/30 20:45:18 | 00,000,000 | ---- | M] () -- C:\MAIN.MIX
[2009/10/29 13:55:57 | 00,022,328 | ---- | M] () -- C:\Users\Ryan Pinney\AppData\Roaming\PnkBstrK.sys
[2009/10/29 13:55:08 | 00,000,319 | ---- | M] () -- C:\Windows\game.ini
[2009/10/29 13:31:10 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/10/29 12:43:35 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/10/29 12:43:35 | 00,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/10/29 12:43:35 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/10/29 12:36:20 | 00,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/10/29 10:54:20 | 00,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/29 10:51:31 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys
[2009/10/29 10:51:10 | 00,001,784 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2009/10/29 10:47:29 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 10:47:29 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 10:47:29 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/29 10:43:44 | 00,000,020 | -HS- | M] () -- C:\Users\Ryan Pinney\ntuser.ini
[2009/10/22 13:09:41 | 00,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/18 22:27:40 | 00,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2009/11/13 16:35:16 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 16:35:16 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 16:35:16 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{f5458821-d096-11de-985a-8a58edba4cee}.TM.blf
[2009/11/13 14:41:32 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:41:32 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:41:31 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{d6de8d16-d094-11de-9930-00173fd66821}.TM.blf
[2009/11/13 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:26:29 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf9ea013-d092-11de-998d-00173fd66821}.TM.blf
[2009/11/13 14:22:45 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:22:45 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:22:44 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{39825991-d092-11de-9988-00173fd66821}.TM.blf
[2009/11/13 14:12:30 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:12:30 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:12:29 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{bf050a0e-d090-11de-9933-00173fd66821}.TM.blf
[2009/11/13 14:09:27 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 14:09:27 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 14:09:27 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat{1b1b5e8f-d090-11de-99d5-00173fd66821}.TM.blf
[2009/11/13 13:40:13 | 00,884,690 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\Cat.DB
[2009/11/12 20:43:47 | 00,007,774 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/11/12 20:43:47 | 00,007,493 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/11/12 20:43:47 | 00,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/11/12 20:43:47 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/11/12 20:43:47 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/11/12 20:43:47 | 00,007,424 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\iron.cat
[2009/11/12 20:43:47 | 00,007,355 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/11/12 20:43:47 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/11/12 20:43:47 | 00,002,793 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/11/12 20:43:47 | 00,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/11/12 20:43:47 | 00,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/11/12 20:43:47 | 00,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/11/12 20:43:47 | 00,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/11/12 20:43:47 | 00,000,743 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\Iron.inf
[2009/11/12 20:43:46 | 00,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/11/12 20:43:46 | 00,001,756 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/11/12 20:43:35 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\isolate.ini
[2009/11/11 05:37:18 | 02,542,458 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2009/11/08 06:35:02 | 00,218,239 | ---- | C] () -- C:\Users\Ryan Pinney\Desktop\me VS 7 easy computers.png
[2009/11/05 18:06:43 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/11/04 11:21:45 | 00,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/04 11:21:45 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/04 11:18:20 | 00,180,224 | ---- | C] () -- C:\Windows\System32\ac3filter.cpl
[2009/11/04 03:35:17 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/04 03:35:17 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/04 03:35:17 | 00,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/11/03 16:11:24 | 00,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/31 08:47:00 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/30 20:45:18 | 00,000,000 | ---- | C] () -- C:\MAIN.MIX
[2009/10/29 15:47:36 | 00,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2009/10/29 13:55:58 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/29 13:55:57 | 00,022,328 | ---- | C] () -- C:\Users\Ryan Pinney\AppData\Roaming\PnkBstrK.sys
[2009/10/29 13:55:23 | 00,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/10/29 13:55:20 | 00,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/29 13:55:08 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/10/29 12:43:35 | 00,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/10/29 12:43:35 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/10/29 12:43:20 | 00,002,464 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/10/29 11:30:03 | 00,002,048 | ---- | C] () -- C:\Windows\System32\drivers\portio32.sys
[2009/10/29 11:07:04 | 00,110,088 | ---- | C] () -- C:\Users\Ryan Pinney\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/29 10:54:20 | 00,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/29 10:51:10 | 00,013,768 | ---- | C] () -- C:\Windows\System32\drivers\string.ini
[2009/10/29 10:51:10 | 00,001,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2009/10/29 10:47:27 | 02,823,838 | -H-- | C] () -- C:\Users\Ryan Pinney\AppData\Local\IconCache.db
[2009/10/29 10:46:37 | 00,171,136 | RHS- | C] () -- C:\grldr
[2009/10/29 10:43:44 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 10:43:44 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 10:43:44 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan Pinney\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/29 10:43:44 | 00,000,020 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.ini
[2009/10/29 10:43:43 | 01,835,008 | -HS- | C] () -- C:\Users\Ryan Pinney\ntuser.dat
[2009/10/22 13:09:43 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/10/22 13:09:41 | 00,383,562 | RHS- | C] () -- C:\bootmgr
[2009/10/22 13:09:41 | 00,000,211 | -H-- | C] () -- C:\Boot.BAK
[2009/10/22 12:11:12 | 24,152,71936 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/14 18:01:24 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 22:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 20:04:23 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009/07/13 20:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 17:11:15 | 00,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/03/04 14:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[1997/06/13 19:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/13 12:52:05 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\abgx360
[2009/10/29 12:20:07 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\ImgBurn
[2009/11/15 06:20:47 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\LimeWire
[2009/10/29 11:37:24 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Megaupload
[2009/11/13 14:09:39 | 00,000,000 | ---D | M] -- C:\Users\Ryan Pinney\AppData\Roaming\Tific
[2009/11/19 13:28:04 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:53:46 | 00,013,946 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

#7 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 19 November 2009 - 02:20 PM

extras.txt:

OTL Extras logfile created on: 11/19/2009 2:03:46 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\Ryan Pinney\Documents\My Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208.65 Gb Total Space | 61.65 Gb Free Space | 29.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 371.21 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYANPINNEY-PC
Current User Name: Ryan Pinney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E82FBDF4-8C05-4513-B8D8-2331145FCA11}_is1" = Any Video to DVD Converter and Burner 1.2.7
"{E82FBDF4-8C05-4513-B8D8-233114WMVDVD}_is1" = Solid WMV to DVD Converter and Burner 1.2.7
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"abgx360" = abgx360 v1.0.2
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Elecard MPEG-2 PlugIn for WMP 4.0.90626" = Elecard MPEG-2 PlugIn for WMP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 610] [2006-12-01]
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire PRO 5.2.13
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MyMouse_is1" = MyMouse 4.3
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealAlt_is1" = Real Alternative 2.0.1
"Red Alert" = Red Alert Windows 95
"Red Alert 2" = Command & Conquer Red Alert 2
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 3412" = Heavy Weapon Deluxe Demo
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WChat" = Westwood Online
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WOLAPI" = Westwood Shared Internet Components
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2009 9:33:26 PM | Computer Name = RyanPinney-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.0.0.0, time stamp:
0x4aaadaf8 Faulting module name: Steam.dll, version: 2.0.762.41, time stamp: 0x4af0cec1
Exception
code: 0xc0000005 Fault offset: 0x001e8a45 Faulting process id: 0xd60 Faulting application
start time: 0x01ca659378a87a22 Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
module path: C:\Program Files\Steam\Steam.dll Report Id: dea6421b-d186-11de-99e8-00173fd66821

Error - 11/15/2009 2:31:22 AM | Computer Name = RyanPinney-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/15/2009 6:19:11 AM | Computer Name = RyanPinney-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallManagerApp.exe, version: 3.0.719.0,
time stamp: 0x49c04ce8 Faulting module name: MFC80U.DLL, version: 8.0.50727.1833,
time stamp: 0x482bc450 Exception code: 0xc0000005 Fault offset: 0x0004c655 Faulting
process id: 0x3d0 Faulting application start time: 0x01ca65dd0c466a2d Faulting application
path: C:\ATI\Support\9-4_vista32-64_sb\Bin\InstallManagerApp.exe Faulting module
path: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_cbf00aee470f5fb
7\MFC80U.DLL
Report
Id: 50e009dc-d1d0-11de-9a55-00173fd66821

Error - 11/15/2009 6:19:26 AM | Computer Name = RyanPinney-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallManagerApp.exe, version: 3.0.719.0,
time stamp: 0x49c04ce8 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc015000f Fault offset: 0x0008174f Faulting
process id: 0x3d0 Faulting application start time: 0x01ca65dd0c466a2d Faulting application
path: C:\ATI\Support\9-4_vista32-64_sb\Bin\InstallManagerApp.exe Faulting module
path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 59719d6a-d1d0-11de-9a55-00173fd66821

Error - 11/16/2009 2:32:11 AM | Computer Name = RyanPinney-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/18/2009 2:26:06 PM | Computer Name = RyanPinney-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/18/2009 5:13:12 PM | Computer Name = RyanPinney-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallManagerApp.exe, version: 3.0.745.0,
time stamp: 0x4abd2e92 Faulting module name: MFC80U.DLL, version: 8.0.50727.1833,
time stamp: 0x482bc450 Exception code: 0xc0000005 Fault offset: 0x0004c655 Faulting
process id: 0xea4 Faulting application start time: 0x01ca6893e87d1c3c Faulting application
path: C:\ATI\Support\9-10_vista_win7_32-64_sb\Bin\InstallManagerApp.exe Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_cbf00aee470f5fb
7\MFC80U.DLL
Report
Id: 2d763f51-d487-11de-8be2-cbf0d90833b3

Error - 11/18/2009 5:13:28 PM | Computer Name = RyanPinney-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallManagerApp.exe, version: 3.0.745.0,
time stamp: 0x4abd2e92 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc015000f Fault offset: 0x0008174f Faulting
process id: 0xea4 Faulting application start time: 0x01ca6893e87d1c3c Faulting application
path: C:\ATI\Support\9-10_vista_win7_32-64_sb\Bin\InstallManagerApp.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 36c20322-d487-11de-8be2-cbf0d90833b3

Error - 11/19/2009 12:27:21 AM | Computer Name = RyanPinney-PC | Source = VSS | ID = 8194
Description =

Error - 11/19/2009 2:32:04 AM | Computer Name = RyanPinney-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 11/19/2009 2:23:37 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 34001
Description =

Error - 11/19/2009 3:01:19 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 34001
Description =

Error - 11/19/2009 3:13:26 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 34001
Description =

Error - 11/19/2009 3:28:03 PM | Computer Name = RyanPinney-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:22:51 PM on ?11/?19/?2009 was unexpected.

Error - 11/19/2009 3:28:03 PM | Computer Name = RyanPinney-PC | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%2

Error - 11/19/2009 3:28:19 PM | Computer Name = RyanPinney-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86

Error - 11/19/2009 3:28:21 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 30013
Description =

Error - 11/19/2009 3:28:43 PM | Computer Name = RyanPinney-PC | Source = bowser | ID = 8003
Description =

Error - 11/19/2009 3:30:21 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 34001
Description =

Error - 11/19/2009 3:42:28 PM | Computer Name = RyanPinney-PC | Source = ipnathlp | ID = 34001
Description =


< End of report >

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 19 November 2009 - 05:21 PM

RPinney,

Double click on OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes
explorer.exe

:OTL
O33 - MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.


Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 17

Download Rooter.exe to your desktop

  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 20 November 2009 - 02:51 PM

Ok I did it twice. The first time it gave me an error (I don't remember the error). So I tried it again like 20 minutes later and I got this log. All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d009d7-c4b9-11de-989a-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d009d7-c4b9-11de-989a-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d009d7-c4b9-11de-989a-806e6f6e6963}\ not found. File D:\autorun.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Ryan Pinney ->Temp folder emptied: 38744 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3725378 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.62 mb OTL by OldTimer - Version 3.1.6.0 log created on 11202009_144558 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 November 2009 - 03:22 PM

RPinney, Good. Now let's see what the other scans have to say.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#11 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 20 November 2009 - 05:30 PM

Right, I missed those. The rooter.exe link doesn't work for me. I checked google but couldn't find any alternative. Doing Kaspersky right now.

Edited by RPinney, 20 November 2009 - 05:31 PM.

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 November 2009 - 05:47 PM

:thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 20 November 2009 - 07:35 PM

edit: nevermind. The report below is of critical areas, rather than "My Computer". Currently in the process of My Computer scan. It was my understanding that I was d/ling a .exe type of file and running it, which was why I got confused by your directions.

Kaspersky report

Posted Image

Edited by RPinney, 20 November 2009 - 07:42 PM.

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 20 November 2009 - 07:48 PM

RPinney, No problem. That screenshot looks like Kaspersky found the problem. We'll see what else it found.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 RPinney

RPinney

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 20 November 2009 - 08:36 PM

It might take awhile. It's at 18%. Duration so far: 53 minutes. yikes...

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·