PC-HELP.CZ

Zdravím ,

Malwarebytes mi stále vyhadzuje že aplikacia test.exe sa hce spustit a hlási mi že je v nej nejaký Trojan/Zlob
Samozrejme stále dám karanténu, robil som už aj sken a nič nenašlo.
Vopred veľmi pekne dakujem !

Prikladám čerstvý log z Hijack this :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:17:26, on 22. 8. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\FRAPS\fraps.exe
D:\GAMES\Steam\Steam.exe
C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
D:\Adobe creative 5\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe creative 5\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Nexus-Ultimate] C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: Synaptics.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18984 bytes

Kde je log z Malwarebytes (rychlý sken)?

nemam ho
Ale skusim ho spustit znova a potom ho priložím, ono mi to po reštarte stále nájde len ten test.exe ...
Momentálne som to doskenoval s mwav a prikladám log :
22 8 2010 19:49:13 - **********************************************************

22 8 2010 19:49:13 - eScan AntiVirus & Spyware Toolkit Utility.

22 8 2010 19:49:13 - Copyright © MicroWorld Technologies

22 8 2010 19:49:13 - **********************************************************

22 8 2010 19:49:13 - Source: C:\Users\Erricco\Downloads\mwav.exe

22 8 2010 19:49:13 - Version 12.0.53 (C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\MEXETMP.EX~)

22 8 2010 19:49:13 - Log File: C:\Users\Erricco\AppData\Local\Temp\MWAV.LOG

22 8 2010 19:49:13 - MWAV Registered: TRUE

22 8 2010 19:49:13 - User Account: Erricco (Administrator Mode)

22 8 2010 19:49:13 - OS Type: Windows Workstation

22 8 2010 19:49:13 - OS: Windows 7 64-Bit

22 8 2010 19:49:13 - Ver: Professional (Build 7600)

22 8 2010 19:49:13 - System Up Time: 5 Hours, 13 Minutes, 0 Second



22 8 2010 19:49:13 - Parent Process Name : C:\Users\Erricco\AppData\Local\Temp\mexe.com

22 8 2010 19:49:13 - Windows Root Folder: C:\Windows

22 8 2010 19:49:13 - Windows Sys32 Folder: C:\Windows\system32

22 8 2010 19:49:13 - DHCP NameServer: 192.168.10.1

22 8 2010 19:49:13 - Interface0 DHCPNameServer: 192.168.0.1

22 8 2010 19:49:13 - Interface1 DHCPNameServer: 192.168.10.1

22 8 2010 19:49:13 - Local Fixed Drives: c:\,d:\,f:\,g:\

22 8 2010 19:49:13 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

22 8 2010 19:49:13 - [CREATED ZIP FILE: C:\Users\Erricco\AppData\Local\Temp\pinfect.zip]



22 8 2010 19:49:13 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

22 8 2010 19:49:13 - C:\Windows\unvise32.exe (90112), 09-Aug-2010, MindVision Software, Installer VISE

22 8 2010 19:49:14 - C:\Windows\WSYS049.SYS (106), 16-Aug-2010 [HS] [Added C:\Windows\WSYS049.SYS to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll (5120), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\aticalcl64.dll (44544), 14-Aug-2010, Advanced Micro Devices Inc., ATI CAL compiler runtime

22 8 2010 19:49:14 - C:\Windows\system32\aticaldd64.dll (5378560), 14-Aug-2010, Advanced Micro Devices Inc., ATI CAL DD

22 8 2010 19:49:14 - C:\Windows\system32\aticalrt64.dll (51200), 14-Aug-2010, Advanced Micro Devices Inc., ATI CAL runtime

22 8 2010 19:49:14 - C:\Windows\system32\aticfx64.dll (594432), 14-Aug-2010, ATI Technologies Inc., ATI Technologies Inc. Radeon DirectX 11 Driver

22 8 2010 19:49:14 - C:\Windows\system32\atidxx64.dll (4463616), 14-Aug-2010, ATI Technologies Inc., ATI Technologies Inc. Radeon DirectX 11 Driver

22 8 2010 19:49:14 - C:\Windows\system32\atimpc64.dll (54272), 14-Aug-2010, Advanced Micro Devices, Inc., Advanced Micro Devices, Inc. Radeon PCOM Universal Driver

22 8 2010 19:49:14 - C:\Windows\system32\atipdl64.dll (421376), 14-Aug-2010, ATI Technologies, Inc., ATI Desktop Component

22 8 2010 19:49:14 - C:\Windows\system32\atiu9p64.dll (30208), 14-Aug-2010, Advanced Micro Devices, Inc., Advanced Micro Devices, Inc PowerXpress Vista User Mode Driver

22 8 2010 19:49:14 - C:\Windows\system32\atiumd64.dll (5099008), 14-Aug-2010, ATI Technologies Inc., ATI Technologies Inc. Radeon DirectX Universal Driver

22 8 2010 19:49:14 - C:\Windows\system32\atiumd6a.dll (2785792), 14-Aug-2010, Advanced Micro Devices, Inc., Advanced Micro Devices, Inc. Radeon Video Acceleration Universal Driver

22 8 2010 19:49:14 - C:\Windows\system32\AudioCDRipEnt2.ocx (393216), 16-Aug-2010, DGPDev, AudioCDRipEnt2 ActiveX Control

22 8 2010 19:49:14 - C:\Windows\system32\BORLNDMM.DLL (18944), 16-Aug-2010, Inprise Corporation, Borland Memory Manager

22 8 2010 19:49:14 - C:\Windows\system32\DGDiscID.ocx (69632), 16-Aug-2010, DGPDev, DGDiscID ActiveX Control Module

22 8 2010 19:49:14 - C:\Windows\system32\DGRip.dll (36864), 16-Aug-2010 [Added C:\Windows\system32\DGRip.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\eEmpty.exe (34048), 22-Aug-2010, MicroWorld Technologies Inc., eScan For Windows

22 8 2010 19:49:14 - C:\Windows\system32\iccvid.dll (82944), 11-Aug-2010, Radius Inc., Cinepak for Windows 32

22 8 2010 19:49:14 - C:\Windows\system32\iedkcs32.dll (381440), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\ieframe.dll (10985472), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\iepeers.dll (185856), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\ieui.dll (176640), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\Ilda32.dll (233472), 16-Aug-2010, Creative Development LTD

22 8 2010 19:49:14 - C:\Windows\system32\iwpSetup.exe (207872), 16-Aug-2010, Incomedia - www.websitex5.com, Incomedia Setup

22 8 2010 19:49:14 - C:\Windows\system32\jsproxy.dll (48128), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\libfaac.dll (61440), 16-Aug-2010 [Added C:\Windows\system32\libfaac.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\msfeedsbs.dll (64512), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\msfeedssync.exe (12800), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\mshtml.dll (5971456), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\mstime.dll (606208), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\msvcrtd.dll (401484), 16-Aug-2010, Microsoft Corporation, Microsoft (R) Visual C++

22 8 2010 19:49:14 - C:\Windows\system32\msxml3.dll (1233920), 11-Aug-2010, Microsoft Corporation, Microsoft(R) MSXML 3.0 SP11

22 8 2010 19:49:14 - C:\Windows\system32\ntkrnlpa.exe (3955080), 11-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\ntoskrnl.exe (3899784), 11-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\PnkBstrB.exe (107832), 08-Aug-2010 [Added C:\Windows\system32\PnkBstrB.exe to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\rtutils.dll (37376), 11-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\schannel.dll (224256), 11-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Windows\system32\SynCOM.dll (173352), 10-Aug-2010, Synaptics Incorporated, COM SDK

22 8 2010 19:49:14 - C:\Windows\system32\SynCtrl.dll (210216), 10-Aug-2010, Synaptics Incorporated, Synaptics ActiveX Control

22 8 2010 19:49:14 - C:\Windows\system32\SynTPCOM.dll (107816), 10-Aug-2010, Synaptics Incorporated, Synaptics Pointing Device Driver

22 8 2010 19:49:14 - C:\Windows\system32\urlmon.dll (1226240), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\VB5STKIT.DLL (29696), 16-Aug-2010, Microsoft Corporation, Microsoft® Visual Basic for Windows

22 8 2010 19:49:14 - C:\Windows\system32\wininet.dll (978432), 11-Aug-2010, Microsoft Corporation, Windows® Internet Explorer

22 8 2010 19:49:14 - C:\Windows\system32\WnASPI32.dll (220160), 16-Aug-2010 [Added C:\Windows\system32\WnASPI32.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\Windows\system32\wodFtpDLX.dll (831776), 16-Aug-2010, WeOnlyDo! Inc., WeOnlyDo! FtpDLX Component

22 8 2010 19:49:14 - C:\Windows\system32\wodFtpDLX.OCX (938272), 16-Aug-2010, WeOnlyDo! Inc., WeOnlyDo! FtpDLX ActiveX Control

22 8 2010 19:49:14 - C:\Windows\system32\XceedFtp.dll (274976), 16-Aug-2010, Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com, Xceed FTP Library

22 8 2010 19:49:14 - C:\Windows\system32\xpysys.dll (168), 16-Aug-2010 [Added C:\Windows\system32\xpysys.dll to ZIP FILE]

22 8 2010 19:49:14 - C:\G73Jh.BIN (2097152), 05-Jan-2010 [H]

22 8 2010 19:49:14 - C:\linux.bin (512), 30-May-2010 [H] [Added C:\linux.bin to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\aiw150867896.EXE (53248), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\aiw150867896.EXE to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\Artisteer.2.3.0.25189.exe (63673536), 20-Apr-2010 [HS]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\BACKUP.12390950.mexe.com (2505288), 22-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\bdc.exe (91904), 22-Aug-2010, MicroWorld Tech, eScan

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\bdfltlib2k.dll (231944), 22-Aug-2010, MicroWorld Technologies Inc., eScan for Windows

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG417.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG417.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG5746.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG5746.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG6441.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG6441.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG649B.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG649B.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG7F20.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG7F20.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\CFG8E4C.tmp (123), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\CFG8E4C.tmp to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\clean.bat (11), 22-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\clean.bat to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\DEVCON.EXE (61184), 22-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\eEmpty.exe (34048), 22-Aug-2010, MicroWorld Technologies Inc., eScan For Windows

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\encdec.dll (162824), 22-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\erootdrv.sys (13832), 22-Aug-2010, MicroWorld Technologies Inc., eScan/MWAV

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\mexe.com (2505288), 22-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\msvclnt.dll (236040), 22-Aug-2010, MicroWorld Technologies Inc., MailScan

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\msvcp60.dll (401462), 22-Aug-2010, Microsoft Corporation, Microsoft (R) Visual C++

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\mwavdwnl.exe (785416), 22-Aug-2010, MicroWorld Technologies Inc., eScan

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\MWAVSCAN.COM (2505288), 22-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\plugins.htm (3918), 22-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\plugins.htm to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\red32.dll (10248), 22-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\reload.exe (158728), 22-Aug-2010, MicroWorld Technologies Inc., eScan for Windows

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\setpriv.exe (64520), 22-Aug-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\twapi-2.0a2.dll (409692), 22-Aug-2010, Ashok P. Nadkarni, Tcl Windows API Extension

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\unregx.exe (76296), 22-Aug-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\UPDLL10.DLL (858120), 07-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\utt9197.tmp.bat (73), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\utt9197.tmp.bat to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\viewtcp.exe (574472), 22-Aug-2010, MicroWorld Technologies Inc., ViewTCP

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\Vxp.exe (320512), 19-Aug-2010, ApexDC++ Development Team, Apex

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\Vxq.exe (193536), 19-Aug-2010, ApexDC++ Development Team, Apex

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\~DF00BDBE863400A8AC.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF00BDBE863400A8AC.TMP to ZIP FILE]

22 8 2010 19:49:14 - C:\Users\Erricco\AppData\Local\Temp\~DF0622EE07FC588535.TMP (278528), 22-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF0622EE07FC588535.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF0DF973CD0C9A883F.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF0DF973CD0C9A883F.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF1259E2D9A08155B2.TMP (278528), 22-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF1259E2D9A08155B2.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF13E8958F69E9AE20.TMP (16384), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF13E8958F69E9AE20.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF1FDE9CC9D485DBA1.TMP (278528), 22-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF1FDE9CC9D485DBA1.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF24C4C6C35E95AE06.TMP (49152), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF24C4C6C35E95AE06.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF380E9B7565B4B51B.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF380E9B7565B4B51B.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF4319E395E6E8CECC.TMP (278528), 22-Aug-2010 [Unable to Add C:\Users\Erricco\AppData\Local\Temp\~DF4319E395E6E8CECC.TMP to ZIP FILE! ResultCode: 512]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF4CC087424BC5FF54.TMP (278528), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF4CC087424BC5FF54.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF5021DC24F1067F99.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF5021DC24F1067F99.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF53BB4CCD13388BD4.TMP (49152), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF53BB4CCD13388BD4.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF57CE6CCEFCA23F56.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF57CE6CCEFCA23F56.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF6DD0D800A14E6BBF.TMP (16384), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF6DD0D800A14E6BBF.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF78C4BBC8D4A07A98.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF78C4BBC8D4A07A98.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF8AC4881E2F9E0289.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF8AC4881E2F9E0289.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DF98A6D2F4A1FA3FBA.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DF98A6D2F4A1FA3FBA.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFA6575E580B9A32C5.TMP (278528), 21-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFA6575E580B9A32C5.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFC10571CC9351E7EA.TMP (49152), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFC10571CC9351E7EA.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFD88D4D089F8DD371.TMP (278528), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFD88D4D089F8DD371.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFD9BD02E428C06547.TMP (16384), 20-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFD9BD02E428C06547.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFFAA602C9D34CCB38.TMP (278528), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFFAA602C9D34CCB38.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\~DFFDAC032A63569E4A.TMP (65536), 19-Aug-2010 [Added C:\Users\Erricco\AppData\Local\Temp\~DFFDAC032A63569E4A.TMP to ZIP FILE]

22 8 2010 19:49:15 - C:\ProgramData\..\G73Jh.BIN (2097152), 05-Jan-2010 [H]

22 8 2010 19:49:15 - C:\ProgramData\..\linux.bin (512), 30-May-2010 [H] [Added C:\ProgramData\..\linux.bin to ZIP FILE]



22 8 2010 19:49:15 - C:\Windows\BitLockerDiscoveryVolumeContents, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]

22 8 2010 19:49:15 - C:\Windows\logo_1.exe, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Windows\Media, 14-Jul-2009 [SR] [Folder]

22 8 2010 19:49:15 - C:\Windows\msdownld.tmp, 09-Aug-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\Windows\RegisteredPackages, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Windows\RUNDL132.EXE, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Windows\VDLL.DLL, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Windows\system32\rserver30, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Windows\system32\runouce.exe, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ASUS.DAT, 20-Jun-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ASUS.SYS, 12-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\Boot, 29-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\bootwiz, 26-May-2010 [HSR] [Folder]

22 8 2010 19:49:15 - C:\Config.Msi, 26-May-2010 [HS] [Folder]

22 8 2010 19:49:15 - C:\Documents and Settings, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\Intel, 27-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\MSOCache, 17-Jun-2010 [HR] [Folder]

22 8 2010 19:49:15 - C:\NST, 30-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData, 14-Jul-2009 [H] [Folder]

22 8 2010 19:49:15 - C:\Recovery, 29-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\27FA.dir, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\629f6857-95f9-4807-9ee4-1df8f081af2a, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\7zED783.tmp, 20-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\7zOD453.tmp, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\7zOF6D5.tmp, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\Acrobat Distiller 9, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\AVCBack, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\FtpTemp, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\FtpTempF, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\hsperfdata_Erricco, 08-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\lilo.5572, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\LOCK, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\Log, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\Logishrd, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\Logitech, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\lu, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\pftF604.tmp, 08-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\plugins, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\plugtmp, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\plugtmp-1, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir14695, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir17477, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir17481, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir17485, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir22780, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir23415, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir24775, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir2577, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir26633, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir27011, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir27746, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir29725, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir31215, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\scoped_dir7447, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\TeamViewer, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\tmp00006248, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\vmware-Erricco, 15-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\vsd_tmpdir, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\WebSiteX5, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\wp1203029, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\WPDNSE, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\wsfembeddedpreview1281992601 files, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\_tc, 15-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{363E7522-60F6-40FB-AE2F-220773018546}, 10-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{3E11F59E-9256-43F8-8FD1-922CAF3496A3}, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{79D99717-E970-453C-9158-C785F23C6885}, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{86A8C5F0-DC0C-44F4-AD70-505482503EC0}, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{915b2f64-7866-4e5f-95b8-28800de7a26a}, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{A58829DF-8EE8-4DC1-A1F8-B332DF951257}, 15-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{B24B936A-319E-458D-B8FF-90340C8E3926}, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Local\Temp\{E0B19368-4073-4683-B5B6-2B61B3F0EF22}, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\Artisteer, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\CoffeeCup Software, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\FileZilla, 15-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\Microsoft, 24-May-2010 [S] [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\PACE Anti-Piracy, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\PSpad, 18-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\Serif, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\Synaptics, 10-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\TeamViewer, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Users\Erricco\AppData\Roaming\Ulead Systems, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\ALM, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Apple, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Apple Computer, 17-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\ATI, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\InstallShield, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Media Center Programs, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Microsoft, 14-Jul-2009 [S] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\MicroWorld, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\PACE Anti-Piracy, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Pinnacle, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Pinnacle Studio Ultimate Collection, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\regid.1986-12.com.adobe, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\Ulead Systems, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\ASUS.DAT, 20-Jun-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\ASUS.SYS, 12-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\Boot, 29-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\bootwiz, 26-May-2010 [HSR] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\Config.Msi, 26-May-2010 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\Intel, 27-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\MSOCache, 17-Jun-2010 [HR] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\NST, 30-May-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\ProgramData, 14-Jul-2009 [H] [Folder]

22 8 2010 19:49:15 - C:\ProgramData\..\Recovery, 29-Jul-2009 [HS] [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Apple Software Update, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Artisteer 2, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Atheros, 10-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\CoffeeCup Software, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Corel, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Creative Installation Information, 05-Aug-2010 [H] [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Elaborate Bytes, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\FileZilla FTP Client, 15-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\My Company Name, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\oZone3D, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\PSPad editor, 18-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\QuickTime, 17-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Serif, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\TeamViewer, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Trend Micro, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\western civilisation, 19-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Windows Media Components, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\Apple, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\ATI Technologies, 14-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\ControlDeck, 21-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\MicroWorld, 22-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\Pinnacle, 09-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\Sonic Shared, 11-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\Microsoft Shared\DhtmlEd, 16-Aug-2010 [Folder]

22 8 2010 19:49:15 - C:\Program Files (x86)\Common Files\Microsoft Shared\SFPCA Cache, 10-Aug-2010 [Folder]



22 8 2010 19:49:15 - *********************************************************************************************



22 8 2010 19:49:15 - Command Line Options Given: /xsign

22 8 2010 19:49:16 - Latest Date of files inside MWAV: Sun Aug 22 19:04:37 2010.

22 8 2010 19:49:16 - Plugins FileCount: 784 Sign Version: 7.33516

22 8 2010 19:49:16 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Erricco\AppData\Local\Temp\ESCANDB.LOG]

22 8 2010 19:49:16 - Loaded/Created FileScan Database...

22 8 2010 19:49:16 - Loading AV Library [DB]...

22 8 2010 19:49:17 - AV Library Loaded [DB-DIRECT].

22 8 2010 19:49:17 - MWAV doing self scanning...

22 8 2010 19:49:17 - MWAV files are clean.
22 8 2010 19:49:21 - Virus Database Date: 22 Aug 2010
22 8 2010 19:49:21 - Virus Database Count: 6167072

22 8 2010 19:49:41 - **********************************************************
22 8 2010 19:49:41 - eScan AntiVirus & Spyware Toolkit Utility.
22 8 2010 19:49:41 - Copyright © MicroWorld Technologies
22 8 2010 19:49:41 -
22 8 2010 19:49:41 - Support: support@escanav.com
22 8 2010 19:49:41 - Web: http://www.escanav.com
22 8 2010 19:49:41 - **********************************************************
22 8 2010 19:49:41 - Version 12.0.53[DB] (C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
22 8 2010 19:49:41 - Log File: C:\Users\Erricco\AppData\Local\Temp\MWAV.LOG
22 8 2010 19:49:41 - User Account: Erricco (Administrator Mode)
22 8 2010 19:49:41 - Parent Process Name : C:\Users\Erricco\AppData\Local\Temp\mexe.com
22 8 2010 19:49:41 - Windows Root Folder: C:\Windows
22 8 2010 19:49:41 - Windows Sys32 Folder: C:\Windows\system32
22 8 2010 19:49:41 - OS: Windows 7 64-Bit
22 8 2010 19:49:41 - Ver: Professional (Build 7600)
22 8 2010 19:49:41 - Latest Date of files inside MWAV: Sun Aug 22 19:04:37 2010.
22 8 2010 19:49:41 - Plugins FileCount: 784 Sign Version: 7.33516

22 8 2010 19:49:41 - Options Selected by User:
22 8 2010 19:49:41 - Memory Check: Enabled
22 8 2010 19:49:41 - Registry Check: Enabled
22 8 2010 19:49:41 - StartUp Folder Check: Enabled
22 8 2010 19:49:41 - System Folder Check: Enabled
22 8 2010 19:49:41 - Services Check: Enabled
22 8 2010 19:49:41 - Scan Spyware: Enabled
22 8 2010 19:49:41 - Drive Check: Enabled
22 8 2010 19:49:41 - All Drive Check isabled
22 8 2010 19:49:41 - Drive Selected = C:\
22 8 2010 19:49:41 - Folder Check: Disabled
22 8 2010 19:49:41 - SCAN: All_Files
22 8 2010 19:49:41 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


22 8 2010 19:49:41 - ***** Scanning Memory Files *****

22 8 2010 19:50:02 - ***** Scanning Registry Files *****

22 8 2010 19:50:07 - ***** Scanning StartUp Folders *****

22 8 2010 19:50:07 - ***** Scanning Service Files *****
22 8 2010 19:50:07 - ERROR(2)!!! Invalid Entry system32\DRIVERS\EIO64.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\EIO64.
22 8 2010 19:50:13 - ERROR(2)!!! Invalid Entry C:\Windows\System32\uxtuneup.dll. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\UxTuneUp.
22 8 2010 19:50:13 - ERROR(2)!!! Invalid Entry system32\DRIVERS\VBoxNetFlt.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\VBoxNetFlt.
22 8 2010 19:50:13 - ERROR(2)!!! Invalid Entry C:\Program Files (x86)\Winstep\WsxService. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\Winstep Xtreme Service.

22 8 2010 19:50:13 - ***** Scanning Registry and File system for Adware/Spyware *****
22 8 2010 19:50:14 - Loading Spyware Signatures from new External Database [Name: C:\Users\Erricco\AppData\Local\Temp\spydb.avs, Size: 950400]...
22 8 2010 19:50:14 - Indexed Spyware Databases Successfully Created...

22 8 2010 19:52:07 - Offending file found: C:\Windows\0
22 8 2010 19:52:07 - System found infected with PC Sweeper (0)! Action taken: File Deleted.
22 8 2010 19:52:07 - Object "PC Sweeper" found in File System! Action Taken: File Deleted.

22 8 2010 19:52:07 - Offending file found: C:\Windows\unins000.exe
22 8 2010 19:52:07 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: File Deleted.
22 8 2010 19:52:07 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted.

22 8 2010 19:52:07 - Offending file found: C:\Windows\system32\0
22 8 2010 19:52:07 - System found infected with PC Sweeper (0)! Action taken: File Deleted.
22 8 2010 19:52:07 - Object "PC Sweeper" found in File System! Action Taken: File Deleted.

22 8 2010 19:52:09 - Offending file found: C:\Users\Erricco\AppData\Local\Criterion Games\Burnout Paradise\GameData\0
22 8 2010 19:52:09 - System found infected with PC Sweeper (0)! Action taken: File Deleted.
22 8 2010 19:52:09 - Object "PC Sweeper" found in File System! Action Taken: File Deleted.

22 8 2010 19:52:12 - Offending file found: C:\Users\Erricco\Documents\VirtualDJ\Plugins\VideoTransition\grid.dll
22 8 2010 19:52:12 - System found infected with Jqs.exe Generic Malware (grid.dll)! Action taken: File Deleted.
22 8 2010 19:52:12 - Object "Jqs.exe Generic Malware" found in File System! Action Taken: File Deleted.

22 8 2010 19:52:13 - Offending file found: C:\ProgramData\Adobe\CS5\jre\lib\zi\America\Argentina\Mendoza
22 8 2010 19:52:13 - System found infected with combo Spyware/Adware (Mendoza)! Action taken: File Deleted.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.AddressLists
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.AddressLists)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.MAPIFolder
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.MAPIFolder)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.MAPITable
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.MAPITable)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.MAPIUtils
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.MAPIUtils)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeAppointmentItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeAppointmentItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeContactItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeContactItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeCurrentUser
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeCurrentUser)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeDistList
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeDistList)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeJournalItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeJournalItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeMailItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeMailItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeMeetingItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeMeetingItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafePostItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafePostItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCR\Redemption.SafeTaskItem
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCR\Redemption.SafeTaskItem)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
22 8 2010 19:52:14 - System found infected with combo Spyware/Adware (HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Offending Registry Entry found: HKLM\software\microsoft\windows\currentversion\uninstall\xvid
22 8 2010 19:52:14 - System found infected with Cutwail Trojan (HKLM\software\microsoft\windows\currentversion\uninstall\xvid)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Object "Cutwail Trojan" found in File System! Action Taken: Entries Removed.

22 8 2010 19:52:14 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000}
22 8 2010 19:52:14 - System found infected with Your Protection Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: Entries Removed.
22 8 2010 19:52:14 - Object "Your Protection Spyware/Adware" found in File System! Action Taken: Entries Removed.

22 8 2010 19:52:14 - Offending Registry Entry found: HKCU\Software\Classes\.exe
22 8 2010 19:52:14 - System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action taken: Entries Removed.
22 8 2010 19:52:14 - Object "XP AntiMalware Spyware/Adware" found in File System! Action Taken: Entries Removed.


22 8 2010 19:52:14 - ***** Scanning Registry Files *****
22 8 2010 19:52:15 - Clearing Temporary sub-folders as Spyware/Adware found in system...
22 8 2010 19:52:16 - Few files will be deleted *ONLY* on reboot...
22 8 2010 19:52:16 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
22 8 2010 19:52:16 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
22 8 2010 19:52:16 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
22 8 2010 19:52:16 - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
22 8 2010 19:52:16 - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
22 8 2010 19:52:16 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://start.icq.com/

22 8 2010 19:52:16 - ***** Scanning System32 Folders *****
22 8 2010 19:52:24 - ScanFile took 5.26 Secs [C:\Windows\system32\atioglxx.dll]...

22 8 2010 19:52:40 - C:\Windows\system32\log.txt not Scanned. Possibly password protected...


22 8 2010 19:53:13 - ***** Scanning Drive C:\ *****
22 8 2010 19:53:57 - C:\Boot\BCD not Scanned. Possibly password protected...
22 8 2010 19:53:57 - C:\Boot\BCD.LOG not Scanned. Possibly password protected...
22 8 2010 20:40:22 - Scanning File C:\Program Files (x86)\VMware\VMware Workstation\messages\ja\vmnetui-ja.dll
22 8 2010 20:40:22 - File C:\Program Files (x86)\VMware\VMware Workstation\messages\ja\vmnetui-ja.dll tagged as "NULL.Corrupted". Action Taken: File Deleted.

22 8 2010 20:40:40 - Scanning File C:\Program Files (x86)\VMware\VMware Workstation\vmnetmgr.dll
22 8 2010 20:40:40 - File C:\Program Files (x86)\VMware\VMware Workstation\vmnetmgr.dll tagged as "NULL.Corrupted". Action Taken: File Deleted.

22 8 2010 20:44:30 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\486d71df.qua
22 8 2010 20:44:30 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\486d71df.qua infected by "Trojan.Generic.4126991 (DB)" Virus! Action Taken: File Renamed.

22 8 2010 20:44:30 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4887b71a.qua
22 8 2010 20:44:30 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4887b71a.qua infected by "Rootkit.36208 (DB)" Virus! Action Taken: File Deleted.

22 8 2010 20:44:31 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48bfaafd.qua
22 8 2010 20:44:31 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48bfaafd.qua infected by "Worm.Generic.59359 (DB)" Virus! Action Taken: File Renamed.

22 8 2010 20:44:31 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48c5659a.qua
22 8 2010 20:44:31 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48c5659a.qua infected by "Rootkit.36208 (DB)" Virus! Action Taken: File Deleted.

22 8 2010 20:44:31 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48ebd4db.qua
22 8 2010 20:44:31 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\48ebd4db.qua infected by "Trojan.Generic.3987377 (DB)" Virus! Action Taken: File Renamed.

22 8 2010 20:44:33 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4e23ebf9.qua
22 8 2010 20:44:34 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4e23ebf9.qua infected by "Dropped:Backdoor.Generic.405790 (DB)" Virus! Action Taken: File Renamed.

22 8 2010 20:44:34 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4ec0a014.qua
22 8 2010 20:44:34 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4ec0a014.qua infected by "Trojan.Generic.2861923 (DB)" Virus! Action Taken: File Renamed.

22 8 2010 20:44:37 - C:\ProgramData\Avira\AntiVir Desktop\TEMP\avguard.tmp not Scanned. Possibly password protected...
22 8 2010 20:45:56 - ScanFile took 7.58 Secs [C:\ProgramData\MAGIX\MusicMaker16Premium_Download_Version\Synth\Robota.syn]...

22 8 2010 20:47:02 - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin not Scanned. Possibly password protected...
22 8 2010 20:47:55 - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
22 8 2010 20:47:55 - C:\System Volume Information\Syscache.hve.LOG1 not Scanned. Possibly password protected...
22 8 2010 20:49:51 - C:\Users\Erricco\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected...
22 8 2010 20:52:45 - INVALID ATTRIBUTES FOR FOLDER [C:\Users\Erricco\Downloads\N2010ABSDV\NOW 2010 - A Banda Sonora Deste Verao!]. IGNORING.
22 8 2010 20:52:49 - C:\Users\Erricco\ntuser.dat.LOG1 not Scanned. Possibly password protected...
22 8 2010 21:03:13 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
22 8 2010 21:03:13 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
22 8 2010 21:03:14 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
22 8 2010 21:03:34 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
22 8 2010 21:04:49 - C:\Windows\System32\catroot2\edb.log not Scanned. Possibly password protected...
22 8 2010 21:04:49 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
22 8 2010 21:04:49 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
22 8 2010 21:06:43 - ScanFile took 5.13 Secs [C:\Windows\System32\DriverStore\FileRepository\c7102495.inf_amd64_neutral_1d61849877690c54\B102427\atioglxx.dll]...

22 8 2010 21:06:53 - ScanFile took 5.10 Secs [C:\Windows\System32\DriverStore\FileRepository\c7103191.inf_amd64_neutral_e98d9a60b35ede79\B103202\atioglxx.dll]...

22 8 2010 21:07:03 - ScanFile took 5.52 Secs [C:\Windows\System32\DriverStore\FileRepository\c7_92929.inf_amd64_neutral_8f555909d0522dbe\B_93285\atioglxx.dll]...

22 8 2010 21:07:13 - ScanFile took 5.09 Secs [C:\Windows\System32\DriverStore\FileRepository\c7_99996.inf_amd64_neutral_d40ea0c5f0876de3\B_99645\atioglxx.dll]...

22 8 2010 21:07:23 - ScanFile took 5.23 Secs [C:\Windows\System32\DriverStore\FileRepository\ch102495.inf_amd64_neutral_04124dd71cfd995d\B102427\atioglxx.dll]...

22 8 2010 21:07:32 - ScanFile took 5.09 Secs [C:\Windows\System32\DriverStore\FileRepository\ch_99996.inf_amd64_neutral_a7e4949dea5d44c1\B_99645\atioglxx.dll]...

22 8 2010 21:13:40 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected...
22 8 2010 21:13:40 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected...
22 8 2010 21:13:40 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl not Scanned. Possibly password protected...
22 8 2010 21:13:40 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected...
22 8 2010 21:13:40 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl not Scanned. Possibly password protected...
22 8 2010 21:19:41 - ScanFile took 5.05 Secs [C:\Windows\SysWOW64\atioglxx.dll]...

tak prave som prišiel z práce, zapol PC a Avira mi našla a uložila do karanteny tieto 2 virusy :

Drop.Renos.C.4 Trojan
Agent.atw.1 Trojan

oba v priečinku .. local/temp/ Vxp.exe a Vwq.exe

pls heeelp :(

log z MAlwarebytes je následovný :

12:45:38 Erricco MESSAGE Protection started successfully
13:53:08 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob QUARANTINE
13:54:32 Erricco MESSAGE Database updated successfully
14:00:22 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob QUARANTINE
14:00:23 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:00:23 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob DENY
14:04:24 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob DENY
14:04:25 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:04:25 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:25:30 Erricco MESSAGE Protection started successfully
14:39:13 Erricco MESSAGE Protection started successfully

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
******************************************************************************************
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.


Pleteš si MWAV s MbAM..

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

zdravím, ďakujem za pomoc !

Mwav a MbAM si nepletiem :)

Prvotný sken bol prevedený v MbAM a našlo mi toto :

12:45:38 Erricco MESSAGE Protection started successfully
13:53:08 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob QUARANTINE
13:54:32 Erricco MESSAGE Database updated successfully
14:00:22 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob QUARANTINE
14:00:23 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:00:23 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob DENY
14:04:24 Erricco DETECTION C:\USERS\ERRICCO\APPDATA\LOCAL\TEMP\TEST.EXE Trojan.Zlob DENY
14:04:25 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:04:25 Erricco DETECTION C:\Users\Erricco\AppData\Local\Temp\Test.exe Trojan.Zlob DENY
14:25:30 Erricco MESSAGE Protection started successfully
14:39:13 Erricco MESSAGE Protection started successfully

Potom som to skenoval s MWAV a z toho pochádza ten dlhý sken v mojom druhom príspevku .
Dnes mi pri štarte Avira našla a uložila do karanteny subory ktoré som popísal v mojom 3 príspevku.

Urobil som všetko ako ste mi kázal a prikladám čerstvý log z MbAM :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4466

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23. 8. 2010 18:51:36
mbam-log-2010-08-23 (18-51-36).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 144254
Uplynulý čas: 4 min, 29 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)


(budem späť o cca. 10 minut )

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož

vkladám ešte teplý log rozdelený na 3 časti (1/3) :

OTL logfile created on: 23. 8. 2010 20:42:43 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Erricco\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 71,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 46,79 Gb Free Space | 40,18% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 179,28 Gb Free Space | 54,36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232,87 Gb Total Space | 12,78 Gb Free Space | 5,49% Space Free | Partition Type: NTFS
Drive G: | 213,36 Gb Total Space | 141,66 Gb Free Space | 66,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERRICCO-PC
Current User Name: Erricco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/23 20:42:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Erricco\Downloads\OTL.exe
PRC - [2010/08/23 00:34:16 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010/08/16 00:08:44 | 007,588,864 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2010/08/08 18:46:14 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/02 11:40:34 | 010,065,461 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe
PRC - [2010/07/24 09:12:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/24 09:12:51 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/12 23:05:16 | 001,238,352 | ---- | M] (Valve Corporation) -- D:\GAMES\Steam\Steam.exe
PRC - [2010/06/24 17:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/06/09 09:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/06/07 05:56:14 | 000,113,976 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2010/06/07 05:56:06 | 000,347,448 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/05/28 00:41:30 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
PRC - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/05/21 00:56:12 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010/05/20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/05/03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/02 09:11:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/31 08:02:36 | 002,181,040 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\FRAPS\fraps.exe
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/26 11:46:48 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
PRC - [2010/03/06 03:44:40 | 000,500,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/01/05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/09 07:50:00 | 003,514,112 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/29 16:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/12/08 17:01:52 | 000,224,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe creative 5\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 20:42:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Erricco\Downloads\OTL.exe
MOD - [2010/05/16 06:40:16 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2010/03/31 07:20:46 | 000,206,768 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\FRAPS\fraps32.dll
MOD - [2010/03/26 10:41:04 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\syswow64\BtMmHook.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/08/05 19:10:44 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/30 16:36:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/03/26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 10:33:00 | 050,612,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2009/09/26 03:36:06 | 000,174,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/08/11 21:28:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/08 18:46:14 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/05 23:59:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/05 23:56:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/04 22:02:02 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/06/07 14:25:52 | 000,047,776 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/05/28 00:41:30 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/05/25 02:29:47 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/25 01:42:37 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/05/20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/05/07 16:40:04 | 001,403,208 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/31 19:27:43 | 000,026,424 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DRIVER_BIN64 -- (DRIVER_B)
DRV:64bit: - [2010/07/30 17:04:50 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/07/30 17:04:50 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/30 16:02:52 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/25 15:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/06/07 11:08:54 | 000,294,760 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/06/07 11:08:54 | 000,202,792 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/06/07 11:08:54 | 000,156,392 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/06/07 11:08:54 | 000,052,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/06/07 11:08:54 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/06/07 11:08:54 | 000,032,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/05/26 14:50:56 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/25 00:43:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/24 20:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/05/21 00:57:12 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/05/21 00:57:04 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/05/21 00:55:04 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/05/21 00:54:52 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/05/20 23:40:12 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/05/20 21:19:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/05/20 21:19:18 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/05/20 21:19:18 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/05/17 20:04:08 | 000,020,456 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/21 15:47:50 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/03/18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/03/06 09:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 14:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/18 21:22:56 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/02/15 19:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/14 14:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/14 14:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/11 16:36:32 | 000,011,520 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Asusgms.sys -- (AsusgmsFltr)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/18 12:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/09 14:00:44 | 000,005,632 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rminiv3.sys -- (mirrorv3)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/01 06:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/06/07 05:56:10 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2010/05/27 13:53:13 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\BS_DEF.sys -- (BS_DEF)
DRV - [2010/04/27 16:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/04/02 09:11:16 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/08/01 00:03:54] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/02/25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.6046
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009110201
FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: dave2x@download:0.6.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.7.107
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/17 18:29:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/23 17:46:01 | 000,000,000 | ---D | M]

[2010/05/25 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Extensions
[2010/08/23 19:24:58 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions
[2010/05/29 22:22:10 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/05/26 23:47:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/19 18:25:07 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/05/30 14:41:05 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/25 02:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010/08/11 20:28:48 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/06/23 21:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/26 23:12:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/19 18:25:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 14:41:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/30 14:41:21 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010/05/25 03:08:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/10 00:18:59 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\amin.eft_Shutdown@gmail.com
[2010/06/26 23:54:33 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\dave2x@download
[2010/08/10 16:44:04 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\firefox1@myibay.com
[2010/08/09 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\nasanightlaunch@example.com
[2010/07/27 22:40:28 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\personas@christopher.beard
[2010/05/25 03:39:53 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010/08/01 20:22:36 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\toolbar@ask.com
[2010/05/25 02:41:39 | 000,000,000 | ---D | M] -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
[2010/05/29 22:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/05/30 14:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erricco\AppData\Roaming\mozilla\Firefox\Profiles\idy71rgk.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/08/17 18:56:56 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-1.xml
[2010/06/25 23:37:02 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-2.xml
[2010/07/22 12:07:33 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-3.xml
[2010/07/24 09:13:07 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-4.xml
[2010/07/27 22:56:04 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-5.xml
[2010/07/28 22:20:53 | 000,000,950 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin-6.xml
[2010/05/13 10:01:56 | 000,000,168 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin.gif
[2010/05/13 10:01:56 | 000,000,618 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin.src
[2010/06/22 00:52:49 | 000,000,947 | ---- | M] () -- C:\Users\Erricco\AppData\Roaming\Mozilla\FireFox\Profiles\idy71rgk.default\searchplugins\icqplugin.xml
[2010/08/23 19:24:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/25 02:08:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 20:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/25 20:41:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/08/14 21:41:01 | 000,001,018 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 http://www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Pomocník pri prihlasovaní v konte Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe creative 5\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000..\Run: [Nexus-Ultimate] C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000..\Run: [Steam] d:\games\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2663594931-138598176-3779413906-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

(2/3)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/23 18:42:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2010/08/23 00:34:17 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\DNA
[2010/08/23 00:34:16 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\DNA
[2010/08/23 00:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA
[2010/08/22 19:50:14 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010/08/22 19:50:14 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010/08/22 19:48:56 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010/08/22 19:48:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010/08/22 19:48:56 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010/08/22 19:48:56 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010/08/22 19:45:46 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010/08/22 19:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010/08/22 19:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010/08/22 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/21 22:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ControlDeck
[2010/08/20 01:56:59 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Artisteer
[2010/08/20 01:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artisteer 2
[2010/08/19 23:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\western civilisation
[2010/08/19 10:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/08/19 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/08/19 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/08/18 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\PSpad
[2010/08/18 21:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPad editor
[2010/08/17 18:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/17 18:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/17 00:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serif
[2010/08/16 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/08/16 23:07:35 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\Windows\SysWow64\Ilda32.dll
[2010/08/16 23:07:35 | 000,018,944 | ---- | C] (Inprise Corporation) -- C:\Windows\SysWow64\BORLNDMM.DLL
[2010/08/16 23:04:53 | 000,393,216 | ---- | C] (DGPDev) -- C:\Windows\SysWow64\AudioCDRipEnt2.ocx
[2010/08/16 23:04:52 | 000,069,632 | ---- | C] (DGPDev) -- C:\Windows\SysWow64\DGDiscID.ocx
[2010/08/16 23:03:21 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\CoffeeCup Software
[2010/08/16 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\CoffeeCup Software
[2010/08/16 22:59:22 | 000,938,272 | ---- | C] (WeOnlyDo! Inc.) -- C:\Windows\SysWow64\wodFtpDLX.OCX
[2010/08/16 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Serif
[2010/08/16 22:36:00 | 000,831,776 | ---- | C] (WeOnlyDo! Inc.) -- C:\Windows\SysWow64\wodFtpDLX.dll
[2010/08/16 22:36:00 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcrtd.dll
[2010/08/16 22:36:00 | 000,274,976 | ---- | C] (Xceed Software Inc (450) 442-2626 begin_of_the_skype_highlighting              (450) 442-2626      end_of_the_skype_highlighting begin_of_the_skype_highlighting              (450) 442-2626      end_of_the_skype_highlighting support@xceedsoft.com http://www.xceedsoft.com) -- C:\Windows\SysWow64\XceedFtp.dll
[2010/08/16 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoffeeCup Software
[2010/08/16 19:28:17 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010/08/16 18:58:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5STKIT.DLL
[2010/08/16 18:56:55 | 000,207,872 | ---- | C] (Incomedia - http://www.websitex5.com) -- C:\Windows\SysWow64\iwpSetup.exe
[2010/08/16 18:49:26 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2010/08/16 18:49:26 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2010/08/16 18:49:26 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2010/08/16 18:49:26 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2010/08/16 18:49:26 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2010/08/15 23:32:08 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\FileZilla
[2010/08/15 23:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/08/14 23:51:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\rserver30
[2010/08/14 23:39:04 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\TeamViewer
[2010/08/14 23:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/08/14 21:27:53 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/14 21:25:03 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\Adobe Scripts
[2010/08/14 20:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/14 20:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/08/14 20:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/08/14 19:51:24 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010/08/14 19:51:24 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010/08/14 19:25:22 | 005,099,008 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumd64.dll
[2010/08/14 19:25:22 | 002,785,792 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumd6a.dll
[2010/08/14 19:25:22 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdl64.dll
[2010/08/14 19:25:22 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9p64.dll
[2010/08/14 19:25:20 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc64.dll
[2010/08/14 19:25:19 | 004,463,616 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx64.dll
[2010/08/14 19:25:19 | 000,594,432 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx64.dll
[2010/08/14 19:25:19 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt64.dll
[2010/08/14 19:25:18 | 005,378,560 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd64.dll
[2010/08/14 19:25:18 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl64.dll
[2010/08/14 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oZone3D
[2010/08/13 00:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2010/08/11 21:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/11 21:42:02 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\Apple
[2010/08/11 21:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/11 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/11 21:31:05 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/08/11 21:28:43 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/08/11 20:36:29 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 20:36:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/11 20:36:28 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/11 20:36:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 20:36:23 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 20:36:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 20:36:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 20:36:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 20:36:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 20:36:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 20:36:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 20:36:03 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 20:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/08/11 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\PACE Anti-Piracy
[2010/08/11 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\PACE Anti-Piracy
[2010/08/11 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010/08/11 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/08/11 12:53:24 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\Adobe
[2010/08/11 12:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/11 12:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/08/11 12:38:51 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Adobe Flash Builder 4
[2010/08/11 12:35:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010/08/11 12:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/08/11 12:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010/08/11 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\ADobe Creative 5
[2010/08/11 02:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/08/11 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\CrashDumps
[2010/08/10 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2010/08/10 18:24:40 | 002,228,224 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2010/08/10 18:24:40 | 002,228,224 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2010/08/10 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/08/10 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Synaptics
[2010/08/10 18:10:12 | 000,396,584 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2010/08/10 18:10:12 | 000,316,464 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2010/08/10 18:10:12 | 000,264,488 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2010/08/10 18:10:12 | 000,210,216 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2010/08/10 18:10:12 | 000,207,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2010/08/10 18:10:12 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2010/08/10 18:10:12 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2010/08/10 18:10:12 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2010/08/10 17:57:31 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/08/09 18:22:44 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/08/09 17:13:45 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\Pinnacle Studio
[2010/08/09 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2010/08/09 17:09:45 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\Downloaded Installations
[2010/08/09 17:09:31 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\Pinnacle
[2010/08/09 17:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2010/08/09 16:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010/08/09 16:12:55 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\Corel DVD MovieFactory
[2010/08/09 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Ulead Systems
[2010/08/09 16:08:02 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/08/09 16:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2010/08/09 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/08/09 16:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/08/09 12:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\KLCP64
[2010/08/09 11:39:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/09 11:39:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/09 11:39:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/08 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\My Games
[2010/08/08 13:06:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/08 00:46:45 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\MigWiz
[2010/08/06 00:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/08/06 00:02:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010/08/05 23:59:21 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\Updreg.EXE
[2010/08/05 23:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/08/05 23:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/08/05 23:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/08/05 19:17:50 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\3dsMax
[2010/08/05 19:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/05 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\Autodesk
[2010/08/05 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Erricco\Documents\Inventor
[2010/08/05 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/08/05 19:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/08/05 19:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/08/05 19:07:06 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/08/05 19:07:06 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/08/05 19:07:06 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/08/05 19:07:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/08/05 19:07:04 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/08/05 19:07:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/08/05 19:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/08/04 22:19:29 | 001,209,512 | ---- | C] (Eleco plc) -- C:\Windows\SysWow64\O2CPlayerAC.OCX
[2010/08/04 22:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\O2CBrowser
[2010/08/04 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Faktury Plus
[2010/08/04 22:02:18 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\EDrawings
[2010/08/04 22:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared
[2010/08/04 22:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eDrawings2010
[2010/08/04 12:34:35 | 000,344,064 | ---- | C] (UP-Vision Computergraphik GmbH) -- C:\Windows\SysWow64\AcShlExt.dll
[2010/08/04 12:34:29 | 000,021,888 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\SysWow64\drivers\synUSB64.sys
[2010/08/04 12:34:28 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\Synsopos.exe
[2010/08/04 12:34:27 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2010/08/04 12:34:27 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SynsoLChk.dll
[2010/08/04 12:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2010/08/04 12:34:22 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\pdfMachine
[2010/08/04 12:34:20 | 001,208,320 | ---- | C] (Eleco plc) -- C:\Windows\SysWow64\O2CPlayer.OCX
[2010/08/04 12:34:20 | 000,933,888 | ---- | C] (ELECO Software GmbH) -- C:\Windows\SysWow64\o2cAreas.ocx
[2010/08/04 12:33:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42loc.dll
[2010/08/04 12:33:28 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP50.DLL
[2010/08/04 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eleco
[2010/08/04 12:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2010/08/03 21:06:20 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Local\AskToolbar
[2010/07/30 17:04:50 | 007,195,648 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/07/30 16:55:36 | 020,118,528 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010/07/30 16:40:04 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2010/07/30 16:39:52 | 000,513,536 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/07/30 16:39:10 | 000,594,432 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2010/07/30 16:37:26 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/07/30 16:37:14 | 000,462,336 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/07/30 16:36:44 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/07/30 16:35:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/07/30 16:35:26 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/07/30 16:35:22 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/07/30 16:35:12 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/07/30 16:35:08 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/07/30 16:35:04 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/07/30 16:35:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/07/30 16:34:08 | 015,461,888 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/07/30 16:32:28 | 003,826,688 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/07/30 16:15:56 | 002,785,792 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2010/07/30 16:15:08 | 003,977,728 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/07/30 16:14:06 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010/07/30 16:14:04 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/07/30 16:13:58 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010/07/30 16:13:58 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/07/30 16:13:50 | 005,378,560 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010/07/30 16:12:42 | 004,323,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/07/30 16:11:10 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/07/30 16:10:24 | 003,058,688 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/07/30 16:09:30 | 005,102,080 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2010/07/30 16:03:18 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2010/07/30 16:03:02 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2010/07/30 16:03:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/07/30 16:03:00 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2010/07/30 16:02:56 | 000,018,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2010/07/30 16:02:54 | 000,016,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/07/30 16:02:52 | 000,265,728 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/07/30 16:02:16 | 000,039,424 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2010/07/30 16:02:12 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/07/30 16:02:06 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2010/07/30 16:02:00 | 000,022,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/07/30 16:01:26 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/07/30 15:59:38 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010/07/30 15:59:38 | 000,054,272 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010/07/30 15:59:34 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/07/30 15:59:34 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/07/28 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\HU2011
[2010/07/27 22:59:45 | 000,000,000 | ---D | C] -- C:\Users\Erricco\AppData\Roaming\Ubisoft
[2010/07/27 22:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

========== Files - Modified Within 30 Days ==========

[2010/08/23 20:44:53 | 004,194,304 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat
[2010/08/23 20:08:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 19:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/23 18:52:50 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 18:52:50 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 18:44:50 | 000,000,056 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2010/08/23 18:44:38 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 18:44:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/23 18:44:23 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 18:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/23 18:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 18:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TM.blf
[2010/08/23 18:03:20 | 001,271,453 | -H-- | M] () -- C:\Users\Erricco\AppData\Local\IconCache.db
[2010/08/23 18:00:04 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/08/23 00:33:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/08/23 00:31:57 | 000,841,695 | ---- | M] () -- C:\Users\Erricco\Documents\pinfect.zip
[2010/08/23 00:31:38 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2010/08/22 19:54:52 | 003,145,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 19:54:52 | 000,698,030 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010/08/22 19:54:52 | 000,640,758 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2010/08/22 19:54:52 | 000,631,430 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010/08/22 19:54:52 | 000,624,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 19:54:52 | 000,151,894 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2010/08/22 19:54:52 | 000,138,494 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010/08/22 19:54:52 | 000,125,500 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010/08/22 19:54:52 | 000,109,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/22 19:54:52 | 000,029,380 | ---- | M] () -- C:\Windows\SysNative\perfh01B.dat
[2010/08/22 19:54:52 | 000,010,370 | ---- | M] () -- C:\Windows\SysNative\perfc01B.dat
[2010/08/22 19:52:04 | 020,328,679 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2010/08/22 19:45:45 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010/08/22 16:17:10 | 000,002,985 | ---- | M] () -- C:\Users\Erricco\Desktop\HiJackThis.lnk
[2010/08/21 20:06:58 | 000,001,127 | ---- | M] () -- C:\Users\Erricco\Desktop\Artisteer 2.lnk
[2010/08/19 10:45:09 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/08/18 21:04:48 | 000,000,946 | ---- | M] () -- C:\Users\Erricco\Desktop\PSPad.lnk
[2010/08/17 17:55:36 | 002,602,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/17 00:33:01 | 000,219,464 | ---- | M] () -- C:\Users\Erricco\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 23:38:41 | 000,002,810 | ---- | M] () -- C:\Users\Erricco\Documents\ax_files.xml
[2010/08/16 23:00:00 | 000,000,168 | ---- | M] () -- C:\Windows\SysWow64\xpysys.dll
[2010/08/16 01:57:56 | 000,001,209 | ---- | M] () -- C:\Users\Erricco\Desktop\FileZilla.lnk
[2010/08/15 22:09:57 | 151,942,302 | ---- | M] () -- C:\Users\Erricco\Desktop\Asus G73Jh Disassembly Take Apart G73 Replace Video Card G73.mp4
[2010/08/15 20:10:14 | 000,000,536 | ---- | M] () -- C:\Windows\win.ini
[2010/08/14 23:57:51 | 000,001,008 | ---- | M] () -- C:\Users\Erricco\Documents\Winstep.lnk
[2010/08/14 21:41:01 | 000,001,018 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/12 20:00:00 | 000,136,704 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2010/08/11 21:33:37 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010/08/11 20:41:08 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/11 20:41:08 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/11 20:41:08 | 000,065,536 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TM.blf
[2010/08/10 18:28:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2010/08/10 18:24:07 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2010/08/10 17:45:06 | 000,000,583 | ---- | M] () -- C:\Users\Erricco\Documents\Obnoviť preberanie pre LAN_Atheros_Win7_64_z10029.zip.html
[2010/08/10 17:42:39 | 000,215,244 | ---- | M] () -- C:\Users\Erricco\Documents\LAN_Atheros_Win7_64_z10029.zip
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/08/09 17:17:41 | 000,005,632 | ---- | M] () -- C:\Users\Erricco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 18:46:14 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/08 18:46:08 | 002,337,865 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/08 13:01:00 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 13:01:00 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 13:01:00 | 000,065,536 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TM.blf
[2010/08/08 01:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 01:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 01:10:14 | 000,065,536 | -HS- | M] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TM.blf
[2010/08/05 23:59:20 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/08/05 23:59:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/08/05 23:59:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/08/05 23:59:17 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/08/05 23:59:17 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/08/05 19:09:03 | 000,017,588 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services
[2010/08/04 22:19:20 | 000,069,104 | ---- | M] () -- C:\Windows\unins000.dat
[2010/08/04 22:02:03 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/04 12:34:20 | 001,208,320 | ---- | M] (Eleco plc) -- C:\Windows\SysWow64\O2CPlayer.OCX
[2010/08/04 12:34:20 | 000,933,888 | ---- | M] (ELECO Software GmbH) -- C:\Windows\SysWow64\o2cAreas.ocx
[2010/08/04 12:33:31 | 000,000,571 | ---- | M] () -- C:\Windows\SysWow64\FeMakro.ini
[2010/08/04 12:33:31 | 000,000,497 | ---- | M] () -- C:\Windows\SysWow64\FeAnim.ini
[2010/08/03 23:03:49 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll
[2010/08/01 17:28:18 | 000,000,000 | -H-- | M] () -- C:\Users\Erricco\Documents\Default.rdp
[2010/08/01 00:07:32 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/08/01 00:07:31 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/08/01 00:07:31 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/08/01 00:05:54 | 000,000,000 | ---- | M] () -- C:\ProgramData\CLDShowX.ini
[2010/07/31 19:28:44 | 554,647,746 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/31 19:27:43 | 000,026,424 | --S- | M] () -- C:\Windows\SysNative\drivers\DRIVER_BIN64
[2010/07/30 17:04:50 | 007,195,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010/07/30 16:55:36 | 020,118,528 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010/07/30 16:40:14 | 000,063,416 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/07/30 16:40:04 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2010/07/30 16:39:52 | 000,513,536 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2010/07/30 16:39:10 | 000,594,432 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2010/07/30 16:37:26 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2010/07/30 16:37:14 | 000,462,336 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/07/30 16:36:44 | 000,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/07/30 16:35:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/07/30 16:35:26 | 000,421,376 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/07/30 16:35:22 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/07/30 16:35:12 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/07/30 16:35:08 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/07/30 16:35:04 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/07/30 16:35:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/07/30 16:34:08 | 015,461,888 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010/07/30 16:32:28 | 003,826,688 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010/07/30 16:24:20 | 004,463,616 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2010/07/30 16:15:56 | 002,785,792 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2010/07/30 16:15:08 | 003,977,728 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2010/07/30 16:14:06 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010/07/30 16:14:04 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010/07/30 16:13:58 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010/07/30 16:13:58 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010/07/30 16:13:50 | 005,378,560 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010/07/30 16:13:34 | 000,543,664 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/07/30 16:12:42 | 004,323,840 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010/07/30 16:11:10 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/07/30 16:10:24 | 003,058,688 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2010/07/30 16:10:00 | 000,543,664 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/07/30 16:09:30 | 005,102,080 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2010/07/30 16:03:18 | 000,335,872 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2010/07/30 16:03:12 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010/07/30 16:03:02 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2010/07/30 16:03:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2010/07/30 16:03:00 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2010/07/30 16:02:56 | 000,018,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2010/07/30 16:02:54 | 000,016,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2010/07/30 16:02:52 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2010/07/30 16:02:16 | 000,039,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2010/07/30 16:02:12 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2010/07/30 16:02:06 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2010/07/30 16:02:00 | 000,022,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2010/07/30 16:01:26 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010/07/30 15:59:38 | 000,054,272 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010/07/30 15:59:38 | 000,054,272 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010/07/30 15:59:34 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010/07/30 15:59:34 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

========== Files Created - No Company Name ==========

[2010/08/23 00:31:57 | 000,841,695 | ---- | C] () -- C:\Users\Erricco\Documents\pinfect.zip
[2010/08/22 19:50:14 | 020,328,679 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2010/08/22 19:46:12 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2010/08/22 19:45:46 | 000,000,522 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC80.CRT.manifest
[2010/08/22 16:16:59 | 000,002,985 | ---- | C] () -- C:\Users\Erricco\Desktop\HiJackThis.lnk
[2010/08/22 14:36:48 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/22 14:36:48 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/22 14:36:48 | 000,065,536 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{dd914b39-ade9-11df-b83b-1c4bd6113672}.TM.blf
[2010/08/21 20:06:58 | 000,001,127 | ---- | C] () -- C:\Users\Erricco\Desktop\Artisteer 2.lnk
[2010/08/18 21:04:48 | 000,000,946 | ---- | C] () -- C:\Users\Erricco\Desktop\PSPad.lnk
[2010/08/16 23:04:53 | 001,015,808 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2010/08/16 23:04:53 | 000,220,160 | ---- | C] () -- C:\Windows\SysWow64\WnASPI32.dll
[2010/08/16 23:04:53 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DGRip.dll
[2010/08/16 23:04:53 | 000,000,386 | ---- | C] () -- C:\Windows\SysWow64\AudioCDRipEnt2.lic
[2010/08/16 23:04:52 | 001,163,264 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2010/08/16 23:04:52 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/08/16 23:04:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll
[2010/08/16 23:04:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2010/08/16 23:04:52 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\MP2enc.dll
[2010/08/16 23:04:52 | 000,000,386 | ---- | C] () -- C:\Windows\SysWow64\DGDiscID.lic
[2010/08/16 23:00:00 | 000,000,168 | ---- | C] () -- C:\Windows\SysWow64\xpysys.dll
[2010/08/16 22:36:48 | 000,000,106 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/08/16 22:36:48 | 000,000,041 | -H-- | C] () -- C:\Windows\trfntw32.cfg
[2010/08/16 18:58:30 | 000,006,114 | ---- | C] () -- C:\Windows\SysWow64\SHELLLNK.TLB
[2010/08/16 01:57:56 | 000,001,209 | ---- | C] () -- C:\Users\Erricco\Desktop\FileZilla.lnk
[2010/08/15 22:02:03 | 151,942,302 | ---- | C] () -- C:\Users\Erricco\Desktop\Asus G73Jh Disassembly Take Apart G73 Replace Video Card G73.mp4
[2010/08/11 21:22:12 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/08/11 20:31:26 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/11 20:31:26 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/11 20:31:26 | 000,065,536 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{c704e48a-a574-11df-9992-1c4bd6113672}.TM.blf
[2010/08/10 18:28:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2010/08/10 18:27:23 | 000,000,056 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2010/08/10 18:24:40 | 000,354,530 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2010/08/10 18:24:40 | 000,055,502 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2010/08/10 18:23:39 | 000,246,804 | ---- | C] () -- C:\Windows\SysNative\AtherosBT.bin
[2010/08/10 17:42:34 | 000,215,244 | ---- | C] () -- C:\Users\Erricco\Documents\LAN_Atheros_Win7_64_z10029.zip
[2010/08/10 17:42:33 | 000,000,583 | ---- | C] () -- C:\Users\Erricco\Documents\Obnoviť preberanie pre LAN_Atheros_Win7_64_z10029.zip.html
[2010/08/09 17:17:38 | 000,005,632 | ---- | C] () -- C:\Users\Erricco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 12:57:39 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2010/08/09 12:57:38 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2010/08/08 18:46:08 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/08 12:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 12:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 12:55:45 | 000,065,536 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{47a3f0f5-a2db-11df-8db6-1c4bd6113672}.TM.blf
[2010/08/08 00:58:01 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 00:58:01 | 000,524,288 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 00:58:01 | 000,065,536 | -HS- | C] () -- C:\Users\Erricco\ntuser.dat{2c06fef4-a277-11df-8be6-1c4bd6113672}.TM.blf
[2010/08/04 22:18:43 | 000,069,104 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/04 22:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/04 12:34:33 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2010/08/04 12:34:33 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2010/08/04 12:34:33 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2010/08/04 12:34:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\bgspmnt.dll
[2010/08/04 12:33:31 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2010/08/04 12:33:31 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2010/08/01 17:28:18 | 000,000,000 | -H-- | C] () -- C:\Users\Erricco\Documents\Default.rdp
[2010/08/01 00:05:54 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2010/07/31 19:25:52 | 000,026,424 | --S- | C] () -- C:\Windows\SysNative\drivers\DRIVER_BIN64
[2010/07/30 16:40:14 | 000,063,416 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/07/30 16:13:34 | 000,543,664 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/07/30 16:10:00 | 000,543,664 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/07/19 22:13:39 | 003,177,908 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/19 21:08:32 | 000,000,030 | ---- | C] () -- C:\Windows\USDL GrandPrix v1.6.4 VISTA.INI
[2010/07/04 19:08:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010/07/04 10:50:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/06/15 18:06:38 | 000,153,502 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/06/15 18:05:02 | 005,002,416 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/06/15 17:43:58 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010/05/27 13:53:13 | 000,021,048 | ---- | C] () -- C:\Windows\BS_DEF.sys
[2010/05/27 13:50:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/25 00:39:47 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/05/24 21:39:50 | 000,289,065 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010/05/24 21:38:34 | 000,962,008 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010/05/19 22:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2010/05/19 22:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2010/05/19 22:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2010/05/19 22:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2010/05/19 22:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2010/05/19 22:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2010/05/19 22:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2010/05/19 22:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2010/05/19 22:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2010/05/19 22:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/05/12 17:09:06 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/12 03:56:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/05/12 03:54:09 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/05/12 03:54:09 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/05/12 03:51:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/05/12 03:51:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/05/12 03:36:23 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/05/12 03:12:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/05/12 03:12:04 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/05/11 23:26:52 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/05/11 23:22:22 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010/05/11 00:10:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010/05/11 00:09:50 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010/05/11 00:09:42 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010/05/11 00:09:30 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010/05/11 00:07:24 | 001,556,992 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010/05/11 00:05:28 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010/05/11 00:05:06 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010/05/11 00:03:56 | 000,163,328 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/08/19 10:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 08:40:51 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/01/11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2004/10/20 20:21:24 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC.dll
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "d:\games\steam\steam.exe" -silent -- [2010/07/12 23:05:16 | 001,238,352 | ---- | M] (Valve Corporation)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/07/14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"Nexus-Ultimate" = C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe autostart -- [2010/08/02 11:40:34 | 010,065,461 | ---- | M] (Winstep Software Technologies)
"BitTorrent DNA" = "C:\Program Files (x86)\DNA\btdna.exe" -- [2010/08/23 00:34:16 | 000,323,392 | ---- | M] (BitTorrent, Inc.)

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/05/12 03:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/05/12 03:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/05/12 03:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/05/12 03:21:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/05/12 03:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/05/12 03:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/05/12 03:21:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/05/12 03:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/05/12 03:21:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/05/12 03:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/05/12 03:21:31 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
[2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_9071cf01e963be0e\iaStor.sys

(3/3)

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/05/12 03:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/05/12 03:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1997/07/19 16:55:40 | 001,347,344 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm50.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 1261 bytes -> C:\ProgramData\Microsoft:MkjAlDIiz3TSCAp3SP1oxJnvtNp
@Alternate Data Stream - 1241 bytes -> C:\ProgramData\Microsoft:AZxY7bQaGwctcyPwZ8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 1182 bytes -> C:\ProgramData\Microsoft:R4vIbu93odwWBhrfFkXPEuluet
@Alternate Data Stream - 1086 bytes -> C:\Program Files\Common Files\System:NrTecOhjpnPeV4D4Xv3qv
< End of report >

Spusť OTL
-do bílého okna dole zkopíruj:

-klikni na tlačítko opravit.
-log vlož zde



********************
Tohle bych Ti doporučila odinstalovat
C:\Program Files (x86)\DNA\btdna.exe

**********************

Otestuj na http://www.virustotal.com


C:\Windows\SysWow64\iwpSetup.exe
C:\Windows\SysWow64\xpysys.dll
C:\ProgramData\FullRemove.exe

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

Tu je log, ostatne veci idem zatial urobit :)


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKU\S-1-5-21-2663594931-138598176-3779413906-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2663594931-138598176-3779413906-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: toolbar@ask.com:3.6.7.107 removed from extensions.enabledItems
Prefs.js: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" removed from keyword.URL
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RunDLLEntry deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
ADS C:\ProgramData\CLDShowX.ini:Update.CL deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Microsoft:MkjAlDIiz3TSCAp3SP1oxJnvtNp deleted successfully.
ADS C:\ProgramData\Microsoft:AZxY7bQaGwctcyPwZ8 deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Microsoft:R4vIbu93odwWBhrfFkXPEuluet deleted successfully.
ADS C:\Program Files\Common Files\System:NrTecOhjpnPeV4D4Xv3qv deleted successfully.
========== FILES ==========
C:\Windows\SysWow64\temp.005 moved successfully.
C:\Windows\SysWow64\temp.004 moved successfully.
C:\Windows\SysWow64\temp.003 moved successfully.
C:\Windows\SysWow64\temp.002 moved successfully.
C:\Windows\SysWow64\temp.001 moved successfully.
C:\Windows\unvise32.exe moved successfully.
C:\Users\Erricco\AppData\Local\AskToolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Erricco
->Temp folder emptied: 383127 bytes
->Temporary Internet Files folder emptied: 2364239 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86904884 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 964 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14830 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Erricco
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08232010_221059

Files\Folders moved on Reboot...
C:\Users\Erricco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Erricco\AppData\Local\Temp\nsd1864.tmp not found!
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2688.log moved successfully.

Registry entries deleted on Reboot...