0

hey guys, I play need for speed world and yesterday my brother was using my computer and when I play games it lags. Im sure its a virus because when I woke up this morning there were ads on my screen. Here are the logs you requested. GMER does not work on my computer since i am running windows 7 64-bit. Thanks guys.


00:06:31 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:06:31 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:07:47 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:07:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:08:04 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:09:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:09:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:09:11 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:10:36 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:40 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:10:40 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:58 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:59 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:11:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:12:52 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:12:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:02 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:13 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:13 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:45 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:45 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:19:55 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:21:00 Rae Anthony MESSAGE Scheduled update executed successfully
00:21:10 Rae Anthony MESSAGE Database updated successfully
00:29:00 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
01:03:16 Rae Anthony DETECTION C:\Windows\mstwain32.exe Trojan.Backdoor ALLOW
03:42:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:47:30 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
11:47:31 Rae Anthony DETECTION C:\WINDOWS\NTDTCSTP.DLL Backdoor.Turkojan ALLOW
11:47:31 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:47:59 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:48:17 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
11:48:21 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:50:23 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:51:33 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:51:38 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:55:15 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:54:59 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:07 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:55:08 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:24 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:27 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:37 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
12:57:15 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:57:26 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:57:37 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:57:37 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:02:54 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
13:02:55 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:03:14 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:18:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:18:53 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:20:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:20:49 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:20:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:37 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:49 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:56 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:22:56 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:22:58 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:23:08 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:23:23 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:23:31 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:24:51 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:24:51 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:26:34 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
13:26:34 Rae Anthony DETECTION C:\WINDOWS\NTDTCSTP.DLL Backdoor.Turkojan ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:36:00 Rae Anthony MESSAGE Protection started successfully
13:36:10 Rae Anthony MESSAGE Database updated successfully
14:20:45 Rae Anthony MESSAGE Protection started successfully
14:34:50 Rae Anthony MESSAGE Protection started successfully
15:33:34 Rae Anthony MESSAGE Protection started successfully
15:33:56 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan QUARANTINE
15:33:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:33:57 Rae Anthony ERROR Quarantine failed: DeleteFile failed with error code 5
15:33:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:19 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:19 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:29 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:29 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:56 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:35:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:35:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:05 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:11 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:11 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:24 Rae Anthony MESSAGE Database updated successfully
15:41:09 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan QUARANTINE
15:41:09 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:41:10 Rae Anthony ERROR Quarantine failed: DeleteFile failed with error code 5
16:29:12 Rae Anthony MESSAGE Protection started successfully


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Rae Anthony at 16:54:43 on 2011-09-28
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4094.1637 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Gravity\Dragon Saga\Release\dragonsaga.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [<NO NAME>]
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{3172544B-3990-4249-8FF7-741F9D8A1BA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E035A311-F61D-47F4-A5CF-E770FCF8B253} : NameServer = 64.59.144.90,64.59.144.91
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-7-1 52352]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-25 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-6-1 8192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-25 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-5-10 33592]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-5-10 14136]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-09-28 23:52:34 388096 ----a-r- C:\Users\Rae Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-28 23:52:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-26 06:02:17 -------- d-----w- C:\Users\Rae Anthony\AppData\Local\Google
2011-09-25 09:44:40 -------- d-----w- C:\Program Files (x86)\Gravity
2011-09-25 04:11:14 -------- d-----w- C:\gPotato.eu
2011-09-25 03:53:18 957004851 ----a-w- C:\Dragonica_NewOrigin_20110920-1b.bin
2011-09-25 03:23:47 1565415296 ----a-w- C:\Dragonica_NewOrigin_20110920-1a.bin
2011-09-25 03:23:46 590320 ----a-w- C:\Dragonica_NewOrigin_20110920.exe
2011-09-19 17:49:24 -------- d-----w- C:\Data
2011-09-17 07:04:54 -------- d-----w- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
2011-09-11 16:21:39 -------- d-----w- C:\Users\Rae Anthony\AppData\Local\Electronic_Arts_Inc
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-04 00:47:58 -------- d-----w- C:\B
2011-09-02 02:58:43 -------- d-----w- C:\ProgramData\Nexon
.
==================== Find3M ====================
.
2011-09-25 18:00:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-29 00:49:14 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-29 00:48:48 16552960 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-28 22:23:16 9980416 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-18 06:54:02 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-07-05 01:27:21 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 16:55:05.62 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/05/2011 5:47:01 PM
System Uptime: 28/09/2011 4:26:35 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790FX-GD70(MS-7577)
Processor: AMD Phenom(tm) II X4 955 Processor | CPU1 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 167.673 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 81.601 GiB free.
E: is FIXED (NTFS) - 89 GiB total, 23.264 GiB free.
F: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP56: 28/09/2011 1:07:38 AM - Scheduled Checkpoint
RP57: 28/09/2011 3:18:55 PM - Restore Operation
RP58: 28/09/2011 4:52:15 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Akamai NetSession Interface
AMD OverDrive
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 6.0.2
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cheat Engine 6.0
Copy
Coupon Printer for Windows
Crysis® 2
DAEMON Tools Lite
DAEMON Tools Toolbar
Destinations
DeviceDiscovery
DivX Web Player
DJ_AIO_06_F2400_SW_Min
Dragon Saga
Dragonica
DragonNest
DVD Shrink 3.2
EVEREST Home Edition v2.20
F2400
ffdshow v1.1.3851 [2011-05-12]
Frets On Fire
Google Chrome
Google Update Helper
GPBaseService2
HiJackThis
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
HydraVision
ImgBurn
iTunes Export
Java Auto Updater
Java(TM) 6 Update 22
Liveupdate5
Malwarebytes' Anti-Malware version 1.51.2.1300
MapleStory
MarketResearch
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile Mouse Server
Mozilla Firefox 6.0.2 (x86 en-GB)
Need For Speed™ World
Nero 7 Ultra Edition
neroxml
Nexon Game Manager
PlayerScore
Portal 2
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rohan_RBF
Sapphire TRIXX
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SmartWebPrinting
SolutionCenter
Status
Steam
Tansee iPod Transfer v3.8
Toolbox
TrayApp
TwelveSky2
VC80CRTRedist - 8.0.50727.762
Video Card Stability Test
VLC media player 1.1.9
WebReg
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinSCP 4.3.3
WinSCP plugin for FAR 1.6.2
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
28/09/2011 3:42:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/09/2011 3:42:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/09/2011 3:42:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28/09/2011 3:42:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28/09/2011 3:42:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/09/2011 3:42:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28/09/2011 3:42:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
28/09/2011 3:42:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/09/2011 3:42:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/09/2011 3:42:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/09/2011 3:42:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
28/09/2011 3:42:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/09/2011 3:42:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/09/2011 2:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
28/09/2011 2:33:09 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/09/2011 2:33:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/09/2011 2:31:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
28/09/2011 2:23:24 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
28/09/2011 2:23:24 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
28/09/2011 2:23:24 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
28/09/2011 1:30:45 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/09/2011 1:29:55 PM, Error: Application Popup [1060] - \??\C:\user123\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
27/09/2011 8:07:06 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe Process Id: 6212 Publisher:
27/09/2011 8:02:47 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK.exe Process Id: 5300 Publisher:
27/09/2011 8:02:31 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK.exe Process Id: 6976 Publisher:
27/09/2011 8:00:34 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK.exe Process Id: 3124 Publisher:
27/09/2011 7:59:34 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK.exe Process Id: 6684 Publisher:
27/09/2011 11:57:23 PM, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Users\Rae Anthony\Desktop\NFSW HACK.exe Process Id: 1608 Publisher:
24/09/2011 9:18:10 PM, Error: Service Control Manager [7000] - The NPPTNT2 service failed to start due to the following error: The system cannot find the file specified.
24/09/2011 9:18:08 PM, Error: Application Popup [1060] - \??\C:\gPotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Edited by flipboi15: n/a

2
Contributors
14
Replies
16
Views
5 Years
Discussion Span
Last Post by crunchie
0

this was the latest logfile from mbam

00:06:31 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:06:31 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:07:47 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:07:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:08:04 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:09:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:09:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:09:11 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:10:36 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:40 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:10:40 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:58 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:10:59 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
00:11:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:12:52 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:12:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:02 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:03 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:13 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:13 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:13:45 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
00:13:45 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:19:55 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
00:21:00 Rae Anthony MESSAGE Scheduled update executed successfully
00:21:10 Rae Anthony MESSAGE Database updated successfully
00:29:00 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
01:03:16 Rae Anthony DETECTION C:\Windows\mstwain32.exe Trojan.Backdoor ALLOW
03:42:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:47:30 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
11:47:31 Rae Anthony DETECTION C:\WINDOWS\NTDTCSTP.DLL Backdoor.Turkojan ALLOW
11:47:31 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:47:59 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:48:17 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
11:48:21 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:50:23 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:51:33 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
11:51:38 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
11:55:15 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:54:59 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:07 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:55:08 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:24 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:27 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:55:37 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
12:57:15 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:57:26 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
12:57:37 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
12:57:37 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:02:54 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
13:02:55 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:03:14 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:18:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:18:53 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:20:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:20:49 Rae Anthony DETECTION C:\Windows\ntdtcstp.dll Backdoor.Turkojan ALLOW
13:20:52 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:37 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:49 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:22:56 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:22:56 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:22:58 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:23:08 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:23:23 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan ALLOW
13:23:31 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:24:51 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:24:51 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:26:34 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan ALLOW
13:26:34 Rae Anthony DETECTION C:\WINDOWS\NTDTCSTP.DLL Backdoor.Turkojan ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:28:53 Rae Anthony DETECTION C:\WINDOWS\MSTWAIN32.EXE Trojan.Backdoor ALLOW
13:36:00 Rae Anthony MESSAGE Protection started successfully
13:36:10 Rae Anthony MESSAGE Database updated successfully
14:20:45 Rae Anthony MESSAGE Protection started successfully
14:34:50 Rae Anthony MESSAGE Protection started successfully
15:33:34 Rae Anthony MESSAGE Protection started successfully
15:33:56 Rae Anthony DETECTION C:\WINDOWS\CMSETAC.DLL Backdoor.Turkojan QUARANTINE
15:33:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:33:57 Rae Anthony ERROR Quarantine failed: DeleteFile failed with error code 5
15:33:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:19 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:19 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:29 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:29 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:46 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:56 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:34:57 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:35:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:35:50 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:04 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:05 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:11 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:11 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:38:24 Rae Anthony MESSAGE Database updated successfully
15:41:09 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan QUARANTINE
15:41:09 Rae Anthony DETECTION C:\Windows\cmsetac.dll Backdoor.Turkojan DENY
15:41:10 Rae Anthony ERROR Quarantine failed: DeleteFile failed with error code 5
16:29:12 Rae Anthony MESSAGE Protection started successfully

0

Does not look like any MBA_M log I've seen. Is that from the purchased version?

Where are the log headers? You need to run a full scan and post the log as per the instructions in the sticky.

0

sorry here it is

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7821

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/09/2011 3:41:01 PM
mbam-log-2011-09-28 (15-41-01).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 42406
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\cmsetac.dll (Backdoor.Turkojan) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mstwain32 (Trojan.Backdoor) -> Value: mstwain32 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\cmsetac.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\Windows\mstwain32.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3016430573-901052433-3033151164-1000\$RXTT5D4.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

0

Looks more familiar :).

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

OTL logfile created on: 30/09/2011 9:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Rae Anthony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.35% Memory free
7.99 Gb Paging File | 6.26 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 165.76 Gb Free Space | 35.60% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive E: | 88.64 Gb Total Space | 22.59 Gb Free Space | 25.48% Space Free | Partition Type: NTFS

Computer Name: RAEANTHONY-PC | User Name: Rae Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/11 13:59:57 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dda6d8c7413334b605fcf590a702e9f1\Microsoft.VisualBasic.ni.dll
MOD - [2011/05/11 01:59:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/05/11 01:59:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/05/11 01:59:19 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/05/11 01:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/05/11 01:59:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/05/11 01:59:02 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/05/11 01:58:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 14:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 14:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/14 15:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/28 15:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 13:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/11 05:39:53 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010/07/01 04:44:34 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 48 BC 04 90 0F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/25 23:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]

[2011/05/10 21:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/11 05:39:44 | 000,002,055 | ---- | M] () -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\searchplugins\daemon-search.xml
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 15:25:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/18 18:06:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/06/28 21:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/30 15:25:53 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/30 15:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:25:53 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:25:53 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:25:53 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3172544B-3990-4249-8FF7-741F9D8A1BA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E035A311-F61D-47F4-A5CF-E770FCF8B253}: NameServer = 64.59.144.90,64.59.144.91
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/02 12:15:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 21:06:36 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/29 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Car
[2011/09/29 14:56:04 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\New folder (2)
[2011/09/29 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Ahead
[2011/09/28 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\AirMouse
[2011/09/28 21:28:38 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/28 21:28:28 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/28 21:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/28 21:25:58 | 012,609,904 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 16:52:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/28 14:31:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/28 13:22:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 13:22:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 13:22:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 13:22:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 13:21:59 | 004,232,663 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 00:22:15 | 945,742,145 | ---- | C] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:47 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/28 00:13:03 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\HPAppData
[2011/09/25 23:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/25 23:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/25 23:02:17 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Google
[2011/09/25 23:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/25 08:37:12 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonSaga
[2011/09/25 02:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Saga
[2011/09/25 02:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2011/09/24 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Dragonica
[2011/09/24 21:11:14 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2011/09/24 20:23:46 | 000,590,320 | ---- | C] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5
[2011/09/23 01:31:57 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Winject
[2011/09/19 10:49:24 | 000,000,000 | ---D | C] -- C:\Data
[2011/09/18 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Need for Speed World
[2011/09/17 00:04:54 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/09/16 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Data
[2011/09/11 09:21:39 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Electronic_Arts_Inc
[2011/09/11 09:20:47 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Need For Speed World
[2011/09/11 09:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/09/03 17:47:58 | 000,000,000 | ---D | C] -- C:\B
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonNest
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/30 20:34:26 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 20:34:26 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 20:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 16:30:13 | 000,000,416 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/09/30 16:30:12 | 000,497,344 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/09/30 16:30:10 | 000,090,568 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/09/30 15:03:17 | 003,342,199 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:59 | 006,420,839 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 23:29:24 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/29 17:20:03 | 000,019,689 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:22:55 | 000,038,829 | ---- | M] () -- C:\Users\Rae Anthony\Documents\car.nri
[2011/09/29 16:06:21 | 007,299,365 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/29 14:40:37 | 000,031,113 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hiph0p.m3u
[2011/09/28 22:38:35 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 22:38:35 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 22:38:35 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 22:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 22:34:04 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 21:35:41 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:28:39 | 000,018,098 | ---- | M] () -- C:\MGlogs.zip
[2011/09/28 21:27:08 | 012,609,904 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 21:26:44 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/28 16:53:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,003,003 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:52:03 | 001,402,880 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 13:22:06 | 004,232,663 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 06:14:20 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/28 00:39:26 | 945,742,145 | ---- | M] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:56 | 000,001,274 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/28 00:19:51 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/27 22:49:04 | 000,000,000 | ---- | M] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/09/27 20:07:14 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:24 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:29 | 000,209,731 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:17:53 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/25 23:03:48 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | M] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 22:59:47 | 000,140,521 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 02:39:03 | 1996,558,848 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 21:11:03 | 957,004,851 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:53:18 | 1565,415,296 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:47 | 000,590,320 | ---- | M] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 20:23:19 | 000,689,976 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:33:10 | 000,001,123 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:41 | 000,650,048 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/22 13:45:14 | 000,031,102 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hip-h0p combine.m3u
[2011/09/16 11:48:48 | 000,137,254 | ---- | M] () -- C:\Windows\hpoins44.dat
[2011/09/15 18:29:07 | 000,032,256 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/15 16:59:14 | 000,439,808 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/13 11:20:20 | 074,468,719 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:47 | 003,843,175 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:31:43 | 000,000,696 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:53 | 007,516,092 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:15 | 005,287,269 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/08 03:59:52 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/05 14:25:37 | 000,002,930 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:47:18 | 012,239,298 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:58 | 008,139,089 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/30 15:03:12 | 003,342,199 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:47 | 006,420,839 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 17:16:43 | 000,019,689 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:06:04 | 007,299,365 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/28 21:28:39 | 000,018,098 | ---- | C] () -- C:\MGlogs.zip
[2011/09/28 21:27:57 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:26:42 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/28 20:52:02 | 000,000,416 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/09/28 20:51:58 | 000,497,344 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/09/28 20:50:11 | 000,090,568 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/09/28 16:52:34 | 000,003,003 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:51:57 | 001,402,880 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 00:19:56 | 000,001,274 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/27 22:49:04 | 000,000,000 | ---- | C] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/09/27 22:17:12 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/27 20:07:00 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:01 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:22 | 000,209,731 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:03:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/25 23:03:48 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | C] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 23:02:21 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 23:02:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 22:59:46 | 000,140,521 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 01:57:55 | 1996,558,848 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 20:53:18 | 957,004,851 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:23:47 | 1565,415,296 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:18 | 000,689,976 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:32:26 | 000,001,123 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:37 | 000,650,048 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/19 09:18:50 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/19 09:18:50 | 000,439,808 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/19 09:18:50 | 000,032,256 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/16 11:48:46 | 000,170,043 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2011/09/16 11:48:46 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011/09/13 11:17:19 | 074,468,719 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:39 | 003,843,175 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:30:57 | 000,000,696 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:17 | 007,516,092 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:07 | 005,287,269 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/05 14:25:37 | 000,002,930 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:46:51 | 012,239,298 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:41 | 008,139,089 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/01 12:41:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/06/01 12:40:21 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/01 12:10:48 | 000,000,600 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Roaming\winscp.rnd
[2011/05/25 12:27:29 | 000,137,254 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/05/25 12:27:29 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011/05/17 13:51:09 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/15 02:21:34 | 000,007,168 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 21:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Blackberry Desktop
[2011/05/11 05:41:29 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\DAEMON Tools Lite
[2011/08/25 18:43:03 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fofix
[2011/06/06 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\FreeStone Group
[2011/08/20 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fretsonfire
[2011/05/11 06:34:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\ImgBurn
[2011/07/04 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2011/09/17 00:04:54 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/07/29 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\redsn0w
[2011/06/01 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Research In Motion
[2011/09/30 09:50:08 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\uTorrent
[2009/07/13 22:08:49 | 000,032,222 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/09/24 20:23:47 | 000,590,320 | ---- | M] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2011/09/28 21:26:44 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2011/03/10 23:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/10 23:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/10 23:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/10 23:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >

0

OTL logfile created on: 30/09/2011 9:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Rae Anthony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.35% Memory free
7.99 Gb Paging File | 6.26 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 165.76 Gb Free Space | 35.60% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive E: | 88.64 Gb Total Space | 22.59 Gb Free Space | 25.48% Space Free | Partition Type: NTFS

Computer Name: RAEANTHONY-PC | User Name: Rae Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/11 13:59:57 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dda6d8c7413334b605fcf590a702e9f1\Microsoft.VisualBasic.ni.dll
MOD - [2011/05/11 01:59:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/05/11 01:59:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/05/11 01:59:19 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/05/11 01:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/05/11 01:59:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/05/11 01:59:02 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/05/11 01:58:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 14:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 14:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/14 15:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/28 15:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 13:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/11 05:39:53 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010/07/01 04:44:34 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 48 BC 04 90 0F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/25 23:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]

[2011/05/10 21:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/11 05:39:44 | 000,002,055 | ---- | M] () -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\searchplugins\daemon-search.xml
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 15:25:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/18 18:06:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/06/28 21:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/30 15:25:53 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/30 15:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:25:53 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:25:53 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:25:53 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3172544B-3990-4249-8FF7-741F9D8A1BA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E035A311-F61D-47F4-A5CF-E770FCF8B253}: NameServer = 64.59.144.90,64.59.144.91
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/02 12:15:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 21:06:36 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/29 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Car
[2011/09/29 14:56:04 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\New folder (2)
[2011/09/29 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Ahead
[2011/09/28 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\AirMouse
[2011/09/28 21:28:38 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/28 21:28:28 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/28 21:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/28 21:25:58 | 012,609,904 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 16:52:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/28 14:31:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/28 13:22:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 13:22:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 13:22:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 13:22:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 13:21:59 | 004,232,663 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 00:22:15 | 945,742,145 | ---- | C] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:47 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/28 00:13:03 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\HPAppData
[2011/09/25 23:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/25 23:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/25 23:02:17 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Google
[2011/09/25 23:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/25 08:37:12 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonSaga
[2011/09/25 02:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Saga
[2011/09/25 02:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2011/09/24 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Dragonica
[2011/09/24 21:11:14 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2011/09/24 20:23:46 | 000,590,320 | ---- | C] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5
[2011/09/23 01:31:57 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Winject
[2011/09/19 10:49:24 | 000,000,000 | ---D | C] -- C:\Data
[2011/09/18 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Need for Speed World
[2011/09/17 00:04:54 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/09/16 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Data
[2011/09/11 09:21:39 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Electronic_Arts_Inc
[2011/09/11 09:20:47 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Need For Speed World
[2011/09/11 09:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/09/03 17:47:58 | 000,000,000 | ---D | C] -- C:\B
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonNest
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/30 20:34:26 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 20:34:26 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 20:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 16:30:13 | 000,000,416 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/09/30 16:30:12 | 000,497,344 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/09/30 16:30:10 | 000,090,568 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/09/30 15:03:17 | 003,342,199 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:59 | 006,420,839 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 23:29:24 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/29 17:20:03 | 000,019,689 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:22:55 | 000,038,829 | ---- | M] () -- C:\Users\Rae Anthony\Documents\car.nri
[2011/09/29 16:06:21 | 007,299,365 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/29 14:40:37 | 000,031,113 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hiph0p.m3u
[2011/09/28 22:38:35 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 22:38:35 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 22:38:35 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 22:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 22:34:04 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 21:35:41 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:28:39 | 000,018,098 | ---- | M] () -- C:\MGlogs.zip
[2011/09/28 21:27:08 | 012,609,904 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 21:26:44 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/28 16:53:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,003,003 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:52:03 | 001,402,880 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 13:22:06 | 004,232,663 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 06:14:20 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/28 00:39:26 | 945,742,145 | ---- | M] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:56 | 000,001,274 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/28 00:19:51 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/27 22:49:04 | 000,000,000 | ---- | M] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/09/27 20:07:14 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:24 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:29 | 000,209,731 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:17:53 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/25 23:03:48 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | M] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 22:59:47 | 000,140,521 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 02:39:03 | 1996,558,848 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 21:11:03 | 957,004,851 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:53:18 | 1565,415,296 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:47 | 000,590,320 | ---- | M] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 20:23:19 | 000,689,976 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:33:10 | 000,001,123 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:41 | 000,650,048 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/22 13:45:14 | 000,031,102 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hip-h0p combine.m3u
[2011/09/16 11:48:48 | 000,137,254 | ---- | M] () -- C:\Windows\hpoins44.dat
[2011/09/15 18:29:07 | 000,032,256 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/15 16:59:14 | 000,439,808 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/13 11:20:20 | 074,468,719 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:47 | 003,843,175 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:31:43 | 000,000,696 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:53 | 007,516,092 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:15 | 005,287,269 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/08 03:59:52 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/05 14:25:37 | 000,002,930 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:47:18 | 012,239,298 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:58 | 008,139,089 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/30 15:03:12 | 003,342,199 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:47 | 006,420,839 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 17:16:43 | 000,019,689 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:06:04 | 007,299,365 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/28 21:28:39 | 000,018,098 | ---- | C] () -- C:\MGlogs.zip
[2011/09/28 21:27:57 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:26:42 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/28 20:52:02 | 000,000,416 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/09/28 20:51:58 | 000,497,344 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/09/28 20:50:11 | 000,090,568 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/09/28 16:52:34 | 000,003,003 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:51:57 | 001,402,880 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 00:19:56 | 000,001,274 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/27 22:49:04 | 000,000,000 | ---- | C] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/09/27 22:17:12 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/27 20:07:00 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:01 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:22 | 000,209,731 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:03:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/25 23:03:48 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | C] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 23:02:21 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 23:02:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 22:59:46 | 000,140,521 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 01:57:55 | 1996,558,848 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 20:53:18 | 957,004,851 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:23:47 | 1565,415,296 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:18 | 000,689,976 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:32:26 | 000,001,123 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:37 | 000,650,048 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/19 09:18:50 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/19 09:18:50 | 000,439,808 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/19 09:18:50 | 000,032,256 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/16 11:48:46 | 000,170,043 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2011/09/16 11:48:46 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011/09/13 11:17:19 | 074,468,719 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:39 | 003,843,175 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:30:57 | 000,000,696 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:17 | 007,516,092 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:07 | 005,287,269 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/05 14:25:37 | 000,002,930 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:46:51 | 012,239,298 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:41 | 008,139,089 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/01 12:41:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/06/01 12:40:21 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/01 12:10:48 | 000,000,600 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Roaming\winscp.rnd
[2011/05/25 12:27:29 | 000,137,254 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/05/25 12:27:29 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011/05/17 13:51:09 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/15 02:21:34 | 000,007,168 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 21:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Blackberry Desktop
[2011/05/11 05:41:29 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\DAEMON Tools Lite
[2011/08/25 18:43:03 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fofix
[2011/06/06 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\FreeStone Group
[2011/08/20 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fretsonfire
[2011/05/11 06:34:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\ImgBurn
[2011/07/04 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2011/09/17 00:04:54 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/07/29 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\redsn0w
[2011/06/01 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Research In Motion
[2011/09/30 09:50:08 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\uTorrent
[2009/07/13 22:08:49 | 000,032,222 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/09/24 20:23:47 | 000,590,320 | ---- | M] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2011/09/28 21:26:44 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2011/03/10 23:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/10 23:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/10 23:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/10 23:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/10 23:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/10 23:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >

0

OTL Extras logfile created on: 30/09/2011 9:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Rae Anthony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.35% Memory free
7.99 Gb Paging File | 6.26 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 165.76 Gb Free Space | 35.60% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive E: | 88.64 Gb Total Space | 22.59 Gb Free Space | 25.48% Space Free | Partition Type: NTFS

Computer Name: RAEANTHONY-PC | User Name: Rae Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{39024C9F-4BEF-4B91-A35C-ACD8BCA7B1CD}" = ATI AVIVO64 Codecs
"{3C9B2770-E66E-D289-56A0-95CFADA8EB26}" = AMD Catalyst Install Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E33AC780-456C-6295-E0F3-10A8D39A09FB}" = AMD Drag and Drop Transcoding
"{F5011D7D-0DC2-4669-8B7F-52064D40CCEC}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3FFF605A-B4CE-0706-16C3-7313BBF32DFA}" = iTunes Export
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C264441-3025-8760-396B-CEF83ADA7C88}" = HydraVision
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A0284E02-8114-4D23-B7C7-C2C4FAD2C355}" = Dragon Saga
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD3F7BD-02E6-9150-2D34-F9F3109FA466}" = Catalyst Control Center InstallProxy
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DragonNest" = DragonNest
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow v1.1.3851 [2011-05-12]
"Frets on Fire" = Frets On Fire
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ImgBurn" = ImgBurn
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"Liveupdate5_is1" = Liveupdate5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PlayerScore" = PlayerScore
"Postal 2_is1" = Portal 2
"Rohan_RBF" = Rohan_RBF
"Sapphire TRIXX" = Sapphire TRIXX
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"uTorrent" = µTorrent
"Video Card Stability Test" = Video Card Stability Test
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"winscp3_is1" = WinSCP 4.3.3
"winscpfar_is1" = WinSCP plugin for FAR 1.6.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2011 6:34:46 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 6.0.2.4262, time
stamp: 0x4e6163d9 Faulting module name: USER32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb3c Exception code: 0xc0000409 Fault offset: 0x00030195 Faulting process
id: 0x47c Faulting application start time: 0x01cc7e2ed1b920d1 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\syswow64\USER32.dll
Report
Id: 110179c0-ea22-11e0-b809-406186f12390

Error - 28/09/2011 6:34:57 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.186, time
stamp: 0x4e77dea9 Faulting module name: USER32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb3c Exception code: 0xc0000409 Fault offset: 0x00030195 Faulting process
id: 0xf0c Faulting application start time: 0x01cc7e2ed938dec8 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\syswow64\USER32.dll Report Id: 17991225-ea22-11e0-b809-406186f12390

Error - 28/09/2011 6:35:50 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc6b7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc00000fd Fault offset: 0x73d2e2c4 Faulting process id: 0xbfc Faulting application
start time: 0x01cc7e2ef96060a7 Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting
module path: unknown Report Id: 371b33c9-ea22-11e0-b809-406186f12390

Error - 28/09/2011 6:38:05 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: regsvr32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bca28 Faulting module name: USER32.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3c Exception code: 0xc0000409 Fault offset: 0x00030195 Faulting
process id: 0x4e0 Faulting application start time: 0x01cc7e2f496e8dcb Faulting application
path: C:\Windows\SysWOW64\regsvr32.exe Faulting module path: C:\Windows\syswow64\USER32.dll
Report
Id: 8777ee56-ea22-11e0-b809-406186f12390

Error - 28/09/2011 6:38:11 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: regsvr32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bca28 Faulting module name: USER32.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3c Exception code: 0xc0000409 Fault offset: 0x00030195 Faulting
process id: 0x1b8 Faulting application start time: 0x01cc7e2f4d7eb787 Faulting application
path: C:\Windows\SysWOW64\regsvr32.exe Faulting module path: C:\Windows\syswow64\USER32.dll
Report
Id: 8b414b09-ea22-11e0-b809-406186f12390

Error - 28/09/2011 6:41:09 PM | Computer Name = RaeAnthony-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bc60f Faulting module name: USER32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb3c Exception code: 0xc0000409 Fault offset: 0x00030195 Faulting process
id: 0x888 Faulting application start time: 0x01cc7e2fb2c4d936 Faulting application
path: C:\Windows\SysWOW64\NOTEPAD.EXE Faulting module path: C:\Windows\syswow64\USER32.dll
Report
Id: f53e36c0-ea22-11e0-b809-406186f12390

Error - 28/09/2011 7:26:56 PM | Computer Name = RaeAnthony-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 28/09/2011 7:26:56 PM | Computer Name = RaeAnthony-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 29/09/2011 1:34:16 AM | Computer Name = RaeAnthony-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 29/09/2011 1:34:16 AM | Computer Name = RaeAnthony-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ System Events ]
Error - 28/09/2011 6:42:41 PM | Computer Name = RaeAnthony-PC | Source = DCOM | ID = 10005
Description =

Error - 28/09/2011 6:42:41 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 28/09/2011 6:42:42 PM | Computer Name = RaeAnthony-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 29/09/2011 1:33:13 AM | Computer Name = RaeAnthony-PC | Source = DCOM | ID = 10010
Description =


< End of report >

0

I noticed you had Wpakill on the PC. Only reason for that is to bypass Windows activation when one has a pirate copy of Windows. Hopefully yours is legit?

====

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKLM..\Run: [] File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

0

I noticed you had Wpakill on the PC. Only reason for that is to bypass Windows activation when one has a pirate copy of Windows. Hopefully yours is legit?

====

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKLM..\Run: [] File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

to be honest, i got this rig as a birthday present from my friend who owns a computer shop. I do not know the full history.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rae Anthony
->Flash cache emptied: 110575 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rae Anthony
->Temp folder emptied: 2405482508 bytes
->Temporary Internet Files folder emptied: 31012567 bytes
->Java cache emptied: 395354 bytes
->FireFox cache emptied: 286926420 bytes
->Google Chrome cache emptied: 6326370 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 3978 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16356 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 6733559715 bytes

Total Files Cleaned = 9,025.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10012011_113106

Files\Folders moved on Reboot...
C:\Users\Rae Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

0

OTL logfile created on: 01/10/2011 11:47:40 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Rae Anthony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.77% Memory free
7.99 Gb Paging File | 6.02 Gb Available in Paging File | 75.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 181.80 Gb Free Space | 39.04% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive E: | 88.64 Gb Total Space | 22.59 Gb Free Space | 25.48% Space Free | Partition Type: NTFS

Computer Name: RAEANTHONY-PC | User Name: Rae Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
PRC - [2011/09/30 15:25:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2010/06/28 21:01:20 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 15:25:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/29 15:09:26 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_yar.dll
MOD - [2011/09/25 11:00:27 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/14 12:20:46 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2011/05/14 12:20:46 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2011/05/14 12:20:45 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2011/05/14 12:20:44 | 000,623,104 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2011/05/14 12:20:44 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2011/05/14 12:20:44 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2011/05/14 12:20:44 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2011/05/14 12:20:44 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2011/05/14 12:20:44 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2011/05/14 12:20:44 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2011/05/14 12:20:44 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2011/05/14 12:20:44 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2011/05/14 12:20:44 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2011/05/14 12:20:44 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2011/05/14 12:20:44 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2011/05/14 12:20:44 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2011/05/14 12:20:43 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/05/14 12:20:43 | 000,115,200 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/05/14 12:20:43 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
MOD - [2011/05/14 12:20:43 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2011/05/14 12:20:43 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2011/05/14 12:20:42 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2011/05/14 12:20:42 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2011/05/14 12:20:42 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2011/05/14 12:20:42 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2011/05/14 12:20:42 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2011/05/14 12:20:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2011/05/14 12:20:42 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2011/05/14 12:20:42 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2011/05/14 12:20:42 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2011/05/14 12:20:41 | 000,291,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2011/05/14 12:20:41 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2011/05/14 12:20:41 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2011/05/14 12:20:41 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2011/05/14 12:20:41 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2011/05/14 12:20:41 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/05/14 12:20:40 | 000,312,320 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2011/05/14 12:20:40 | 000,304,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2011/05/14 12:20:40 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2011/05/14 12:20:40 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2011/05/14 12:20:40 | 000,183,808 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/05/14 12:20:40 | 000,164,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2011/05/14 12:20:40 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2011/05/14 12:20:40 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2011/05/14 12:20:40 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2011/05/14 12:20:40 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2011/05/14 12:20:40 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
MOD - [2011/05/14 12:20:40 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2011/05/14 12:20:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2011/05/14 12:20:40 | 000,050,176 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2011/05/14 12:20:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
MOD - [2011/05/14 12:20:40 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2011/05/14 12:20:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/05/14 12:20:40 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2011/05/14 12:20:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2011/05/14 12:20:40 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2011/05/14 12:20:40 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2011/05/14 12:20:39 | 001,735,680 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2011/05/14 12:20:39 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2011/05/14 12:20:38 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2011/05/14 12:20:38 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2011/05/14 12:20:37 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2011/05/11 13:59:57 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dda6d8c7413334b605fcf590a702e9f1\Microsoft.VisualBasic.ni.dll
MOD - [2011/05/11 01:59:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/05/11 01:59:23 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/05/11 01:59:19 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/05/11 01:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/05/11 01:59:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/05/11 01:59:02 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/05/11 01:58:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2010/12/27 15:04:22 | 001,044,648 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2010/05/12 14:06:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 14:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/14 15:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/28 15:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 13:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/11 05:39:53 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010/07/01 04:44:34 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)
DRV - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 48 BC 04 90 0F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/25 23:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/25 12:30:30 | 000,000,000 | ---D | M]

[2011/05/10 21:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions
[2011/09/09 07:19:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/11 05:39:44 | 000,002,055 | ---- | M] () -- C:\Users\Rae Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\593ud02r.default\searchplugins\daemon-search.xml
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/18 18:06:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/30 15:25:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/18 18:06:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/06/28 21:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/30 15:25:53 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/30 15:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/30 15:25:53 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/30 15:25:53 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/30 15:25:53 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/01 11:32:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3172544B-3990-4249-8FF7-741F9D8A1BA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E035A311-F61D-47F4-A5CF-E770FCF8B253}: NameServer = 64.59.144.90,64.59.144.91
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/02 12:15:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b56a67bc-7b67-11e0-81df-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 11:36:41 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\java
[2011/10/01 11:31:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/01 09:38:36 | 000,000,000 | ---D | C] -- C:\e
[2011/10/01 00:41:43 | 000,117,520 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2011/10/01 00:41:43 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\MotioninJoy
[2011/10/01 00:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2011/10/01 00:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2011/09/30 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\HPAppData
[2011/09/30 21:06:36 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/29 15:11:29 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Car
[2011/09/29 14:56:04 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\New folder (2)
[2011/09/29 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Ahead
[2011/09/28 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\AirMouse
[2011/09/28 21:28:38 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/09/28 21:28:28 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/28 21:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/28 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/28 21:25:58 | 012,609,904 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 16:52:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/28 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/28 14:31:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/28 13:22:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/28 13:22:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/28 13:22:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/28 13:22:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/28 13:21:59 | 004,232,663 | R--- | C] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 00:22:15 | 945,742,145 | ---- | C] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:47 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/25 23:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/25 23:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/25 23:02:17 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Google
[2011/09/25 23:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/25 08:37:12 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonSaga
[2011/09/25 02:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Saga
[2011/09/25 02:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
[2011/09/24 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Dragonica
[2011/09/24 21:11:14 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2011/09/24 20:23:46 | 000,590,320 | ---- | C] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5
[2011/09/23 01:31:57 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Winject
[2011/09/19 10:49:24 | 000,000,000 | ---D | C] -- C:\Data
[2011/09/18 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\Need for Speed World
[2011/09/17 00:04:54 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/09/16 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Data
[2011/09/11 09:21:39 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\AppData\Local\Electronic_Arts_Inc
[2011/09/11 09:20:47 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Desktop\Need For Speed World
[2011/09/11 09:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/09/03 17:47:58 | 000,000,000 | ---D | C] -- C:\B
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/09/01 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\Rae Anthony\Documents\DragonNest

========== Files - Modified Within 30 Days ==========

[2011/10/01 11:37:48 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/01 11:37:48 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/01 11:37:48 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/01 11:33:33 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/01 11:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/01 11:33:21 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/01 11:32:50 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 11:32:49 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 11:32:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/01 11:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/01 10:17:57 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/01 09:38:37 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/10/01 09:38:37 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/10/01 09:38:37 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/10/01 09:38:37 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/10/01 09:38:37 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/10/01 09:38:37 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2011/10/01 09:38:37 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/10/01 09:38:37 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/10/01 09:38:37 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/10/01 09:38:37 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/10/01 09:38:37 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/10/01 09:38:37 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/10/01 09:38:37 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/10/01 09:38:37 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/10/01 09:38:37 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/10/01 09:31:32 | 000,000,416 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/10/01 09:31:31 | 000,497,344 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/10/01 09:31:29 | 000,090,568 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/10/01 00:45:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/10/01 00:44:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/10/01 00:44:11 | 000,000,947 | ---- | M] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/10/01 00:44:11 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/09/30 23:22:08 | 003,581,573 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfshacks.rar
[2011/09/30 22:45:04 | 002,954,809 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.rar
[2011/09/30 21:06:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Rae Anthony\Desktop\OTL.exe
[2011/09/30 15:03:17 | 003,342,199 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:59 | 006,420,839 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 17:20:03 | 000,019,689 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:22:55 | 000,038,829 | ---- | M] () -- C:\Users\Rae Anthony\Documents\car.nri
[2011/09/29 16:06:21 | 007,299,365 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/29 14:40:37 | 000,031,113 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hiph0p.m3u
[2011/09/28 21:35:41 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:28:39 | 000,018,098 | ---- | M] () -- C:\MGlogs.zip
[2011/09/28 21:27:08 | 012,609,904 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rae Anthony\Desktop\SUPERAntiSpyware.exe
[2011/09/28 21:26:44 | 002,420,346 | ---- | M] () -- C:\MGtools.exe
[2011/09/28 16:53:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\dds.com
[2011/09/28 16:52:34 | 000,003,003 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:52:03 | 001,402,880 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 13:22:06 | 004,232,663 | R--- | M] (Swearware) -- C:\Users\Rae Anthony\Desktop\user123.exe
[2011/09/28 06:14:20 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/28 00:39:26 | 945,742,145 | ---- | M] (Acresso Software Inc.) -- C:\Users\Rae Anthony\Desktop\FreeStyleSetup1.63.exe
[2011/09/28 00:19:56 | 000,001,274 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/28 00:19:51 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Users\Rae Anthony\Desktop\cnet_FreeStyleSetup_exe.exe
[2011/09/27 22:49:04 | 000,000,000 | ---- | M] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/09/27 20:07:14 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:24 | 001,664,682 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:29 | 000,209,731 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:03:48 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | M] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 22:59:47 | 000,140,521 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 02:39:03 | 1996,558,848 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 21:11:03 | 957,004,851 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:53:18 | 1565,415,296 | ---- | M] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:47 | 000,590,320 | ---- | M] (GALA Networks Europe Limited ) -- C:\Dragonica_NewOrigin_20110920.exe
[2011/09/24 20:23:19 | 000,689,976 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:33:10 | 000,001,123 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:41 | 000,650,048 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/22 13:45:14 | 000,031,102 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\hip-h0p combine.m3u
[2011/09/16 11:48:48 | 000,137,254 | ---- | M] () -- C:\Windows\hpoins44.dat
[2011/09/15 18:29:07 | 000,032,256 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/15 16:59:14 | 000,439,808 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/13 11:20:20 | 074,468,719 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:47 | 003,843,175 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:31:43 | 000,000,696 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:53 | 007,516,092 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:15 | 005,287,269 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/08 03:59:52 | 003,252,736 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/05 14:25:37 | 000,002,930 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:47:18 | 012,239,298 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:58 | 008,139,089 | ---- | M] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url

========== Files Created - No Company Name ==========

[2011/10/01 09:38:37 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2011/10/01 09:38:37 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2011/10/01 09:38:37 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2011/10/01 09:38:37 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2011/10/01 09:38:37 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2011/10/01 09:38:37 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2011/10/01 09:38:37 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2011/10/01 09:38:37 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2011/10/01 09:38:37 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2011/10/01 09:38:37 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2011/10/01 09:38:37 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2011/10/01 09:38:37 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2011/10/01 09:38:37 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2011/10/01 09:38:37 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2011/10/01 09:38:37 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2011/10/01 00:45:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/10/01 00:44:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2011/10/01 00:41:43 | 000,000,947 | ---- | C] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2011/10/01 00:41:43 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011/09/30 23:21:22 | 003,581,573 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfshacks.rar
[2011/09/30 22:45:03 | 002,954,809 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.rar
[2011/09/30 15:03:12 | 003,342,199 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Mac Miller – Donald Trump (prod. Sap).mp3
[2011/09/30 14:52:47 | 006,420,839 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wale + Daniel Merriweather - The War.mp3
[2011/09/29 17:16:43 | 000,019,689 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\149094_127486373976792_100001462890577_165146_1709692_n.jpg
[2011/09/29 16:06:04 | 007,299,365 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DJ Drama Ft. Trey Songz, 2 Chainz & Big Sean - Oh My (Remix).mp3
[2011/09/29 14:55:50 | 000,021,734 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\car.m3u
[2011/09/28 21:28:39 | 000,018,098 | ---- | C] () -- C:\MGlogs.zip
[2011/09/28 21:27:57 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/28 21:26:42 | 002,420,346 | ---- | C] () -- C:\MGtools.exe
[2011/09/28 20:52:02 | 000,000,416 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileen.hsh
[2011/09/28 20:51:58 | 000,497,344 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFileTracksHigh.hsh
[2011/09/28 20:50:11 | 000,090,568 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HashFile.hsh
[2011/09/28 16:52:34 | 000,003,003 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.lnk
[2011/09/28 16:51:57 | 001,402,880 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\HiJackThis.msi
[2011/09/28 00:19:56 | 000,001,274 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Install FreeStyle Street Basketball (Gamekiss).lnk
[2011/09/27 22:49:04 | 000,000,000 | ---- | C] () -- C:\srch_loc_1.gif
[2011/09/27 22:49:02 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2011/09/27 22:49:02 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2011/09/27 22:17:12 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_6.EXE
[2011/09/27 20:07:00 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK(1).exe
[2011/09/27 19:59:01 | 001,664,682 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\NFSW HACK.exe
[2011/09/27 19:53:08 | 000,000,177 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Settings.ini
[2011/09/26 22:27:22 | 000,209,731 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\38974_416074484716_510414716_4445708_6237361_n.jpg
[2011/09/25 23:03:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/25 23:03:48 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/25 23:02:36 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/25 23:02:36 | 000,002,239 | ---- | C] () -- C:\Users\Rae Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/25 23:02:21 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 23:02:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 22:59:46 | 000,140,521 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\imedikate physicians recommendation form.pdf
[2011/09/25 02:47:39 | 000,002,063 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragon Saga.lnk
[2011/09/25 02:46:33 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Saga.lnk
[2011/09/25 01:57:55 | 1996,558,848 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonSagaInstaller-0.1.29-20110216.msi
[2011/09/24 21:15:36 | 000,000,771 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica.lnk
[2011/09/24 20:53:18 | 957,004,851 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1b.bin
[2011/09/24 20:23:47 | 1565,415,296 | ---- | C] () -- C:\Dragonica_NewOrigin_20110920-1a.bin
[2011/09/24 20:23:18 | 000,689,976 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Dragonica_EN.exe
[2011/09/24 17:07:38 | 000,000,612 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Winject - Shortcut.lnk
[2011/09/23 01:32:26 | 000,001,123 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\MapleStory - Shortcut.lnk
[2011/09/23 01:27:37 | 000,650,048 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\GGTrainer 1.2.5.zip
[2011/09/19 09:18:50 | 003,252,736 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\nfsw_trainer_v1_2_4.EXE
[2011/09/19 09:18:50 | 000,439,808 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\livedown_nfsw_bot.exe
[2011/09/19 09:18:50 | 000,032,256 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\PURSUIT HACK 29TH.exe
[2011/09/16 11:48:46 | 000,170,043 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2011/09/16 11:48:46 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011/09/13 11:17:19 | 074,468,719 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Wiz Khalifa - Amber Kush.zip
[2011/09/13 10:47:39 | 003,843,175 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Baby Bash feat Slim Thug & Stooie Bros - Swananana BMF.mp3
[2011/09/11 09:21:26 | 000,001,678 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Need For Speed World.lnk
[2011/09/11 08:30:57 | 000,000,696 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\DragonNest - Shortcut.lnk
[2011/09/09 07:20:17 | 007,516,092 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Chris Brown Ft. Berner, Wiz Khalifa & Big K.R.I.T. - Yoko.mp3
[2011/09/08 23:46:07 | 005,287,269 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\Berner Ft. Wiz Khalifa & Big K.R.I.T. - Yoko (Prod. By Big K.R.I.T.).mp3
[2011/09/05 14:25:37 | 000,002,930 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\FoFiX - Shortcut (2).lnk
[2011/09/03 17:46:51 | 012,239,298 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviWanteddeadoralivev10111e10d784e905f19dc25aba7979718f.exe
[2011/09/03 17:46:41 | 008,139,089 | ---- | C] () -- C:\Users\Rae Anthony\Desktop\BonJoviLivinonaPrayerv10ac59020785911dd87d62cae159e9cca7.exe
[2011/09/01 19:58:30 | 000,000,175 | ---- | C] () -- C:\Users\Public\Desktop\DragonNest.url
[2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/01 12:41:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/06/01 12:40:21 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/01 12:10:48 | 000,000,600 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Roaming\winscp.rnd
[2011/05/25 12:27:29 | 000,137,254 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/05/25 12:27:29 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011/05/17 13:51:09 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/15 02:21:34 | 000,007,168 | ---- | C] () -- C:\Users\Rae Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 21:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 13:57:30 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Blackberry Desktop
[2011/05/11 05:41:29 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\DAEMON Tools Lite
[2011/08/25 18:43:03 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fofix
[2011/06/06 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\FreeStone Group
[2011/08/20 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\fretsonfire
[2011/05/11 06:34:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\ImgBurn
[2011/07/04 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2011/10/01 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\MotioninJoy
[2011/09/17 00:04:54 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Need for Speed World
[2011/07/29 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\redsn0w
[2011/06/01 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\Research In Motion
[2011/09/30 09:50:08 | 000,000,000 | ---D | M] -- C:\Users\Rae Anthony\AppData\Roaming\uTorrent
[2009/07/13 22:08:49 | 000,032,476 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

0

Not seeing anything untoward there. How is the PC now?

thanks so much, my PC is doing fine now! gladly appreciate your effort! thanks again so much.

0

No worries :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.