Rrrrgh1

Members

View Profile See their activity

Posts
7
Joined
July 14, 2011
Last visited
July 17, 2011

Reputation

0 Neutral

This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

Here we go! OTL logfile created on: 7/15/2011 4:58:27 PM - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.78 Gb Available Physical Memory | 72.34% Memory free 15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 922.35 Gb Total Space | 722.07 Gb Free Space | 78.29% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 1103.86 Gb Free Space | 79.00% Space Free | Partition Type: NTFS Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (SafeList) ========== MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv) DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc) DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M] [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a} [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com [2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/15 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/07/15 14:04:29 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Russell Gammon\Desktop\esetsmartinstaller_enu.exe [2011/07/15 12:13:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes [2011/07/13 16:08:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783} [2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live [2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper [2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV [2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8 [2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft [2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF [2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker [2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP [2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online [2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine [2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory [2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files [2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files [2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl [2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd [2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier [2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell [2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation [2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware [2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs [2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate [2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files [2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache [2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411 [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help [2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui [2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui [2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui [2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui [2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell [2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security [2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia [2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps [2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics [2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old [2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center [2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft [2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp [2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool [2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities [2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts [2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data [2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs [2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery [2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency [2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp [2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs [2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD [2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe [2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe [2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup [2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro [2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games [2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre [2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity [2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5 [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum [2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey [2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk ========== Files - Modified Within 30 Days ========== [2011/07/15 16:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/07/15 16:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/15 15:28:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/15 15:28:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/15 14:04:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Russell Gammon\Desktop\esetsmartinstaller_enu.exe [2011/07/15 12:50:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/15 12:22:10 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/07/15 12:22:10 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/07/15 12:22:10 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/07/15 12:17:24 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/15 12:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/15 12:17:03 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys [2011/07/15 00:10:45 | 000,001,070 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/14 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat [2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini [2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc ========== Files Created - No Company Name ========== [2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011/07/12 20:36:38 | 000,001,070 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk [2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll [2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat [2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat [2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat [2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version [2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu [2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2009/07/14 00:08:49 | 000,009,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
- July 15, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

All of my original symptoms are gone. The ESET still found 2 threats tho. I am happy! Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7152 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/15/2011 2:03:48 PM mbam-log-2011-07-15 (14-03-48).txt Scan type: Quick scan Objects scanned: 232734 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=7fb3d4fa616238489b050e6e231bb85c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-15 08:45:43 # local_time=2011-07-15 03:45:43 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 944211 944211 0 0 # compatibility_mode=5893 16776574 100 94 518149 62300337 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=363855 # found=2 # cleaned=2 # scan_time=5856 C:\_OTL\MovedFiles\07152011_121309\C_Windows\SysWOW64\C_20278U.dll a variant of Win32/Kryptik.QGJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Files\video23gp_install.exe Win32/Adware.MarketScore.A application (deleted - quarantined) 00000000000000000000000000000000 C
- July 15, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

/crosses fingers OTL logfile created on: 7/15/2011 12:21:31 PM - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.28% Memory free 15.98 Gb Paging File | 14.22 Gb Available in Paging File | 88.97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 922.35 Gb Total Space | 722.53 Gb Free Space | 78.34% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 1103.85 Gb Free Space | 79.00% Space Free | Partition Type: NTFS Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe ========== Modules (SafeList) ========== MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv) DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc) DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M] [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a} [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com [2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/15 12:13:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes [2011/07/13 16:08:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783} [2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live [2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper [2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV [2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8 [2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft [2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF [2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker [2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP [2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online [2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine [2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory [2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files [2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files [2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl [2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd [2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier [2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell [2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation [2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware [2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs [2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate [2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files [2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache [2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411 [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help [2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui [2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui [2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui [2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui [2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell [2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security [2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia [2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps [2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics [2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old [2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center [2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft [2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp [2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool [2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities [2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts [2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data [2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs [2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery [2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency [2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp [2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs [2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD [2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe [2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe [2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup [2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro [2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games [2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre [2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity [2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5 [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum [2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey [2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk ========== Files - Modified Within 30 Days ========== [2011/07/15 12:24:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/15 12:24:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/15 12:22:10 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/07/15 12:22:10 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/07/15 12:22:10 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/07/15 12:17:24 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/15 12:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/15 12:17:03 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys [2011/07/15 11:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/07/15 11:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/15 00:10:45 | 000,001,070 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/14 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:08:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat [2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini [2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc ========== Files Created - No Company Name ========== [2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011/07/12 20:36:38 | 000,001,070 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk [2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll [2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat [2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat [2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat [2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version [2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu [2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2009/07/14 00:08:49 | 000,009,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7149 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/15/2011 12:52:58 PM mbam-log-2011-07-15 (12-52-58).txt Scan type: Quick scan Objects scanned: 232695 Time elapsed: 1 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- July 15, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

OTL number 2! OTL logfile created on: 7/14/2011 5:25:07 PM - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 78.63% Memory free 15.98 Gb Paging File | 14.14 Gb Available in Paging File | 88.47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 922.35 Gb Total Space | 731.22 Gb Free Space | 79.28% Space Free | Partition Type: NTFS Drive D: | 1397.26 Gb Total Space | 1103.85 Gb Free Space | 79.00% Space Free | Partition Type: NTFS Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe ========== Modules (SafeList) ========== MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp) SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv) DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc) DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data] IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M] [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a} [2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com [2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes [2011/07/13 16:08:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783} [2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live [2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP [2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot [2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot [2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper [2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV [2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8 [2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft [2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF [2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker [2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP [2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online [2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online [2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine [2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory [2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files [2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files [2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl [2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd [2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier [2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell [2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation [2011/06/24 17:18:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187} [2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware [2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs [2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate [2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files [2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache [2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja [2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411 [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help [2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui [2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui [2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui [2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui [2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell [2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security [2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia [2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment [2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps [2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics [2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old [2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center [2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft [2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield [2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp [2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool [2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches [2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities [2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts [2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data [2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data [2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop [2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft [2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs [2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery [2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency [2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp [2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs [2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD [2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant [2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter [2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown [2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe [2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft [2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer [2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe [2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup [2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro [2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum [2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer [2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader [2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt [2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games [2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre [2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player [2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity [2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5 [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine [2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum [2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps [2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey [2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk ========== Files - Modified Within 30 Days ========== [2011/07/14 17:13:13 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/14 17:13:13 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/14 17:10:19 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/07/14 17:10:19 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/07/14 17:10:19 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2011/07/14 17:10:19 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2011/07/14 17:10:19 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/07/14 17:06:10 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/14 17:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/14 17:05:45 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys [2011/07/14 16:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/07/14 16:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr [2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe [2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr [2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:08:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/07/12 20:36:38 | 000,001,088 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat [2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/09 21:36:51 | 000,106,496 | RHS- | M] () -- C:\Windows\SysWow64\C_20278U.dll [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys [2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini [2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys [2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc ========== Files Created - No Company Name ========== [2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat [2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip [2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe [2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable [2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe [2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2011/07/12 20:36:38 | 000,001,088 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk [2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe [2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk [2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache [2011/07/09 21:36:51 | 000,106,496 | RHS- | C] () -- C:\Windows\SysWow64\C_20278U.dll [2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat [2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk [2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll [2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat [2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk [2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI [2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache [2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat [2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat [2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat [2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat [2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job [2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job [2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk [2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version [2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu [2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/07/12 12:58:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vghd [2011/06/17 16:38:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk [2011/06/17 16:38:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HouseCall 6.6 [2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nuance [2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom [2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YouSendIt [2011/06/17 16:57:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Autodesk [2011/06/17 16:57:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Avery [2011/06/17 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\BitTorrent [2011/06/17 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\PCDr [2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Registry Mechanic [2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Teleca [2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\thriXXX [2011/06/17 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TrueCrypt [2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\vghd [2011/06/18 10:39:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\YouSendIt [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk [2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery [2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent [2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca [2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX [2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd [2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt [2009/07/14 00:08:49 | 000,009,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
- July 14, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

I'm cautiously optimistic. One of the symptoms already stopped! ComboFix 11-07-14.05 - Russell Gammon 07/14/2011 16:37:52.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6800 [GMT -5:00] Running from: c:\users\Russell Gammon\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Software.url c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\MP3 Download.url c:\windows\SysWow64\Ijl11.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 ))))))))))))))))))))))))))))))) . . 2011-07-14 21:43 . 2011-07-14 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-13 21:08 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-13 21:08 . 2011-07-13 21:08 -------- d-----w- c:\programdata\Malwarebytes 2011-07-13 21:08 . 2011-07-13 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-13 21:08 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-13 18:04 . 2011-07-13 18:04 -------- d-----w- c:\windows\en 2011-07-13 18:01 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-07-13 18:01 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-07-13 18:01 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-07-13 18:01 . 2011-07-13 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DSETUP.dll 2011-07-13 18:01 . 2011-07-13 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DXSETUP.exe 2011-07-13 18:01 . 2011-07-13 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\dsetup32.dll 2011-07-13 18:01 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-07-13 18:01 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2011-07-13 18:01 . 2011-07-13 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DSETUP.dll 2011-07-13 18:01 . 2011-07-13 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DXSETUP.exe 2011-07-13 18:01 . 2011-07-13 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\dsetup32.dll 2011-07-13 17:54 . 2011-07-13 17:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-07-13 17:54 . 2011-07-13 17:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-13 17:54 . 2011-07-13 17:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-13 17:54 . 2011-07-13 17:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-07-13 17:11 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-07-13 17:10 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-13 17:10 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-13 17:10 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 17:10 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-13 17:10 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe 2011-07-13 17:10 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-13 17:10 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-13 17:10 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-13 17:10 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-13 17:10 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-13 17:10 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-12 22:44 . 2011-07-12 22:44 -------- d-----w- c:\program files (x86)\MSSOAP 2011-07-12 22:44 . 2011-07-12 22:52 -------- d-----w- c:\programdata\Webroot 2011-07-12 22:44 . 2011-07-12 22:44 -------- d-----w- c:\program files (x86)\Webroot 2011-07-12 22:44 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll 2011-07-12 17:33 . 2011-07-12 17:33 -------- d-----w- c:\users\Admin 2011-07-11 20:27 . 2011-07-11 20:28 -------- d-----w- c:\windows\Standalone System Sweeper 2011-07-10 02:36 . 2011-07-10 02:36 106496 --sha-r- c:\windows\SysWow64\C_20278U.dll 2011-07-10 01:42 . 2011-07-10 01:42 -------- d-----w- c:\windows\Replay AV 2011-07-10 01:42 . 2011-07-10 20:31 -------- d-----w- c:\program files (x86)\Replay AV 8 2011-07-09 22:01 . 2011-07-09 22:01 -------- d-----w- c:\programdata\Ubisoft 2011-07-09 21:59 . 2011-07-09 21:59 -------- d-----w- c:\program files (x86)\MagicDisc 2011-07-09 21:59 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys 2011-07-09 21:59 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2011-07-08 19:12 . 2011-06-20 13:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B3A4B90-F28D-4CD4-B575-8DAEC5EE5935}\mpengine.dll 2011-07-07 22:12 . 2011-07-08 21:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-07-07 06:03 . 2011-07-07 06:03 -------- d-----w- c:\windows\SysWow64\Macromed 2011-07-07 05:39 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll 2011-07-06 23:31 . 2011-07-14 03:52 -------- d-----w- C:\HDW26T_TMP 2011-07-06 23:31 . 2011-07-06 23:31 -------- d-----w- c:\programdata\Panasonic 2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Common Files\Panasonic 2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Panasonic 2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2011-07-06 22:40 . 2009-09-04 22:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll 2011-07-06 22:40 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll 2011-07-06 22:40 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-07-06 22:38 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll 2011-07-06 22:36 . 2011-07-06 22:36 -------- d-----w- c:\windows\SysWow64\URTTEMP 2011-07-06 17:56 . 2011-07-08 01:09 -------- d-----w- c:\programdata\PMB Files 2011-07-05 06:02 . 2011-07-05 06:02 -------- d-----w- c:\windows\Sun 2011-06-30 18:50 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll 2011-06-26 07:40 . 2011-07-09 22:06 7 ----a-w- c:\windows\treeskp.sys 2011-06-26 07:40 . 2011-07-09 22:06 7 ----a-w- c:\windows\sbacknt.bin 2011-06-25 23:40 . 2011-06-30 14:45 -------- d-----w- c:\program files (x86)\World of Warcraft 2011-06-25 23:40 . 2011-06-25 23:41 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2011-06-25 23:39 . 2011-06-25 23:41 -------- d-----w- c:\programdata\Blizzard Entertainment 2011-06-25 08:02 . 2011-06-25 08:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-06-24 22:18 . 2011-06-24 22:18 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187} 2011-06-24 21:57 . 2011-06-24 21:57 -------- d-----w- c:\programdata\Uninstall 2011-06-24 21:57 . 2011-06-24 21:57 -------- d-----w- c:\programdata\Sonic 2011-06-24 21:56 . 2010-03-19 08:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2011-06-24 21:56 . 2009-05-15 08:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2011-06-24 21:56 . 2009-05-15 08:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2011-06-24 21:55 . 2011-06-25 03:59 -------- d-----w- c:\programdata\Roxio 2011-06-24 21:53 . 2011-06-24 21:53 -------- d-----w- c:\programdata\InstallShield 2011-06-24 21:52 . 2007-03-15 21:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll 2011-06-24 21:52 . 2007-03-15 21:57 443752 ------w- c:\windows\SysWow64\d3dx10_33.dll 2011-06-24 21:52 . 2007-03-12 21:42 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll 2011-06-24 21:52 . 2007-03-12 21:42 3495784 ------w- c:\windows\SysWow64\d3dx9_33.dll 2011-06-24 21:52 . 2007-03-12 21:42 1400176 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2011-06-24 21:52 . 2007-03-12 21:42 1123696 ------w- c:\windows\SysWow64\D3DCompiler_33.dll 2011-06-24 21:08 . 2011-06-24 21:08 -------- d-----w- c:\windows\PCHEALTH 2011-06-24 21:06 . 2011-06-24 21:06 -------- d-----r- C:\MSOCache 2011-06-24 16:29 . 2011-06-24 16:29 -------- d-----w- c:\windows\system32\SPReview 2011-06-24 16:28 . 2011-06-24 16:28 -------- d-----w- c:\windows\system32\EventProviders 2011-06-24 16:22 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-06-24 16:22 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-06-24 16:22 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-06-24 16:22 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2011-06-24 16:22 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2011-06-24 16:20 . 2010-11-20 13:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll 2011-06-24 16:20 . 2010-11-20 12:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll 2011-06-24 16:20 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-06-24 16:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll 2011-06-24 16:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-06-24 16:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-06-24 16:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-06-24 15:56 . 2011-06-24 21:08 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-06-24 14:11 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-06-24 14:11 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-06-24 14:11 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-06-24 14:11 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-06-24 14:11 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-06-24 08:01 . 2011-06-24 08:01 -------- d-----w- c:\windows\SysWow64\Wat 2011-06-24 08:01 . 2011-06-24 08:01 -------- d-----w- c:\windows\system32\Wat 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\ja-JP 2011-06-24 06:04 . 2011-06-24 18:43 -------- d-----w- c:\windows\SysWow64\ja 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\XPSViewer 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\0411 2011-06-24 06:04 . 2011-06-24 22:03 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP 2011-06-24 06:04 . 2011-06-24 18:42 -------- d-----w- c:\windows\system32\drivers\ja-JP 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\ja 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\0411 2011-06-24 06:04 . 2011-06-24 22:03 -------- d-----w- c:\windows\system32\wbem\ja-JP 2011-06-24 05:36 . 2011-07-13 17:25 -------- d-----w- c:\programdata\Microsoft Help 2011-06-24 05:31 . 2011-06-24 21:59 -------- d-----w- c:\program files (x86)\Microsoft Works 2011-06-24 05:19 . 2011-06-24 05:19 -------- d-----w- c:\program files (x86)\BitTorrent 2011-06-24 05:14 . 2009-07-13 23:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 18:01 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-24 16:34 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll 2011-06-24 16:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-03 05:57 . 2011-07-13 17:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-13 20:42 . 2011-05-13 20:42 302448 ----a-w- c:\windows\WLXPGSS.SCR . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176] R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744] R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384] R4 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-12 1201640] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 23:31] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 23:31] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job - c:\users\Russell Gammon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 04:51] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job - c:\users\Russell Gammon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 04:51] . 2011-07-13 c:\windows\Tasks\wrSpySweeper_LDF48D1460CDA4166830BB34664F2D0B6.job - c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-07-12 20:19] . 2011-07-13 c:\windows\Tasks\wrSpySweeper_LDF48D1460CDA4166830BB34664F2D0B6.job - c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-07-12 20:19] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.68.166 68.87.74.166 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-14 16:45:30 ComboFix-quarantined-files.txt 2011-07-14 21:45 . Pre-Run: 777,362,341,888 bytes free Post-Run: 785,067,618,304 bytes free . - - End Of File - - 727EDE84E8277CE16FE41CB09AF1127C
- July 14, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 replied to Rrrrgh1's topic in Resolved Malware Removal Logs

Ok. Done! And thanks for the quick response too! here's aswMBR log aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software Run date: 2011-07-14 09:27:37 ----------------------------- 09:27:37.805 OS Version: Windows x64 6.1.7601 Service Pack 1 09:27:37.805 Number of processors: 8 586 0x1A05 09:27:37.805 ComputerName: VADER UserName: 09:27:39.869 Initialize success 09:28:07.600 AVAST engine defs: 11071400 09:28:18.372 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:28:18.375 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3 09:28:18.379 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 09:28:18.382 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3 09:28:18.391 Disk 1 MBR read successfully 09:28:18.394 Disk 1 MBR scan 09:28:18.397 Disk 1 Windows 7 default MBR code 09:28:18.401 Service scanning 09:28:19.188 Disk 1 trace - called modules: 09:28:19.195 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 09:28:19.200 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007d98790] 09:28:19.204 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050] 09:28:21.313 AVAST engine scan C:\Windows 09:46:17.223 File: C:\Windows\SysWOW64\C_20278U.dll **INFECTED** Win32:Malware-gen 10:36:48.509 AVAST engine scan C:\Users\Russell Gammon 10:50:02.932 AVAST engine scan C:\ProgramData 11:03:58.552 Scan finished successfully 11:14:49.894 Disk 1 MBR has been saved successfully to "C:\Users\Russell Gammon\Desktop\MBR.dat" 11:14:49.900 The log file has been saved successfully to "C:\Users\Russell Gammon\Desktop\aswMBR.txt" OTL.txt and Extras.txt made the post too long so I attached them instead. I hope that works. Thanks again! Extras.Txt OTL.Txt
- July 14, 2011
- 14 replies
This weird Google redirect thing...

Rrrrgh1 posted a topic in Resolved Malware Removal Logs

My symptoms are a search engine ( all of them, but google was first) redirect AND the message that Windows Security Center Service cannot be started. heres the DDS log DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Russell Gammon at 23:25:27 on 2011-07-13 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6188 [GMT -5:00] . AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\conhost.exe C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Microsoft Games\solitaire\solitaire.exe C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [spySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray StartupFolder: C:\Users\RUSSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: NameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{46F3624A-B6B7-46D2-B7CD-96E8DF8AFFBD} : DHCPNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{46F3624A-B6B7-46D2-B7CD-96E8DF8AFFBD}\C696E6B6379737 : DHCPNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{7CBED59C-C97F-4E0D-B131-DCDDB214C27B} : DHCPNameServer = 68.87.68.166 68.87.74.166 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned> x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-24 55856] R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-6-23 256336] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-6-23 67664] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-7-12 1201640] R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-23 216064] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-24 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-24 1255736] S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176] S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxLiveShare10.exe [2009-6-10 309744] S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxWatch10.exe [2009-6-10 166384] . =============== Created Last 30 ================ . 2011-07-13 21:09:06 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes 2011-07-13 21:08:47 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-13 21:08:46 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-13 21:08:43 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-13 21:08:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-13 18:05:00 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783} 2011-07-13 18:04:09 -------- d-----w- C:\Windows\en 2011-07-13 18:01:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2011-07-13 18:01:39 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2011-07-13 18:01:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2011-07-13 18:01:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DSETUP.dll 2011-07-13 18:01:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DXSETUP.exe 2011-07-13 18:01:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\dsetup32.dll 2011-07-13 18:01:31 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2011-07-13 18:01:31 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2011-07-13 18:01:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DSETUP.dll 2011-07-13 18:01:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DXSETUP.exe 2011-07-13 18:01:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\dsetup32.dll 2011-07-13 18:00:55 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Windows Live 2011-07-13 17:54:59 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-07-13 17:54:47 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-13 17:54:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-13 17:54:36 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-07-13 17:11:58 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2011-07-13 17:10:36 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-13 17:10:36 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-07-13 17:10:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-13 17:10:36 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-13 17:10:36 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-13 17:10:36 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-13 17:10:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-13 17:10:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-13 17:10:35 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-13 17:10:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-13 17:10:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-12 22:44:25 -------- d-----w- C:\Program Files (x86)\MSSOAP 2011-07-12 22:44:25 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap 2011-07-12 22:44:20 1563008 ----a-w- C:\Windows\WRSetup.dll 2011-07-12 22:44:20 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Webroot 2011-07-12 22:44:20 -------- d-----w- C:\ProgramData\Webroot 2011-07-12 22:44:20 -------- d-----w- C:\Program Files (x86)\Webroot 2011-07-11 20:27:50 -------- d-----w- C:\Windows\Standalone System Sweeper 2011-07-10 20:29:47 -------- d-----w- C:\Windows\pss 2011-07-10 02:36:51 106496 --sha-r- C:\Windows\SysWow64\C_20278U.dll 2011-07-10 01:42:47 -------- d-----w- C:\Windows\Replay AV 2011-07-10 01:42:37 -------- d-----w- C:\Program Files (x86)\Replay AV 8 2011-07-09 22:01:30 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Ubisoft 2011-07-09 21:59:05 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys 2011-07-09 21:59:05 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys 2011-07-09 21:59:05 -------- d-----w- C:\Program Files (x86)\MagicDisc 2011-07-08 19:12:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B3A4B90-F28D-4CD4-B575-8DAEC5EE5935}\mpengine.dll 2011-07-07 22:12:32 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2011-07-07 05:40:05 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF 2011-07-07 05:39:41 95008 ----a-w- C:\Windows\System32\Primomonnt.dll 2011-07-06 23:31:27 -------- d-----w- C:\HDW26T_TMP 2011-07-06 23:31:22 -------- d-----w- C:\ProgramData\Panasonic 2011-07-06 23:31:21 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Panasonic 2011-07-06 22:52:41 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online 2011-07-06 22:52:21 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic 2011-07-06 22:52:09 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2011-07-06 22:52:09 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-07-06 22:52:07 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2011-07-06 22:40:44 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll 2011-07-06 22:40:44 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2011-07-06 22:40:43 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2011-07-06 22:39:42 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Turbine 2011-07-06 22:38:21 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll 2011-07-06 22:37:32 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory 2011-07-06 22:36:15 -------- d-----w- C:\Windows\SysWow64\URTTEMP 2011-07-06 18:04:11 -------- d-----w- C:\Users\Russell Gammon\LOTRO Standard Res Install Files 2011-07-06 17:56:12 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\PMB Files 2011-07-06 17:56:11 -------- d-----w- C:\ProgramData\PMB Files 2011-06-30 18:50:20 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll 2011-06-26 07:40:35 7 ----a-w- C:\Windows\treeskp.sys 2011-06-26 07:40:35 7 ----a-w- C:\Windows\sbacknt.bin 2011-06-26 07:40:31 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\vghd 2011-06-25 23:40:46 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Microsoft Games 2011-06-25 23:40:13 -------- d-----w- C:\Program Files (x86)\World of Warcraft 2011-06-25 23:40:13 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2011-06-25 23:39:36 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2011-06-24 22:19:17 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Dell 2011-06-24 22:18:46 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation 2011-06-24 22:18:44 -------- dc-h--w- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187} 2011-06-24 22:17:49 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\PackageAware 2011-06-24 21:57:47 -------- d-----w- C:\ProgramData\Uninstall 2011-06-24 21:56:40 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2011-06-24 21:56:40 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2011-06-24 21:56:40 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2011-06-24 21:53:00 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Programs 2011-06-24 21:52:25 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll 2011-06-24 21:52:25 443752 ------w- C:\Windows\SysWow64\d3dx10_33.dll 2011-06-24 21:52:24 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll 2011-06-24 21:52:24 3495784 ------w- C:\Windows\SysWow64\d3dx9_33.dll 2011-06-24 21:52:24 1400176 ----a-w- C:\Windows\System32\D3DCompiler_33.dll 2011-06-24 21:52:24 1123696 ------w- C:\Windows\SysWow64\D3DCompiler_33.dll 2011-06-24 21:51:30 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate 2011-06-24 21:50:11 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files 2011-06-24 21:08:41 -------- d-----w- C:\Windows\PCHEALTH 2011-06-24 16:29:58 -------- d-----w- C:\Windows\System32\SPReview 2011-06-24 16:28:56 -------- d-----w- C:\Windows\System32\EventProviders 2011-06-24 16:22:07 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-06-24 16:22:07 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-06-24 16:22:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2011-06-24 16:22:00 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2011-06-24 16:22:00 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2011-06-24 16:20:59 287744 ----a-w- C:\Windows\System32\lzhfldr2.dll 2011-06-24 16:20:59 266240 ----a-w- C:\Windows\SysWow64\lzhfldr2.dll 2011-06-24 16:20:58 5120 ----a-w- C:\Windows\System32\drivers\ja-JP\rdvgkmd.sys.mui 2011-06-24 16:20:58 3584 ----a-w- C:\Windows\System32\drivers\ja-JP\tsusbhub.sys.mui 2011-06-24 16:20:58 3072 ----a-w- C:\Windows\System32\drivers\ja-JP\tsusbflt.sys.mui 2011-06-24 16:20:58 2560 ----a-w- C:\Windows\System32\drivers\ja-JP\rdpwd.sys.mui 2011-06-24 16:20:55 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-06-24 16:20:55 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll 2011-06-24 16:20:37 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-06-24 16:20:37 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2011-06-24 16:19:35 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-24 14:11:10 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-06-24 14:11:09 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-06-24 14:11:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-06-24 14:11:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-06-24 14:11:09 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-06-24 14:09:59 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-24 08:01:06 -------- d-----w- C:\Windows\SysWow64\Wat 2011-06-24 08:01:06 -------- d-----w- C:\Windows\System32\Wat 2011-06-24 06:04:54 -------- d-----w- C:\Windows\ja-JP 2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\XPSViewer 2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\ja 2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP 2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP 2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\0411 2011-06-24 06:04:41 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP 2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\ja 2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP 2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\drivers\ja-JP 2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\0411 2011-06-24 06:04:20 -------- d-----w- C:\Windows\System32\wbem\ja-JP 2011-06-24 05:36:14 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Microsoft Help 2011-06-24 05:19:40 -------- d-----w- C:\Program Files (x86)\BitTorrent 2011-06-24 05:13:58 2048 ----a-w- C:\Windows\System32\drivers\ja-JP\ws2ifsl.sys.mui 2011-06-24 05:09:54 472808 ------w- C:\Windows\SysWow64\deployJava1.dll 2011-06-24 05:03:44 2871808 ----a-w- C:\Windows\explorer.exe 2011-06-24 05:03:44 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-06-24 05:03:14 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2011-06-24 05:03:14 723968 ----a-w- C:\Windows\System32\EncDec.dll 2011-06-24 05:03:14 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2011-06-24 05:03:13 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2011-06-24 05:03:13 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-06-24 05:03:13 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2011-06-24 05:03:13 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2011-06-24 05:03:13 1118720 ----a-w- C:\Windows\System32\sbe.dll 2011-06-24 05:03:11 715776 ----a-w- C:\Windows\System32\kerberos.dll 2011-06-24 05:03:11 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2011-06-24 05:00:29 974336 ----a-w- C:\Windows\System32\WFS.exe 2011-06-24 05:00:29 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-06-24 05:00:27 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-06-24 05:00:18 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-06-24 05:00:18 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-06-24 04:58:48 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll 2011-06-24 04:58:48 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2011-06-24 04:58:48 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-06-24 04:58:48 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-06-24 04:56:27 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Dell 2011-06-24 04:54:27 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-06-24 04:52:00 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys 2011-06-24 04:51:56 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys 2011-06-24 04:51:56 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys 2011-06-24 04:51:56 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2011-06-24 04:50:57 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Deployment 2011-06-24 04:50:57 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Apps 2011-06-24 04:50:45 -------- d-----w- C:\ProgramData\Trend Micro 2011-06-24 03:52:24 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics 2011-06-23 19:50:40 -------- d-----w- C:\Windows\Panther 2011-06-23 19:50:16 -------- d-----w- C:\Windows\System32\oem 2011-06-23 19:42:39 -------- d-----w- C:\Windows.old 2011-06-23 17:35:35 -------- d-----w- C:\Windows\SysWow64\AGEIA 2011-06-23 17:33:15 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2011-06-23 17:30:39 -------- d-----w- C:\ProgramData\PCDr 2011-06-23 17:30:31 -------- d-----w- C:\Program Files (x86)\Dell Support Center 2011-06-23 17:30:30 -------- d-----w- C:\Program Files (x86)\Common Files\supportsoft 2011-06-23 17:28:50 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-06-23 17:27:54 1478144 ----a-w- C:\Windows\System32\athrx.sys 2011-06-23 17:27:54 -------- d-----w- C:\Program Files (x86)\DW 2011-06-23 17:27:00 455680 ----a-w- C:\Windows\System32\deploytk.dll 2011-06-23 17:26:27 -------- d-sh--w- C:\Windows\Installer 2011-06-23 17:25:10 7347200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll 2011-06-23 17:25:10 350720 ----a-w- C:\Windows\System32\RtsUStor.dll 2011-06-23 17:25:10 216064 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys 2011-06-23 17:24:52 315904 ------w- C:\Windows\SysWow64\Difx894b.rra 2011-06-23 17:24:52 1970176 ------w- C:\Windows\SysWow64\xRaidSetup.exe 2011-06-23 17:24:52 151552 ------w- C:\Windows\SysWow64\xRaidAPI.dll 2011-06-23 17:24:52 -------- d-----w- C:\RaidTool 2011-06-23 17:24:46 -------- d-----w- C:\Windows\RaidTool 2011-06-23 17:24:30 100776 ----a-w- C:\Windows\System32\drivers\jraid.sys 2011-06-23 17:24:16 88064 ----a-w- C:\Windows\System32\CmdRtr64.DLL 2011-06-23 17:24:16 72704 ------w- C:\Windows\SysWow64\CmdRtr.DLL 2011-06-23 17:24:16 188416 ----a-w- C:\Windows\System32\APOMgr64.DLL 2011-06-23 17:24:16 146432 ------w- C:\Windows\SysWow64\APOMngr.DLL 2011-06-23 17:24:04 -------- d-----w- C:\Windows\SysWow64\RTCOM 2011-06-23 17:06:44 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Diagnostics 2011-06-18 02:15:08 -------- d-----w- C:\Emergency 2011-06-17 23:20:53 -------- d-----w- C:\Program Files\TrueCrypt 2011-06-17 22:39:29 -------- d-----w- C:\temp 2011-06-17 22:25:03 -------- d-----w- C:\Program Files\Dell Support Center 2011-06-17 22:24:36 -------- d-----w- C:\Program Files\Trend Micro 2011-06-17 21:47:08 -------- d-----w- C:\cabs 2011-06-17 21:40:14 -------- d-----w- C:\Users\Russell Gammon\Old HDD 2011-06-17 21:40:04 -------- d-----w- C:\Users\Russell Gammon\Dropbox 2011-06-17 21:37:24 -------- d-----w- C:\Program Files\iPod 2011-06-17 21:37:23 -------- d-----w- C:\Program Files\Windows XP Mode 2011-06-17 21:37:23 -------- d-----w- C:\Program Files\WIDCOMM 2011-06-17 21:37:23 -------- d-----w- C:\Program Files\Ventrilo 2011-06-17 21:37:20 -------- d-----w- C:\Program Files\Microsoft SQL Server 2011-06-17 21:37:20 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2011-06-17 21:37:20 -------- d-----w- C:\Program Files\IIS 2011-06-17 21:37:17 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared 2011-06-17 21:37:17 -------- d-----w- C:\Program Files\Axantum 2011-06-17 21:35:16 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared 2011-06-17 21:35:15 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai 2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Cherry Dolls 2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Cheat Engine 2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\BoneTown 2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\Autodesk 2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\Audacity 2011-06-17 21:33:21 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) 2011-06-17 21:33:20 -------- d-----w- C:\Program Files (x86)\Any DVD Cloner Platinum 2011-06-17 21:33:18 -------- d-----w- C:\Program Files (x86)\AnvSoft 2011-06-17 21:32:55 -------- d-----w- C:\NVIDIA 2011-06-17 21:29:29 -------- d-----w- C:\Fraps 2011-06-17 21:29:29 -------- d-----w- C:\DriveKey 2011-06-17 21:28:59 -------- d-----w- C:\Autodesk . ==================== Find3M ==================== . 2011-06-24 16:34:08 152576 ------w- C:\Windows\SysWow64\msclmd.dll 2011-06-24 16:34:07 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-13 20:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys . ============= FINISH: 23:26:49.22 =============== and heres the MBAM Log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7116 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/13/2011 4:17:56 PM mbam-log-2011-07-13 (16-17-56).txt Scan type: Quick scan Objects scanned: 231027 Time elapsed: 2 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Value: B7GGEY1ZRR -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> Quarantined and deleted successfully. c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> Quarantined and deleted successfully. c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully. c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Attached are the attach log and ark.txt from the root-kit scanner Thanks, this is driving me nuts! attach.zip
- July 14, 2011
- 14 replies

Sign In

Rrrrgh1

Posts

Joined

Last visited

Reputation

This weird Google redirect thing...

This weird Google redirect thing...

This weird Google redirect thing...

This weird Google redirect thing...

This weird Google redirect thing...

This weird Google redirect thing...

This weird Google redirect thing...

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information