Jump to content

This weird Google redirect thing...


Recommended Posts

My symptoms are a search engine ( all of them, but google was first) redirect AND the message that Windows Security Center Service cannot be started.

heres the DDS log

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Russell Gammon at 23:25:27 on 2011-07-13

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6188 [GMT -5:00]

.

AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Microsoft Games\solitaire\solitaire.exe

C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Russell Gammon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll

BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [spySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

StartupFolder: C:\Users\RUSSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: NameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{46F3624A-B6B7-46D2-B7CD-96E8DF8AFFBD} : DHCPNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{46F3624A-B6B7-46D2-B7CD-96E8DF8AFFBD}\C696E6B6379737 : DHCPNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{7CBED59C-C97F-4E0D-B131-DCDDB214C27B} : DHCPNameServer = 68.87.68.166 68.87.74.166

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll

x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-24 55856]

R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-6-23 256336]

R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-6-23 67664]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-7-12 1201640]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-23 216064]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-24 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-24 1255736]

S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176]

S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxLiveShare10.exe [2009-6-10 309744]

S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxWatch10.exe [2009-6-10 166384]

.

=============== Created Last 30 ================

.

2011-07-13 21:09:06 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes

2011-07-13 21:08:47 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-13 21:08:46 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-13 21:08:43 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-13 21:08:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-13 18:05:00 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783}

2011-07-13 18:04:09 -------- d-----w- C:\Windows\en

2011-07-13 18:01:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-07-13 18:01:39 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-07-13 18:01:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-07-13 18:01:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DSETUP.dll

2011-07-13 18:01:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DXSETUP.exe

2011-07-13 18:01:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\dsetup32.dll

2011-07-13 18:01:31 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-07-13 18:01:31 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-07-13 18:01:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DSETUP.dll

2011-07-13 18:01:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DXSETUP.exe

2011-07-13 18:01:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\dsetup32.dll

2011-07-13 18:00:55 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Windows Live

2011-07-13 17:54:59 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-07-13 17:54:47 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-07-13 17:54:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-07-13 17:54:36 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-07-13 17:11:58 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-07-13 17:10:36 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-13 17:10:36 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-07-13 17:10:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-13 17:10:36 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-13 17:10:36 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-13 17:10:36 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-13 17:10:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-13 17:10:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-13 17:10:35 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-13 17:10:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-13 17:10:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-12 22:44:25 -------- d-----w- C:\Program Files (x86)\MSSOAP

2011-07-12 22:44:25 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-07-12 22:44:20 1563008 ----a-w- C:\Windows\WRSetup.dll

2011-07-12 22:44:20 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Webroot

2011-07-12 22:44:20 -------- d-----w- C:\ProgramData\Webroot

2011-07-12 22:44:20 -------- d-----w- C:\Program Files (x86)\Webroot

2011-07-11 20:27:50 -------- d-----w- C:\Windows\Standalone System Sweeper

2011-07-10 20:29:47 -------- d-----w- C:\Windows\pss

2011-07-10 02:36:51 106496 --sha-r- C:\Windows\SysWow64\C_20278U.dll

2011-07-10 01:42:47 -------- d-----w- C:\Windows\Replay AV

2011-07-10 01:42:37 -------- d-----w- C:\Program Files (x86)\Replay AV 8

2011-07-09 22:01:30 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Ubisoft

2011-07-09 21:59:05 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys

2011-07-09 21:59:05 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2011-07-09 21:59:05 -------- d-----w- C:\Program Files (x86)\MagicDisc

2011-07-08 19:12:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B3A4B90-F28D-4CD4-B575-8DAEC5EE5935}\mpengine.dll

2011-07-07 22:12:32 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2011-07-07 05:40:05 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

2011-07-07 05:39:41 95008 ----a-w- C:\Windows\System32\Primomonnt.dll

2011-07-06 23:31:27 -------- d-----w- C:\HDW26T_TMP

2011-07-06 23:31:22 -------- d-----w- C:\ProgramData\Panasonic

2011-07-06 23:31:21 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Panasonic

2011-07-06 22:52:41 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online

2011-07-06 22:52:21 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic

2011-07-06 22:52:09 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2011-07-06 22:52:09 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2011-07-06 22:52:07 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2011-07-06 22:40:44 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll

2011-07-06 22:40:44 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2011-07-06 22:40:43 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-07-06 22:39:42 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Turbine

2011-07-06 22:38:21 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2011-07-06 22:37:32 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory

2011-07-06 22:36:15 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2011-07-06 18:04:11 -------- d-----w- C:\Users\Russell Gammon\LOTRO Standard Res Install Files

2011-07-06 17:56:12 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\PMB Files

2011-07-06 17:56:11 -------- d-----w- C:\ProgramData\PMB Files

2011-06-30 18:50:20 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll

2011-06-26 07:40:35 7 ----a-w- C:\Windows\treeskp.sys

2011-06-26 07:40:35 7 ----a-w- C:\Windows\sbacknt.bin

2011-06-26 07:40:31 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\vghd

2011-06-25 23:40:46 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Microsoft Games

2011-06-25 23:40:13 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2011-06-25 23:40:13 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2011-06-25 23:39:36 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2011-06-24 22:19:17 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Dell

2011-06-24 22:18:46 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation

2011-06-24 22:18:44 -------- dc-h--w- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

2011-06-24 22:17:49 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\PackageAware

2011-06-24 21:57:47 -------- d-----w- C:\ProgramData\Uninstall

2011-06-24 21:56:40 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2011-06-24 21:56:40 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2011-06-24 21:56:40 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2011-06-24 21:53:00 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Programs

2011-06-24 21:52:25 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll

2011-06-24 21:52:25 443752 ------w- C:\Windows\SysWow64\d3dx10_33.dll

2011-06-24 21:52:24 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll

2011-06-24 21:52:24 3495784 ------w- C:\Windows\SysWow64\d3dx9_33.dll

2011-06-24 21:52:24 1400176 ----a-w- C:\Windows\System32\D3DCompiler_33.dll

2011-06-24 21:52:24 1123696 ------w- C:\Windows\SysWow64\D3DCompiler_33.dll

2011-06-24 21:51:30 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate

2011-06-24 21:50:11 -------- d-----w- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files

2011-06-24 21:08:41 -------- d-----w- C:\Windows\PCHEALTH

2011-06-24 16:29:58 -------- d-----w- C:\Windows\System32\SPReview

2011-06-24 16:28:56 -------- d-----w- C:\Windows\System32\EventProviders

2011-06-24 16:22:07 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-06-24 16:22:07 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-06-24 16:22:02 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-06-24 16:22:00 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2011-06-24 16:22:00 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2011-06-24 16:20:59 287744 ----a-w- C:\Windows\System32\lzhfldr2.dll

2011-06-24 16:20:59 266240 ----a-w- C:\Windows\SysWow64\lzhfldr2.dll

2011-06-24 16:20:58 5120 ----a-w- C:\Windows\System32\drivers\ja-JP\rdvgkmd.sys.mui

2011-06-24 16:20:58 3584 ----a-w- C:\Windows\System32\drivers\ja-JP\tsusbhub.sys.mui

2011-06-24 16:20:58 3072 ----a-w- C:\Windows\System32\drivers\ja-JP\tsusbflt.sys.mui

2011-06-24 16:20:58 2560 ----a-w- C:\Windows\System32\drivers\ja-JP\rdpwd.sys.mui

2011-06-24 16:20:55 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-06-24 16:20:55 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-06-24 16:20:37 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-06-24 16:20:37 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-06-24 16:19:35 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-24 14:11:10 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-06-24 14:11:09 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-06-24 14:11:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-06-24 14:11:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-06-24 14:11:09 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-06-24 14:09:59 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-06-24 08:01:06 -------- d-----w- C:\Windows\SysWow64\Wat

2011-06-24 08:01:06 -------- d-----w- C:\Windows\System32\Wat

2011-06-24 06:04:54 -------- d-----w- C:\Windows\ja-JP

2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\XPSViewer

2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\ja

2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP

2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP

2011-06-24 06:04:42 -------- d-----w- C:\Windows\SysWow64\0411

2011-06-24 06:04:41 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP

2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\ja

2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP

2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\drivers\ja-JP

2011-06-24 06:04:28 -------- d-----w- C:\Windows\System32\0411

2011-06-24 06:04:20 -------- d-----w- C:\Windows\System32\wbem\ja-JP

2011-06-24 05:36:14 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Microsoft Help

2011-06-24 05:19:40 -------- d-----w- C:\Program Files (x86)\BitTorrent

2011-06-24 05:13:58 2048 ----a-w- C:\Windows\System32\drivers\ja-JP\ws2ifsl.sys.mui

2011-06-24 05:09:54 472808 ------w- C:\Windows\SysWow64\deployJava1.dll

2011-06-24 05:03:44 2871808 ----a-w- C:\Windows\explorer.exe

2011-06-24 05:03:44 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-06-24 05:03:14 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-06-24 05:03:14 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-06-24 05:03:14 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-06-24 05:03:13 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-06-24 05:03:13 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-06-24 05:03:13 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-06-24 05:03:13 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-06-24 05:03:13 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-06-24 05:03:11 715776 ----a-w- C:\Windows\System32\kerberos.dll

2011-06-24 05:03:11 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-06-24 05:00:29 974336 ----a-w- C:\Windows\System32\WFS.exe

2011-06-24 05:00:29 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-06-24 05:00:27 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-06-24 05:00:18 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-24 05:00:18 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-24 04:58:48 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-06-24 04:58:48 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-06-24 04:58:48 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-06-24 04:58:48 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-06-24 04:56:27 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Dell

2011-06-24 04:54:27 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-06-24 04:52:00 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys

2011-06-24 04:51:56 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys

2011-06-24 04:51:56 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys

2011-06-24 04:51:56 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2011-06-24 04:50:57 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Deployment

2011-06-24 04:50:57 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Apps

2011-06-24 04:50:45 -------- d-----w- C:\ProgramData\Trend Micro

2011-06-24 03:52:24 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics

2011-06-23 19:50:40 -------- d-----w- C:\Windows\Panther

2011-06-23 19:50:16 -------- d-----w- C:\Windows\System32\oem

2011-06-23 19:42:39 -------- d-----w- C:\Windows.old

2011-06-23 17:35:35 -------- d-----w- C:\Windows\SysWow64\AGEIA

2011-06-23 17:33:15 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-06-23 17:30:39 -------- d-----w- C:\ProgramData\PCDr

2011-06-23 17:30:31 -------- d-----w- C:\Program Files (x86)\Dell Support Center

2011-06-23 17:30:30 -------- d-----w- C:\Program Files (x86)\Common Files\supportsoft

2011-06-23 17:28:50 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-06-23 17:27:54 1478144 ----a-w- C:\Windows\System32\athrx.sys

2011-06-23 17:27:54 -------- d-----w- C:\Program Files (x86)\DW

2011-06-23 17:27:00 455680 ----a-w- C:\Windows\System32\deploytk.dll

2011-06-23 17:26:27 -------- d-sh--w- C:\Windows\Installer

2011-06-23 17:25:10 7347200 ----a-w- C:\Windows\System32\RTSUSTORicon.dll

2011-06-23 17:25:10 350720 ----a-w- C:\Windows\System32\RtsUStor.dll

2011-06-23 17:25:10 216064 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys

2011-06-23 17:24:52 315904 ------w- C:\Windows\SysWow64\Difx894b.rra

2011-06-23 17:24:52 1970176 ------w- C:\Windows\SysWow64\xRaidSetup.exe

2011-06-23 17:24:52 151552 ------w- C:\Windows\SysWow64\xRaidAPI.dll

2011-06-23 17:24:52 -------- d-----w- C:\RaidTool

2011-06-23 17:24:46 -------- d-----w- C:\Windows\RaidTool

2011-06-23 17:24:30 100776 ----a-w- C:\Windows\System32\drivers\jraid.sys

2011-06-23 17:24:16 88064 ----a-w- C:\Windows\System32\CmdRtr64.DLL

2011-06-23 17:24:16 72704 ------w- C:\Windows\SysWow64\CmdRtr.DLL

2011-06-23 17:24:16 188416 ----a-w- C:\Windows\System32\APOMgr64.DLL

2011-06-23 17:24:16 146432 ------w- C:\Windows\SysWow64\APOMngr.DLL

2011-06-23 17:24:04 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-06-23 17:06:44 -------- d-----w- C:\Users\Russell Gammon\AppData\Local\Diagnostics

2011-06-18 02:15:08 -------- d-----w- C:\Emergency

2011-06-17 23:20:53 -------- d-----w- C:\Program Files\TrueCrypt

2011-06-17 22:39:29 -------- d-----w- C:\temp

2011-06-17 22:25:03 -------- d-----w- C:\Program Files\Dell Support Center

2011-06-17 22:24:36 -------- d-----w- C:\Program Files\Trend Micro

2011-06-17 21:47:08 -------- d-----w- C:\cabs

2011-06-17 21:40:14 -------- d-----w- C:\Users\Russell Gammon\Old HDD

2011-06-17 21:40:04 -------- d-----w- C:\Users\Russell Gammon\Dropbox

2011-06-17 21:37:24 -------- d-----w- C:\Program Files\iPod

2011-06-17 21:37:23 -------- d-----w- C:\Program Files\Windows XP Mode

2011-06-17 21:37:23 -------- d-----w- C:\Program Files\WIDCOMM

2011-06-17 21:37:23 -------- d-----w- C:\Program Files\Ventrilo

2011-06-17 21:37:20 -------- d-----w- C:\Program Files\Microsoft SQL Server

2011-06-17 21:37:20 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2011-06-17 21:37:20 -------- d-----w- C:\Program Files\IIS

2011-06-17 21:37:17 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared

2011-06-17 21:37:17 -------- d-----w- C:\Program Files\Axantum

2011-06-17 21:35:16 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared

2011-06-17 21:35:15 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai

2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Cherry Dolls

2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Cheat Engine

2011-06-17 21:35:11 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\BoneTown

2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\Autodesk

2011-06-17 21:33:28 -------- d-----w- C:\Program Files (x86)\Audacity

2011-06-17 21:33:21 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

2011-06-17 21:33:20 -------- d-----w- C:\Program Files (x86)\Any DVD Cloner Platinum

2011-06-17 21:33:18 -------- d-----w- C:\Program Files (x86)\AnvSoft

2011-06-17 21:32:55 -------- d-----w- C:\NVIDIA

2011-06-17 21:29:29 -------- d-----w- C:\Fraps

2011-06-17 21:29:29 -------- d-----w- C:\DriveKey

2011-06-17 21:28:59 -------- d-----w- C:\Autodesk

.

==================== Find3M ====================

.

2011-06-24 16:34:08 152576 ------w- C:\Windows\SysWow64\msclmd.dll

2011-06-24 16:34:07 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-13 20:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

.

============= FINISH: 23:26:49.22 ===============

and heres the MBAM Log

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7116

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/13/2011 4:17:56 PM

mbam-log-2011-07-13 (16-17-56).txt

Scan type: Quick scan

Objects scanned: 231027

Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B7GGEY1ZRR (Trojan.FakeAlert.SA) -> Value: B7GGEY1ZRR -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\cheap pharmacy online.url (Rogue.Link) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\search online.url (Rogue.Link) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\vip casino.url (Rogue.Link) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Attached are the attach log and ark.txt from the root-kit scanner

Thanks, this is driving me nuts!

attach.zip

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

Ok. Done! And thanks for the quick response too!

here's aswMBR log

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software

Run date: 2011-07-14 09:27:37

-----------------------------

09:27:37.805 OS Version: Windows x64 6.1.7601 Service Pack 1

09:27:37.805 Number of processors: 8 586 0x1A05

09:27:37.805 ComputerName: VADER UserName:

09:27:39.869 Initialize success

09:28:07.600 AVAST engine defs: 11071400

09:28:18.372 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:28:18.375 Disk 0 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3

09:28:18.379 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

09:28:18.382 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3

09:28:18.391 Disk 1 MBR read successfully

09:28:18.394 Disk 1 MBR scan

09:28:18.397 Disk 1 Windows 7 default MBR code

09:28:18.401 Service scanning

09:28:19.188 Disk 1 trace - called modules:

09:28:19.195 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

09:28:19.200 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007d98790]

09:28:19.204 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b61050]

09:28:21.313 AVAST engine scan C:\Windows

09:46:17.223 File: C:\Windows\SysWOW64\C_20278U.dll **INFECTED** Win32:Malware-gen

10:36:48.509 AVAST engine scan C:\Users\Russell Gammon

10:50:02.932 AVAST engine scan C:\ProgramData

11:03:58.552 Scan finished successfully

11:14:49.894 Disk 1 MBR has been saved successfully to "C:\Users\Russell Gammon\Desktop\MBR.dat"

11:14:49.900 The log file has been saved successfully to "C:\Users\Russell Gammon\Desktop\aswMBR.txt"

OTL.txt and Extras.txt made the post too long so I attached them instead. I hope that works.

Thanks again!

Extras.Txt

OTL.Txt

Link to post
Share on other sites

hi

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply

Link to post
Share on other sites

I'm cautiously optimistic. One of the symptoms already stopped!

ComboFix 11-07-14.05 - Russell Gammon 07/14/2011 16:37:52.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6800 [GMT -5:00]

Running from: c:\users\Russell Gammon\Desktop\ComboFix.exe

AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Software.url

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\MP3 Download.url

c:\windows\SysWow64\Ijl11.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-14 21:43 . 2011-07-14 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-13 21:08 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-13 21:08 . 2011-07-13 21:08 -------- d-----w- c:\programdata\Malwarebytes

2011-07-13 21:08 . 2011-07-13 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-13 21:08 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-13 18:04 . 2011-07-13 18:04 -------- d-----w- c:\windows\en

2011-07-13 18:01 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-07-13 18:01 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-07-13 18:01 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-07-13 18:01 . 2011-07-13 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DSETUP.dll

2011-07-13 18:01 . 2011-07-13 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\DXSETUP.exe

2011-07-13 18:01 . 2011-07-13 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e669029c1cc418605\dsetup32.dll

2011-07-13 18:01 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-07-13 18:01 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-07-13 18:01 . 2011-07-13 18:01 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DSETUP.dll

2011-07-13 18:01 . 2011-07-13 18:01 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\DXSETUP.exe

2011-07-13 18:01 . 2011-07-13 18:01 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e342101f1cc418604\dsetup32.dll

2011-07-13 17:54 . 2011-07-13 17:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-07-13 17:54 . 2011-07-13 17:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-07-13 17:54 . 2011-07-13 17:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-07-13 17:54 . 2011-07-13 17:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-07-13 17:11 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-13 17:10 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-13 17:10 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-13 17:10 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 17:10 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-13 17:10 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe

2011-07-13 17:10 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-13 17:10 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-13 17:10 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-13 17:10 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-13 17:10 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-13 17:10 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-12 22:44 . 2011-07-12 22:44 -------- d-----w- c:\program files (x86)\MSSOAP

2011-07-12 22:44 . 2011-07-12 22:52 -------- d-----w- c:\programdata\Webroot

2011-07-12 22:44 . 2011-07-12 22:44 -------- d-----w- c:\program files (x86)\Webroot

2011-07-12 22:44 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll

2011-07-12 17:33 . 2011-07-12 17:33 -------- d-----w- c:\users\Admin

2011-07-11 20:27 . 2011-07-11 20:28 -------- d-----w- c:\windows\Standalone System Sweeper

2011-07-10 02:36 . 2011-07-10 02:36 106496 --sha-r- c:\windows\SysWow64\C_20278U.dll

2011-07-10 01:42 . 2011-07-10 01:42 -------- d-----w- c:\windows\Replay AV

2011-07-10 01:42 . 2011-07-10 20:31 -------- d-----w- c:\program files (x86)\Replay AV 8

2011-07-09 22:01 . 2011-07-09 22:01 -------- d-----w- c:\programdata\Ubisoft

2011-07-09 21:59 . 2011-07-09 21:59 -------- d-----w- c:\program files (x86)\MagicDisc

2011-07-09 21:59 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys

2011-07-09 21:59 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-07-08 19:12 . 2011-06-20 13:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B3A4B90-F28D-4CD4-B575-8DAEC5EE5935}\mpengine.dll

2011-07-07 22:12 . 2011-07-08 21:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-07-07 06:03 . 2011-07-07 06:03 -------- d-----w- c:\windows\SysWow64\Macromed

2011-07-07 05:39 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll

2011-07-06 23:31 . 2011-07-14 03:52 -------- d-----w- C:\HDW26T_TMP

2011-07-06 23:31 . 2011-07-06 23:31 -------- d-----w- c:\programdata\Panasonic

2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Common Files\Panasonic

2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Panasonic

2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-07-06 22:52 . 2011-07-06 22:52 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-06 22:40 . 2009-09-04 22:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll

2011-07-06 22:40 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2011-07-06 22:40 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-07-06 22:38 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-07-06 22:36 . 2011-07-06 22:36 -------- d-----w- c:\windows\SysWow64\URTTEMP

2011-07-06 17:56 . 2011-07-08 01:09 -------- d-----w- c:\programdata\PMB Files

2011-07-05 06:02 . 2011-07-05 06:02 -------- d-----w- c:\windows\Sun

2011-06-30 18:50 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll

2011-06-26 07:40 . 2011-07-09 22:06 7 ----a-w- c:\windows\treeskp.sys

2011-06-26 07:40 . 2011-07-09 22:06 7 ----a-w- c:\windows\sbacknt.bin

2011-06-25 23:40 . 2011-06-30 14:45 -------- d-----w- c:\program files (x86)\World of Warcraft

2011-06-25 23:40 . 2011-06-25 23:41 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2011-06-25 23:39 . 2011-06-25 23:41 -------- d-----w- c:\programdata\Blizzard Entertainment

2011-06-25 08:02 . 2011-06-25 08:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-06-24 22:18 . 2011-06-24 22:18 -------- dc-h--w- c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

2011-06-24 21:57 . 2011-06-24 21:57 -------- d-----w- c:\programdata\Uninstall

2011-06-24 21:57 . 2011-06-24 21:57 -------- d-----w- c:\programdata\Sonic

2011-06-24 21:56 . 2010-03-19 08:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2011-06-24 21:56 . 2009-05-15 08:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2011-06-24 21:56 . 2009-05-15 08:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2011-06-24 21:55 . 2011-06-25 03:59 -------- d-----w- c:\programdata\Roxio

2011-06-24 21:53 . 2011-06-24 21:53 -------- d-----w- c:\programdata\InstallShield

2011-06-24 21:52 . 2007-03-15 21:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2011-06-24 21:52 . 2007-03-15 21:57 443752 ------w- c:\windows\SysWow64\d3dx10_33.dll

2011-06-24 21:52 . 2007-03-12 21:42 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll

2011-06-24 21:52 . 2007-03-12 21:42 3495784 ------w- c:\windows\SysWow64\d3dx9_33.dll

2011-06-24 21:52 . 2007-03-12 21:42 1400176 ----a-w- c:\windows\system32\D3DCompiler_33.dll

2011-06-24 21:52 . 2007-03-12 21:42 1123696 ------w- c:\windows\SysWow64\D3DCompiler_33.dll

2011-06-24 21:08 . 2011-06-24 21:08 -------- d-----w- c:\windows\PCHEALTH

2011-06-24 21:06 . 2011-06-24 21:06 -------- d-----r- C:\MSOCache

2011-06-24 16:29 . 2011-06-24 16:29 -------- d-----w- c:\windows\system32\SPReview

2011-06-24 16:28 . 2011-06-24 16:28 -------- d-----w- c:\windows\system32\EventProviders

2011-06-24 16:22 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-06-24 16:22 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-06-24 16:22 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-06-24 16:22 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2011-06-24 16:22 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2011-06-24 16:20 . 2010-11-20 13:27 287744 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-06-24 16:20 . 2010-11-20 12:20 266240 ----a-w- c:\windows\SysWow64\lzhfldr2.dll

2011-06-24 16:20 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-06-24 16:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-06-24 16:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-06-24 16:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-06-24 16:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-24 15:56 . 2011-06-24 21:08 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-06-24 14:11 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-06-24 14:11 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-06-24 14:11 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-06-24 14:11 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-06-24 14:11 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-06-24 08:01 . 2011-06-24 08:01 -------- d-----w- c:\windows\SysWow64\Wat

2011-06-24 08:01 . 2011-06-24 08:01 -------- d-----w- c:\windows\system32\Wat

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\ja-JP

2011-06-24 06:04 . 2011-06-24 18:43 -------- d-----w- c:\windows\SysWow64\ja

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\XPSViewer

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\ja-JP

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\drivers\ja-JP

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\SysWow64\0411

2011-06-24 06:04 . 2011-06-24 22:03 -------- d-----w- c:\windows\SysWow64\wbem\ja-JP

2011-06-24 06:04 . 2011-06-24 18:42 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\ja

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2011-06-24 06:04 . 2011-06-24 06:04 -------- d-----w- c:\windows\system32\0411

2011-06-24 06:04 . 2011-06-24 22:03 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-06-24 05:36 . 2011-07-13 17:25 -------- d-----w- c:\programdata\Microsoft Help

2011-06-24 05:31 . 2011-06-24 21:59 -------- d-----w- c:\program files (x86)\Microsoft Works

2011-06-24 05:19 . 2011-06-24 05:19 -------- d-----w- c:\program files (x86)\BitTorrent

2011-06-24 05:14 . 2009-07-13 23:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 18:01 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-24 16:34 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll

2011-06-24 16:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-03 05:57 . 2011-07-13 17:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-13 20:42 . 2011-05-13 20:42 302448 ----a-w- c:\windows\WLXPGSS.SCR

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]

R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]

R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]

R4 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-12 1201640]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 23:31]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 23:31]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

- c:\users\Russell Gammon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 04:51]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

- c:\users\Russell Gammon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 04:51]

.

2011-07-13 c:\windows\Tasks\wrSpySweeper_LDF48D1460CDA4166830BB34664F2D0B6.job

- c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-07-12 20:19]

.

2011-07-13 c:\windows\Tasks\wrSpySweeper_LDF48D1460CDA4166830BB34664F2D0B6.job

- c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-07-12 20:19]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.87.68.166 68.87.74.166

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-14 16:45:30

ComboFix-quarantined-files.txt 2011-07-14 21:45

.

Pre-Run: 777,362,341,888 bytes free

Post-Run: 785,067,618,304 bytes free

.

- - End Of File - - 727EDE84E8277CE16FE41CB09AF1127C

Link to post
Share on other sites

OTL number 2!

OTL logfile created on: 7/14/2011 5:25:07 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 78.63% Memory free

15.98 Gb Paging File | 14.14 Gb Available in Paging File | 88.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 922.35 Gb Total Space | 731.22 Gb Free Space | 79.28% Space Free | Partition Type: NTFS

Drive D: | 1397.26 Gb Total Space | 1103.85 Gb Free Space | 79.00% Space Free | Partition Type: NTFS

Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS

Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe

PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)

DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc)

DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data]

IE - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M]

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com

[2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3709093604-3404850255-2198728151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes

[2011/07/13 16:08:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783}

[2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live

[2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper

[2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV

[2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8

[2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft

[2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc

[2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

[2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF

[2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker

[2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP

[2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic

[2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online

[2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic

[2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic

[2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services

[2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine

[2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory

[2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine

[2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files

[2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files

[2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk

[2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl

[2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd

[2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier

[2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell

[2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation

[2011/06/24 17:18:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}

[2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

[2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware

[2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall

[2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic

[2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio

[2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs

[2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate

[2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files

[2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache

[2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll

[2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll

[2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411

[2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help

[2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent

[2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui

[2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui

[2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui

[2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui

[2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell

[2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security

[2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia

[2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps

[2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics

[2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem

[2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old

[2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA

[2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager

[2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center

[2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft

[2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys

[2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell

[2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp

[2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool

[2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool

[2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities

[2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts

[2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data

[2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs

[2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery

[2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency

[2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp

[2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs

[2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD

[2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe

[2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe

[2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup

[2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro

[2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow

[2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games

[2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre

[2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity

[2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai

[2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum

[2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft

[2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey

[2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk

========== Files - Modified Within 30 Days ==========

[2011/07/14 17:13:13 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/14 17:13:13 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/14 17:10:19 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/14 17:10:19 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/14 17:10:19 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat

[2011/07/14 17:10:19 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat

[2011/07/14 17:10:19 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/14 17:06:10 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/14 17:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/14 17:05:45 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/14 16:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/07/14 16:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:08:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/12 20:36:38 | 000,001,088 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat

[2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/09 21:36:51 | 000,106,496 | RHS- | M] () -- C:\Windows\SysWow64\C_20278U.dll

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin

[2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini

[2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

========== Files Created - No Company Name ==========

[2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2011/07/12 20:36:38 | 000,001,088 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat

[2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/09 21:36:51 | 000,106,496 | RHS- | C] () -- C:\Windows\SysWow64\C_20278U.dll

[2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk

[2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk

[2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll

[2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin

[2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe

[2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd

[2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml

[2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc

[2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml

[2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat

[2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat

[2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version

[2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu

[2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf

[2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat

[2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL

[2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL

[2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

[2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/12 12:58:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vghd

[2011/06/17 16:38:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk

[2011/06/17 16:38:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HouseCall 6.6

[2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nuance

[2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom

[2011/06/17 16:38:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\YouSendIt

[2011/06/17 16:57:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Autodesk

[2011/06/17 16:57:21 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Avery

[2011/06/17 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\BitTorrent

[2011/06/17 17:23:41 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\PCDr

[2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Registry Mechanic

[2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\Teleca

[2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\thriXXX

[2011/06/17 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\TrueCrypt

[2011/06/17 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\vghd

[2011/06/18 10:39:06 | 000,000,000 | ---D | M] -- C:\Users\Russell\AppData\Roaming\YouSendIt

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2009/07/14 00:08:49 | 000,009,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/06/24 17:18:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
    [2011/07/09 21:36:51 | 000,106,496 | RHS- | M] () -- C:\Windows\SysWow64\C_20278U.dll

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

/crosses fingers

OTL logfile created on: 7/15/2011 12:21:31 PM - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.28% Memory free

15.98 Gb Paging File | 14.22 Gb Available in Paging File | 88.97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 922.35 Gb Total Space | 722.53 Gb Free Space | 78.34% Space Free | Partition Type: NTFS

Drive D: | 1397.26 Gb Total Space | 1103.85 Gb Free Space | 79.00% Space Free | Partition Type: NTFS

Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS

Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe

PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)

DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc)

DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M]

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com

[2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 12:13:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes

[2011/07/13 16:08:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783}

[2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live

[2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper

[2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV

[2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8

[2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft

[2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc

[2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

[2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF

[2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker

[2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP

[2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic

[2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online

[2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic

[2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic

[2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services

[2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine

[2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory

[2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine

[2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files

[2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files

[2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk

[2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl

[2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd

[2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier

[2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell

[2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation

[2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

[2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware

[2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall

[2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic

[2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio

[2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs

[2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate

[2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files

[2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache

[2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll

[2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll

[2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411

[2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help

[2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent

[2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui

[2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui

[2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui

[2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui

[2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell

[2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security

[2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia

[2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps

[2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics

[2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem

[2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old

[2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA

[2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager

[2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center

[2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft

[2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys

[2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell

[2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp

[2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool

[2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool

[2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities

[2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts

[2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data

[2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs

[2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery

[2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency

[2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp

[2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs

[2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD

[2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe

[2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe

[2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup

[2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro

[2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow

[2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games

[2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre

[2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity

[2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai

[2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum

[2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft

[2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey

[2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk

========== Files - Modified Within 30 Days ==========

[2011/07/15 12:24:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 12:24:58 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 12:22:10 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/15 12:22:10 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/15 12:22:10 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat

[2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat

[2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/15 12:17:24 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/15 12:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/15 12:17:03 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/15 11:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/07/15 11:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/15 00:10:45 | 000,001,070 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/14 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:08:47 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat

[2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin

[2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini

[2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

========== Files Created - No Company Name ==========

[2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2011/07/12 20:36:38 | 000,001,070 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat

[2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk

[2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk

[2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll

[2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin

[2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe

[2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd

[2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml

[2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc

[2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml

[2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat

[2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat

[2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version

[2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu

[2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf

[2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat

[2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL

[2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL

[2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

[2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2009/07/14 00:08:49 | 000,009,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7149

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/15/2011 12:52:58 PM

mbam-log-2011-07-15 (12-52-58).txt

Scan type: Quick scan

Objects scanned: 232695

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

All of my original symptoms are gone. The ESET still found 2 threats tho. I am happy!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7152

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

7/15/2011 2:03:48 PM

mbam-log-2011-07-15 (14-03-48).txt

Scan type: Quick scan

Objects scanned: 232734

Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=7fb3d4fa616238489b050e6e231bb85c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-15 08:45:43

# local_time=2011-07-15 03:45:43 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 944211 944211 0 0

# compatibility_mode=5893 16776574 100 94 518149 62300337 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=363855

# found=2

# cleaned=2

# scan_time=5856

C:\_OTL\MovedFiles\07152011_121309\C_Windows\SysWOW64\C_20278U.dll a variant of Win32/Kryptik.QGJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Files\video23gp_install.exe Win32/Adware.MarketScore.A application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Here we go!

OTL logfile created on: 7/15/2011 4:58:27 PM - Run 4

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Russell Gammon\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.78 Gb Available Physical Memory | 72.34% Memory free

15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 922.35 Gb Total Space | 722.07 Gb Free Space | 78.29% Space Free | Partition Type: NTFS

Drive D: | 1397.26 Gb Total Space | 1103.86 Gb Free Space | 79.00% Space Free | Partition Type: NTFS

Drive E: | 191.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 967.48 Mb Total Space | 696.92 Mb Free Space | 72.03% Space Free | Partition Type: NTFS

Computer Name: VADER | User Name: Russell Gammon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/13 14:22:44 | 000,914,432 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe

PRC - [2011/03/30 14:33:06 | 000,164,864 | ---- | M] (Totem Entertainment) -- C:\Users\Russell Gammon\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV:64bit: - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/07/12 17:44:35 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 10:59:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2009/06/10 10:59:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)

DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssfs0bbc.sys -- (ssfs0bbc)

DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/24 18:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 42 E3 BD 28 32 CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Russell Gammon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Russell Gammon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/06/23 23:51:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/06/24 00:05:30 | 000,000,000 | ---D | M]

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla\Firefox\Profiles\kwwbtrtd.default\extensions\searchtoolbar@zugo.com

[2011/06/17 16:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/07/14 16:43:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Russell Gammon\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/17 16:29:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2007/11/07 19:27:00 | 000,000,040 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/07/15 14:04:29 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Russell Gammon\Desktop\esetsmartinstaller_enu.exe

[2011/07/15 12:13:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/14 17:06:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/07/14 16:45:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/07/14 16:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/07/14 16:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/07/14 16:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/07/14 16:35:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/07/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/14 16:13:55 | 004,152,661 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:02 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 09:25:38 | 001,905,664 | ---- | C] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:25:14 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Malwarebytes

[2011/07/13 16:08:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/13 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/07/13 16:08:43 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/13 16:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/07/13 16:07:52 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\{F95E4542-7D0B-413F-93B5-1793C3744783}

[2011/07/13 13:04:09 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/07/13 13:00:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Windows Live

[2011/07/12 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2011/07/12 17:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2011/07/12 17:44:20 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot

[2011/07/12 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot

[2011/07/11 15:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper

[2011/07/10 15:29:47 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/07/09 20:42:47 | 000,000,000 | ---D | C] -- C:\Windows\Replay AV

[2011/07/09 20:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8

[2011/07/09 17:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011/07/09 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Ubisoft

[2011/07/09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys

[2011/07/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc

[2011/07/09 16:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

[2011/07/07 17:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2011/07/07 01:03:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2011/07/07 00:40:05 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/07/07 00:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF

[2011/07/07 00:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Maker

[2011/07/06 18:31:27 | 000,000,000 | ---D | C] -- C:\HDW26T_TMP

[2011/07/06 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic

[2011/07/06 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Panasonic

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\The Lord of the Rings Online

[2011/07/06 17:52:41 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\The Lord of the Rings Online

[2011/07/06 17:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic

[2011/07/06 17:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic

[2011/07/06 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2011/07/06 17:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2011/07/06 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services

[2011/07/06 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Turbine

[2011/07/06 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ApplicationHistory

[2011/07/06 17:36:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

[2011/07/06 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine

[2011/07/06 13:04:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\LOTRO Standard Res Install Files

[2011/07/06 12:56:12 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PMB Files

[2011/07/06 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2011/07/05 01:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/06/30 01:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011/06/29 21:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk

[2011/06/27 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/06/26 02:54:09 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGirl

[2011/06/26 02:40:31 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\vghd

[2011/06/25 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Games

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2011/06/25 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2011/06/25 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2011/06/24 23:27:56 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/06/24 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier

[2011/06/24 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Dell

[2011/06/24 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Stardock_Corporation

[2011/06/24 17:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

[2011/06/24 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\PackageAware

[2011/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/06/24 16:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall

[2011/06/24 16:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic

[2011/06/24 16:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio

[2011/06/24 16:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2011/06/24 16:53:00 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Programs

[2011/06/24 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\WindowsUpdate

[2011/06/24 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio Log Files

[2011/06/24 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2011/06/24 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2011/06/24 16:08:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/06/24 16:06:41 | 000,000,000 | R--D | C] -- C:\MSOCache

[2011/06/24 11:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2011/06/24 11:28:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2011/06/24 11:21:21 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll

[2011/06/24 11:21:13 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll

[2011/06/24 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2011/06/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2011/06/24 01:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja

[2011/06/24 01:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja

[2011/06/24 01:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411

[2011/06/24 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/24 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft Help

[2011/06/24 00:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/06/24 00:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2011/06/24 00:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011/06/24 00:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent

[2011/06/24 00:14:05 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui

[2011/06/24 00:13:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui

[2011/06/24 00:13:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui

[2011/06/24 00:13:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui

[2011/06/24 00:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/06/23 23:56:27 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Dell

[2011/06/23 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security

[2011/06/23 23:52:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Macromedia

[2011/06/23 23:52:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:51:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/06/23 23:51:56 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:51:56 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:51:56 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Deployment

[2011/06/23 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apps

[2011/06/23 23:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2011/06/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\ElevatedDiagnostics

[2011/06/23 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2011/06/23 14:50:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2011/06/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem

[2011/06/23 14:42:39 | 000,000,000 | ---D | C] -- C:\Windows.old

[2011/06/23 13:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011/06/23 13:52:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2011/06/23 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2011/06/23 12:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA

[2011/06/23 12:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager

[2011/06/23 12:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2011/06/23 12:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2011/06/23 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center

[2011/06/23 12:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft

[2011/06/23 12:27:54 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys

[2011/06/23 12:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\InstallShield

[2011/06/23 12:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell

[2011/06/23 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2011/06/23 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp

[2011/06/23 12:24:52 | 000,000,000 | ---D | C] -- C:\RaidTool

[2011/06/23 12:24:46 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool

[2011/06/23 12:24:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2011/06/23 12:23:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2011/06/23 12:23:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2011/06/23 12:23:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2011/06/23 12:23:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2011/06/23 12:23:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2011/06/23 12:23:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2011/06/23 12:23:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2011/06/23 12:23:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2011/06/23 12:23:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2011/06/23 12:23:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2011/06/23 12:23:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2011/06/23 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2011/06/23 12:23:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2011/06/23 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Diagnostics

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Searches

[2011/06/23 12:04:06 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/06/23 12:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2011/06/23 12:03:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Identities

[2011/06/23 12:03:56 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Contacts

[2011/06/23 12:03:55 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\VirtualStore

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Temporary Internet Files

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Templates

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Start Menu

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\SendTo

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Recent

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\PrintHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\NetHood

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Videos

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Pictures

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Documents\My Music

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\My Documents

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Local Settings

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\History

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Cookies

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\Application Data

[2011/06/23 12:03:41 | 000,000,000 | -HSD | C] -- C:\Users\Russell Gammon\AppData\Local\Application Data

[2011/06/23 12:03:40 | 000,000,000 | --SD | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Videos

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Saved Games

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Pictures

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Music

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Links

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Favorites

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Downloads

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Documents

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\Desktop

[2011/06/23 12:03:40 | 000,000,000 | R--D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/06/23 12:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Russell Gammon\AppData

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Temp

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Microsoft

[2011/06/23 12:03:40 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Media Center Programs

[2011/06/23 12:03:27 | 000,000,000 | ---D | C] -- C:\Recovery

[2011/06/17 21:15:08 | 000,000,000 | ---D | C] -- C:\Emergency

[2011/06/17 18:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2011/06/17 17:39:29 | 000,000,000 | ---D | C] -- C:\temp

[2011/06/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2011/06/17 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/06/17 16:47:08 | 000,000,000 | ---D | C] -- C:\cabs

[2011/06/17 16:40:14 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Old HDD

[2011/06/17 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Dropbox

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Scanned Documents

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Radiant

[2011/06/17 16:40:03 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Fax

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Electronic Arts

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Downloads

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Documents on Russell's Intrepid

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Converted Videos

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\Any Video Converter

[2011/06/17 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\Documents\ActiveDolls

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\SecuROM

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Roxio

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Nero

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Mozilla

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoneTown

[2011/06/17 16:39:58 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Roaming\Adobe

[2011/06/17 16:39:29 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\TempImages

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\SupportSoft

[2011/06/17 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Mozilla Firefox

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Google

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\GameHouse

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Autodesk

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Apple Computer

[2011/06/17 16:39:24 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AppData\Local\Adobe

[2011/06/17 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Russell Gammon\AdobeLicensingFilesBackup

[2011/06/17 16:38:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro

[2011/06/17 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM

[2011/06/17 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer

[2011/06/17 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\IIS

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum

[2011/06/17 16:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk

[2011/06/17 16:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer

[2011/06/17 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011/06/17 16:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow

[2011/06/17 16:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VDownloader

[2011/06/17 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2011/06/17 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TypingMaster

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt

[2011/06/17 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games

[2011/06/17 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prolific Publishing, Inc

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea

[2011/06/17 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Morphyre

[2011/06/17 16:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2011/06/17 16:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo

[2011/06/17 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company

[2011/06/17 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2011/06/17 16:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldKnight

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freenet

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WAV To MP3 Converter

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOX News Live

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player

[2011/06/17 16:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFmpeg for Audacity

[2011/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2011/06/17 16:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EGirl_v1.5

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2011/06/17 16:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2011/06/17 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011/06/17 16:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai

[2011/06/17 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cherry Dolls

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2011/06/17 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoneTown

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk

[2011/06/17 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2011/06/17 16:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011/06/17 16:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Any DVD Cloner Platinum

[2011/06/17 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft

[2011/06/17 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/06/17 16:32:55 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\Fraps

[2011/06/17 16:29:29 | 000,000,000 | ---D | C] -- C:\DriveKey

[2011/06/17 16:28:59 | 000,000,000 | ---D | C] -- C:\Autodesk

========== Files - Modified Within 30 Days ==========

[2011/07/15 16:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/07/15 16:36:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/15 15:28:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 15:28:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/15 14:04:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Russell Gammon\Desktop\esetsmartinstaller_enu.exe

[2011/07/15 12:50:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/15 12:22:10 | 001,242,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/07/15 12:22:10 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/07/15 12:22:10 | 000,400,916 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat

[2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat

[2011/07/15 12:22:10 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/07/15 12:17:24 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/15 12:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/15 12:17:03 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/15 00:10:45 | 000,001,070 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/14 23:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/07/14 16:43:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/07/14 16:13:59 | 004,152,661 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\ComboFix.exe

[2011/07/14 11:15:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Russell Gammon\Desktop\OTL.scr

[2011/07/14 11:14:49 | 000,000,512 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/14 09:26:25 | 001,905,664 | ---- | M] (AVAST Software) -- C:\Users\Russell Gammon\Desktop\aswMBR.exe

[2011/07/13 23:56:30 | 000,003,183 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:32:19 | 000,302,592 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:25:11 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Russell Gammon\Desktop\dds.scr

[2011/07/13 23:24:52 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:29 | 000,050,477 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:07:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Russell Gammon\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/13 12:28:14 | 000,372,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/07/12 17:50:07 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:50:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat

[2011/07/12 15:52:15 | 000,000,036 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/12 15:50:38 | 000,001,443 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/09 21:46:12 | 000,016,096 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys

[2011/07/09 17:06:10 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin

[2011/07/09 16:59:49 | 000,000,995 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/08 01:21:25 | 000,002,231 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/07/07 00:39:41 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini

[2011/07/06 23:51:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/07/06 17:39:44 | 000,000,102 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:37:15 | 001,274,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/30 19:16:50 | 000,003,584 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/26 02:54:09 | 000,001,132 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2011/06/24 22:46:03 | 000,000,113 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 17:18:46 | 000,001,984 | ---- | M] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/06/24 12:06:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 00:19:41 | 000,000,993 | ---- | M] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/24 00:18:55 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 00:18:55 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/23 23:50:23 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2011/06/23 23:50:23 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys

[2011/06/23 23:50:23 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys

[2011/06/23 23:50:23 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys

[2011/06/23 23:11:03 | 000,000,635 | ---- | M] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2011/06/23 13:56:10 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2011/06/23 13:54:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:24:16 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

========== Files Created - No Company Name ==========

[2011/07/14 17:03:51 | 000,001,984 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

[2011/07/14 17:03:51 | 000,001,132 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk

[2011/07/14 17:03:51 | 000,000,995 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2011/07/14 16:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/07/14 16:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/07/14 16:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/07/14 16:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/07/14 16:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/14 11:14:49 | 000,000,512 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\MBR.dat

[2011/07/13 23:56:30 | 000,003,183 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\attach.zip

[2011/07/13 23:32:20 | 000,302,592 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\ws11gbt8.exe

[2011/07/13 23:24:52 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\defogger_reenable

[2011/07/13 23:24:31 | 000,050,477 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Defogger.exe

[2011/07/13 16:08:47 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/13 13:03:31 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2011/07/13 13:03:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2011/07/12 20:36:38 | 000,001,070 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\World of Warcraft.lnk

[2011/07/12 17:44:22 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe

[2011/07/12 17:43:47 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat

[2011/07/12 15:50:38 | 000,001,449 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/07/12 15:50:38 | 000,001,443 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/07/12 15:50:38 | 000,001,415 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2011/07/10 15:33:00 | 000,000,424 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\SPLINTERCELL3 - Shortcut.lnk

[2011/07/10 08:54:29 | 000,000,036 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\housecall.guid.cache

[2011/07/09 20:43:53 | 000,016,096 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\Schedule8.dat

[2011/07/07 01:04:16 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk

[2011/07/07 01:04:05 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2011/07/07 01:02:03 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk

[2011/07/07 00:39:41 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll

[2011/07/06 23:51:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/06 17:39:44 | 000,000,102 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\fusioncache.dat

[2011/07/06 17:36:34 | 001,274,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/07/06 17:35:47 | 000,002,231 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\The Lord of the Rings Online.lnk

[2011/06/30 01:03:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/06/27 18:31:54 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/27 18:31:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys

[2011/06/26 02:40:35 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin

[2011/06/24 22:46:03 | 000,000,113 | ---- | C] () -- C:\Windows\WININIT.INI

[2011/06/24 22:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\rx_image32.Cache

[2011/06/24 12:06:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/06/24 12:06:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011/06/24 11:21:55 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe

[2011/06/24 11:21:46 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd

[2011/06/24 11:21:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml

[2011/06/24 11:21:01 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml

[2011/06/24 11:20:49 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc

[2011/06/24 11:20:49 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml

[2011/06/24 01:07:27 | 000,400,916 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat

[2011/06/24 01:07:27 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat

[2011/06/24 01:07:27 | 000,110,342 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat

[2011/06/24 01:07:27 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat

[2011/06/24 00:31:57 | 000,001,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2011/06/24 00:19:41 | 000,000,993 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2011/06/23 23:51:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000UA.job

[2011/06/23 23:51:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709093604-3404850255-2198728151-1000Core.job

[2011/06/23 23:23:10 | 000,003,584 | ---- | C] () -- C:\Users\Russell Gammon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/23 23:11:03 | 000,000,635 | ---- | C] () -- C:\Users\Russell Gammon\Desktop\Files - Shortcut.lnk

[2011/06/23 14:50:16 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version

[2011/06/23 13:56:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/06/23 13:55:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/06/23 13:54:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/06/23 12:34:15 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu

[2011/06/23 12:28:50 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2011/06/23 12:27:54 | 000,017,044 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf

[2011/06/23 12:27:54 | 000,008,342 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat

[2011/06/23 12:24:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL

[2011/06/23 12:24:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/06/23 12:24:16 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL

[2011/06/23 12:24:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/06/23 12:24:16 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc

[2011/06/23 12:03:40 | 000,000,290 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2011/06/23 12:03:40 | 000,000,272 | ---- | C] () -- C:\Users\Russell Gammon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2011/06/18 00:15:35 | 2140,393,471 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Autodesk

[2011/06/17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Avery

[2011/07/09 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\BitTorrent

[2011/07/07 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\PrimoPDF

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Registry Mechanic

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Teleca

[2011/06/24 00:48:21 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\Template

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\thriXXX

[2011/06/26 02:54:09 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\vghd

[2011/06/17 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Russell Gammon\AppData\Roaming\YouSendIt

[2009/07/14 00:08:49 | 000,009,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Combofix_uninstall_image.jpg

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Thank you :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.