Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My google searches in Firefox are being redirected


  • This topic is locked This topic is locked
18 replies to this topic

#1 JTLaDue

JTLaDue

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 23 October 2009 - 06:07 PM

For the last few days, my searched in google while using Firefox are being redirected. The search results appear as normal, and mouse over the links show them normal, but when I follow the link, it redirects most of the time to other pages. I can right click and copy the link, then paste in a new tab and it works fine.

I have run Windows Defender, AVG Antivirus scans, and Ad-Aware from Lavasoft with no luck.

Here is my Hijack log. Thanks in advance for your help!!

JT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:36, on 10/23/09
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.webkinz.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: AVISplitter - {5bea0388-b2b8-4d19-903a-4bef8106d88e} - C:\Program Files\Common Files\AVI\AVISplitter.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8585 bytes

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:31 PM

Posted 31 October 2009 - 10:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 31 October 2009 - 11:08 PM

Thank you for getting back to me. I am still having the same problem. Anytime I search with Google, using either IE or Firefox, my search results appear normal, even when mousing over the links, but when I click them, I am usually redirected to a site that quickly redirects me again, to a site that begins with "http://z43523673.cn/" followed by a bunch of random letters and numbers. This occurs about 80% of the time. If I right click from the google results page and select copy link, then paste it in the address bar, it will always go fine. I am looking forward to any help you can offer. I run AVG Internet Security, Ad-Aware from Lavasoft, and MalwayreBytes Anti-Malware. I have run each a few times with no luck. They all find tracking cookies and occasionally a Trojan Downloader, and always seem to remove the threat, but it never helps my search problems.

Thanks in advance,
Jason

Here is my log as requested from DDS




DDS (Ver_09-10-26.01) - NTFSx86
Run by jt at 22:52:01.60 on 10/31/09
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2942.1226 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\AVG\AVG8\avgui.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\jt\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\System32\mobsync.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uSearch Page =
uStart Page = hxxp://search.bearshare.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jt\appdata\roaming\mozilla\firefox\profiles\7wgrg9wt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jt\appdata\roaming\mozilla\firefox\profiles\7wgrg9wt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\jt\appdata\roaming\mozilla\firefox\profiles\7wgrg9wt.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-10-25 23832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-25 108552]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\system32\drivers\vpcnfltr.sys [2009-10-9 55040]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\system32\drivers\vpcvmm.sys [2009-10-9 293904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-25 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-10-25 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-2-17 3032360]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-5-22 167936]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\system32\drivers\vpchbus.sys [2009-10-9 165376]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\system32\drivers\vpcusb.sys [2009-10-9 78336]
S1 pruukaju;pruukaju;c:\windows\system32\drivers\pruukaju.sys [2009-10-31 30784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-7-7 124184]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2009-7-13 20992]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-4 28672]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\drivers\ser2at.sys [2009-3-4 76288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-2-17 15144]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-2-21 151552]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2009-2-8 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "coldfusion 8 odbc agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "coldfusion 8 odbc server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2009-2-8 2743056]

=============== Created Last 30 ================

2009-10-31 14:33:33 30784 ----a-w- c:\windows\system32\drivers\pruukaju.sys
2009-10-29 11:29:49 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-29 03:44:31 89600 ----a-w- c:\windows\system32\MSCAL.OCX
2009-10-29 03:44:29 0 d-----w- c:\program files\CitruswareDemo
2009-10-29 03:42:09 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-29 03:42:05 0 d-----w- c:\program files\McAfee Security Scan
2009-10-29 03:41:07 0 d-----w- c:\programdata\NOS
2009-10-27 22:35:48 0 d-----w- C:\VundoFix Backups
2009-10-27 04:08:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-26 22:46:37 793 ----a-w- c:\windows\ST5UNST.000
2009-10-26 22:46:37 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-10-26 22:46:37 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2009-10-25 13:02:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 10:55:56 0 d-----w- c:\programdata\SecTaskMan
2009-10-25 10:55:47 0 d-----w- c:\program files\Security Task Manager
2009-10-25 10:17:11 16 ----a-w- c:\users\jt\.javafx_ping_sent
2009-10-25 10:17:01 0 ----a-w- c:\users\jt\.javafx_eula_accepted
2009-10-25 10:12:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 08:03:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 08:02:36 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-25 05:33:46 0 d-s---w- C:\ComboFix
2009-10-25 04:34:52 0 d-----w- c:\users\jt\appdata\roaming\Malwarebytes
2009-10-25 04:34:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 04:34:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 04:34:45 0 d-----w- c:\programdata\Malwarebytes
2009-10-25 04:34:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 05:52:14 98816 ----a-w- c:\windows\sed.exe
2009-10-24 05:52:14 236544 ----a-w- c:\windows\PEV.exe
2009-10-24 05:52:14 161792 ----a-w- c:\windows\SWREG.exe
2009-10-23 22:49:53 0 d-----w- c:\program files\Trend Micro
2009-10-23 22:30:12 0 d-----w- c:\program files\ESET
2009-10-23 04:26:31 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-23 01:45:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-23 01:38:21 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 01:37:54 0 d-----w- c:\programdata\Lavasoft
2009-10-23 01:37:54 0 d-----w- c:\program files\Lavasoft
2009-10-23 01:04:56 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-23 01:03:40 0 d-----w- c:\programdata\XoftSpySE
2009-10-23 01:02:32 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-22 11:23:21 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-10-22 11:23:21 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-22 11:22:59 13160 ----a-w- c:\windows\system32\Upgrd.exe
2009-10-22 11:20:39 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-22 11:19:38 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-21 17:26:26 0 d-----w- c:\windows\system32\js
2009-10-21 17:26:26 0 d-----w- c:\windows\system32\images
2009-10-21 17:26:26 0 d-----w- c:\windows\system32\html
2009-10-21 17:26:26 0 d-----w- c:\windows\system32\css
2009-10-21 17:26:26 0 d-----w- c:\program files\Business Objects
2009-10-21 17:21:33 0 d-----w- c:\program files\Microsoft SQL Server
2009-10-21 17:20:29 0 d-----w- c:\program files\Microsoft Device Emulator
2009-10-21 17:19:16 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-10-21 17:18:39 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-10-21 17:06:11 0 d-----w- c:\programdata\PreEmptive Solutions
2009-10-21 16:58:09 0 d-----w- c:\windows\system32\1033
2009-10-21 16:56:13 0 d-----w- c:\program files\HTML Help Workshop
2009-10-21 16:56:13 0 d-----w- c:\program files\common files\Merge Modules
2009-10-21 16:56:13 0 d-----w- c:\program files\CE Remote Tools
2009-10-21 16:54:27 0 d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-20 22:46:41 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-20 22:46:41 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-20 22:46:41 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-20 22:46:41 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-20 22:46:41 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-20 22:46:41 2613248 ----a-w- c:\windows\explorer.exe
2009-10-20 22:46:41 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-20 22:46:41 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-20 22:46:40 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 15:43:19 0 d-----w- c:\program files\Sierra Wireless
2009-10-20 15:43:13 0 d-----w- c:\program files\common files\PctelEapPeer Authentication
2009-10-20 15:43:11 0 d-----w- c:\program files\Sprint
2009-10-20 15:43:11 0 d-----w- c:\program files\Novatel Wireless
2009-10-20 15:32:29 0 d-----w- c:\programdata\Sprint
2009-10-19 06:57:39 0 d-----w- c:\windows\MSSecurityNS
2009-10-19 06:57:38 0 d-----w- c:\windows\MSSecurityNi
2009-10-19 03:30:58 0 d-----w- c:\users\jt\appdata\roaming\Win7codecs
2009-10-19 03:30:54 0 d-----w- c:\program files\Win7codecs
2009-10-19 03:29:45 0 d-----w- c:\programdata\Win7codecs
2009-10-18 15:55:05 0 d-----w- c:\users\jt\appdata\roaming\Usingit
2009-10-18 15:49:16 0 d-----w- c:\program files\Selteco
2009-10-16 15:26:05 0 d-----w- C:\FTP_Files
2009-10-16 15:24:58 0 d-----w- c:\program files\SRSFTP2
2009-10-16 15:24:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-16 15:24:21 0 d-----w- C:\InstallFTP
2009-10-15 03:32:48 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2009-10-15 03:32:48 28672 ----a-w- c:\windows\system32\nnr.dll
2009-10-15 03:32:48 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-10-15 03:30:55 0 d-----w- c:\program files\NetObjects
2009-10-15 03:12:49 0 d-----w- C:\Garmin
2009-10-14 23:35:37 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:47:43 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:48:54 0 d-----w- c:\program files\BearShare Test
2009-10-13 15:36:04 1036288 ----a-w- c:\windows\system32\VSFilter.dll
2009-10-12 23:13:06 0 d-----w- c:\users\jt\appdata\roaming\WildTangent
2009-10-12 22:18:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-09 12:55:24 0 d-----w- c:\program files\Windows XP Mode
2009-10-09 12:46:38 0 d-----r- c:\users\jt\Virtual Machines
2009-10-09 12:39:45 0 d-----w- c:\program files\Windows Virtual PC
2009-10-09 12:13:05 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-09 12:12:57 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-09 12:12:57 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-09 12:12:56 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-09 12:12:56 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-09 12:12:56 293904 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-09 12:12:56 2168320 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-09 12:12:56 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-09 12:12:56 1001984 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-09 12:12:55 792064 ----a-w- c:\windows\system32\vmsal.exe
2009-10-09 12:12:53 3329024 ----a-w- c:\windows\system32\vpc.exe
2009-10-09 03:51:25 0 d-----w- c:\windows\Panther
2009-10-09 03:39:16 0 d--h--w- C:\$WINDOWS.~Q
2009-10-09 03:21:20 0 d--h--w- C:\$INPLACE.~TR
2009-10-09 03:03:52 0 d-----w- c:\windows\PCHEALTH
2009-10-09 02:41:09 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 02:38:35 787042 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-10-09 02:31:37 20 --sh--w- c:\users\jt\ntuser.ini
2009-10-09 02:29:52 0 d-----w- c:\windows\system32\wbem\Performance
2009-10-09 02:29:45 171136 --sha-r- C:\grldr
2009-10-09 02:28:15 0 d-sh--w- C:\Recovery
2009-10-09 02:09:57 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-09 00:56:00 0 d-----w- c:\windows\system32\RTCOM
2009-10-09 00:55:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-10-09 00:55:47 6304 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-10-09 00:55:47 6304 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-10-09 00:55:44 0 d-----w- c:\program files\Synaptics
2009-10-06 05:13:56 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-03 13:46:38 0 d-----w- C:\dell

==================== Find3M ====================

2009-10-25 13:02:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-17 04:59:31 38492 ----a-w- c:\windows\fonts\lcars.ttf
2009-09-30 04:42:19 200428 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:58:28 1218048 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-15 02:10:34 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-09-07 08:13:04 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 12:17:01 1421080 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 14:10:19 121343 ----a-w- c:\windows\HPHins15.dat
2009-08-14 02:38:07 2805203 ----a-w- C:\sprint32.zip
2009-08-11 10:55:44 130542 ----a-w- c:\windows\HPHins13.dat
2009-08-05 12:34:44 87608 ----a-w- c:\users\jt\appdata\roaming\inst.exe
2009-08-05 12:34:44 47360 ----a-w- c:\users\jt\appdata\roaming\pcouffin.sys
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-21 00:48:38 2826240 ----a-w- c:\program files\amtlib.dll
2009-01-21 00:48:04 825 ----a-w- c:\program files\crack.bat
2002-08-01 01:55:12 108 --sha-w- c:\windows\WSYS049.SYS
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:53:38.36 ===============

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 01 November 2009 - 03:14 AM

Hello, JTLaDue
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 November 2009 - 08:39 AM

Tom,

Thanks for responding. I am looking forward to your helping me with this as it has been driving me crazy.

Here is the log from GMER

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-01 07:36:53
Windows 6.1.7600
Running: 5mwtr21t.exe; Driver: C:\Users\jt\AppData\Local\Temp\pgrdypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83215634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83215898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E46579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E6AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9A16CC9D 28 Bytes [4F, DC, 95, 23, 4D, 98, 95, ...]
.text peauth.sys 9A16CCC1 28 Bytes [4F, DC, 95, 23, 4D, 98, 95, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2732] ntdll.dll!DbgBreakPoint 770C3540 1 Byte [90]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2620] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rpcnet.exe[2808] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[6844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75105D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [83B16472] \SystemRoot\system32\DRIVERS\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 01 November 2009 - 11:48 AM

Hi,



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 01 November 2009 - 02:19 PM

Hello again,

When ComboFix started, it gave me an error that mcafee was still running, but I couldn't find it to stop it. The program appears to have run properly though I think.

Here is the log you requested,

ComboFix 09-10-30.01 - jt 11/01/09 12:47.1.2 - NTFSx86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2942.1328 [GMT -6:00]
Running from: c:\users\jt\Desktop\schrauber.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1620325317-2913189182-4131943758-1002
c:\$recycle.bin\S-1-5-21-1620325317-2913189182-4131943758-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2292015724-3331738443-3994598558-1001
c:\$recycle.bin\S-1-5-21-2829468077-1908425187-2945420051-500
c:\recycler\S-1-5-21-2633033606-2137526086-3631446231-1015
c:\users\jt\AppData\Roaming\.#
c:\users\jt\AppData\Roaming\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\xpysys.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 19:08 . 2009-11-01 19:08 -------- d-----w- c:\users\jt\AppData\Local\temp
2009-11-01 19:08 . 2009-11-01 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 14:42 . 2009-11-01 14:42 30784 ----a-w- c:\windows\system32\drivers\rolcinnd.sys
2009-10-31 14:33 . 2009-10-31 14:33 30784 ----a-w- c:\windows\system32\drivers\pruukaju.sys
2009-10-29 11:29 . 2009-10-29 11:29 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-29 03:44 . 2009-10-29 03:47 -------- d-----w- c:\program files\CitruswareDemo
2009-10-29 03:42 . 2009-10-29 03:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-27 22:35 . 2009-10-27 22:35 -------- d-----w- C:\VundoFix Backups
2009-10-26 22:46 . 1997-01-16 05:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-10-26 22:46 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2009-10-25 13:02 . 2009-10-25 13:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 10:55 . 2009-10-25 11:20 -------- d-----w- c:\programdata\SecTaskMan
2009-10-25 10:55 . 2009-10-25 10:55 -------- d-----w- c:\program files\Security Task Manager
2009-10-25 10:12 . 2009-10-25 10:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 08:03 . 2009-10-25 13:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 08:02 . 2009-10-25 13:02 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\users\jt\AppData\Roaming\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\programdata\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 22:49 . 2009-10-23 22:49 -------- d-----w- c:\program files\Trend Micro
2009-10-23 22:30 . 2009-10-23 22:30 -------- d-----w- c:\program files\ESET
2009-10-23 04:26 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-23 01:45 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-23 01:38 . 2009-10-23 01:38 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 01:37 . 2009-10-23 01:45 -------- d-----w- c:\programdata\Lavasoft
2009-10-23 01:37 . 2009-10-23 01:37 -------- d-----w- c:\program files\Lavasoft
2009-10-23 01:04 . 2009-10-23 01:04 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-23 01:03 . 2009-10-23 01:03 -------- d-----w- c:\programdata\XoftSpySE
2009-10-23 01:02 . 2009-10-23 01:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-22 11:23 . 2009-10-25 15:27 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-22 11:23 . 2009-10-22 11:22 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-10-22 11:22 . 2009-10-22 11:23 13160 ----a-w- c:\windows\system32\Upgrd.exe
2009-10-22 11:20 . 2009-10-25 15:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-22 11:19 . 2009-11-01 12:32 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\js
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\html
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\css
2009-10-21 16:54 . 2009-10-21 16:54 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-20 22:46 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-20 22:46 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-20 22:46 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-20 22:46 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-20 22:46 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-10-20 22:46 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-20 22:46 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-20 22:46 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-20 22:46 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sierra Wireless
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sprint
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Novatel Wireless
2009-10-20 15:32 . 2009-10-20 15:32 -------- d-----w- c:\programdata\Sprint
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNS
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNi
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\users\jt\AppData\Roaming\Win7codecs
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\program files\Win7codecs
2009-10-19 03:29 . 2009-10-19 03:30 -------- d-----w- c:\programdata\Win7codecs
2009-10-18 15:55 . 2009-10-18 15:56 -------- d-----w- c:\users\jt\AppData\Roaming\Usingit
2009-10-18 15:49 . 2009-10-18 15:49 -------- d-----w- c:\program files\Selteco
2009-10-17 04:43 . 2009-10-17 04:43 -------- d-----w- c:\program files\Winamp
2009-10-17 04:27 . 2009-10-17 04:48 -------- d-----w- c:\users\jt\AppData\Local\GPUMonitor
2009-10-17 02:14 . 2009-10-17 02:14 -------- d-----w- c:\users\jt\AppData\Local\BuildAGadget Content
2009-10-16 15:26 . 2009-10-22 18:24 -------- d-----w- C:\FTP_Files
2009-10-16 15:24 . 2009-10-22 18:22 -------- d-----w- c:\program files\SRSFTP2
2009-10-16 15:24 . 2009-10-22 18:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- C:\InstallFTP
2009-10-15 03:32 . 2008-05-27 21:55 28672 ----a-w- c:\windows\system32\nnr.dll
2009-10-15 03:32 . 2008-05-27 21:55 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2009-10-15 03:32 . 2008-05-27 21:55 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-10-15 03:30 . 2009-10-15 03:30 -------- d-----w- c:\program files\NetObjects
2009-10-15 03:12 . 2009-10-15 03:12 -------- d-----w- C:\Garmin
2009-10-14 23:35 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:47 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:48 . 2005-07-01 20:52 -------- d-----w- c:\program files\BearShare Test
2009-10-13 15:36 . 2009-10-13 15:36 1036288 ----a-w- c:\windows\system32\VSFilter.dll
2009-10-12 23:13 . 2009-10-12 23:13 -------- d-----w- c:\users\jt\AppData\Roaming\WildTangent
2009-10-12 22:10 . 2009-10-14 17:25 -------- d-----w- c:\users\jt\AppData\Local\ElevatedDiagnostics
2009-10-09 12:55 . 2009-10-09 12:55 -------- d-----w- c:\program files\Windows XP Mode
2009-10-09 12:46 . 2009-10-09 22:05 -------- d-----r- c:\users\jt\Virtual Machines
2009-10-09 12:13 . 2009-07-22 21:53 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-09 12:12 . 2009-07-22 21:53 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-09 12:12 . 2009-07-22 21:53 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-09 12:12 . 2009-07-22 21:54 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-09 12:12 . 2009-07-22 21:54 293904 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-09 12:12 . 2009-07-22 21:53 2168320 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-09 12:12 . 2009-07-22 21:53 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-09 12:12 . 2009-07-22 21:53 1001984 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-09 12:12 . 2009-07-22 21:53 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-09 12:12 . 2009-07-22 21:53 792064 ----a-w- c:\windows\system32\vmsal.exe
2009-10-09 12:12 . 2009-07-22 21:53 3329024 ----a-w- c:\windows\system32\vpc.exe
2009-10-09 03:51 . 2009-10-09 02:29 -------- d-----w- c:\windows\Panther
2009-10-09 03:39 . 2009-10-09 02:11 -------- d-----w- C:\$WINDOWS.~Q
2009-10-09 03:21 . 2009-10-09 03:32 -------- d-----w- C:\$INPLACE.~TR
2009-10-09 03:04 . 2009-10-09 03:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-09 03:03 . 2009-10-09 03:03 -------- d-----w- c:\windows\PCHEALTH
2009-10-09 03:02 . 2009-10-21 22:52 128760 ----a-w- c:\users\jt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 02:41 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 02:29 . 2009-10-29 11:34 -------- d-----w- c:\windows\system32\wbem\Performance
2009-10-09 02:28 . 2009-10-09 02:28 -------- d-----w- C:\Recovery
2009-10-09 02:09 . 2009-10-09 02:09 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-09 00:56 . 2009-10-09 00:56 -------- d-----w- c:\windows\system32\RTCOM
2009-10-09 00:55 . 2009-10-09 00:55 -------- d-----w- c:\program files\Synaptics
2009-10-06 05:13 . 2009-10-06 05:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-03 13:46 . 2009-10-03 13:46 -------- d-----w- C:\dell
2009-10-03 13:05 . 2009-10-09 01:48 -------- d-----w- c:\users\jt\AppData\Local\Apps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 16:07 . 2008-12-20 02:01 -------- d-----w- c:\program files\Starcraft
2009-11-01 16:02 . 2009-08-26 16:23 -------- d-----w- c:\users\jt\AppData\Roaming\uTorrent
2009-10-31 23:40 . 2008-12-19 02:06 -------- d-----w- c:\users\jt\AppData\Roaming\FileZilla
2009-10-29 03:42 . 2007-08-16 19:55 -------- d-----w- c:\programdata\McAfee
2009-10-27 04:08 . 2009-10-27 04:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-25 15:27 . 2009-02-17 05:23 -------- d-----w- c:\users\jt\AppData\Roaming\WTablet
2009-10-25 15:25 . 2009-01-16 20:58 -------- d-----w- c:\program files\f3setupinstall
2009-10-25 13:02 . 2008-12-15 04:28 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 13:02 . 2008-12-15 04:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-25 10:10 . 2007-08-16 19:58 -------- d-----w- c:\program files\Java
2009-10-25 08:02 . 2008-12-15 04:28 -------- d-----w- c:\programdata\avg8
2009-10-25 04:43 . 2009-09-30 19:51 -------- d-----w- c:\program files\Common Files\AVI
2009-10-23 01:05 . 2009-10-21 17:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-22 08:17 . 2008-12-14 22:36 -------- d-----w- c:\programdata\Microsoft Help
2009-10-22 08:09 . 2009-10-21 16:56 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-21 17:26 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-21 17:26 . 2009-10-21 17:26 -------- d-----w- c:\program files\Business Objects
2009-10-21 17:23 . 2008-12-15 06:03 -------- d-----w- c:\program files\Microsoft.NET
2009-10-21 17:20 . 2009-10-21 17:20 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-10-21 17:20 . 2009-10-21 17:19 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-10-21 17:18 . 2009-10-21 17:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-21 17:18 . 2009-04-15 21:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-21 17:06 . 2009-10-21 17:06 -------- d-----w- c:\programdata\PreEmptive Solutions
2009-10-21 16:59 . 2009-10-21 16:56 -------- d-----w- c:\program files\HTML Help Workshop
2009-10-21 16:59 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\CE Remote Tools
2009-10-21 15:47 . 2009-02-15 03:53 -------- d-----w- c:\users\jt\AppData\Roaming\Vso
2009-10-20 15:43 . 2009-01-06 04:03 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-18 16:00 . 2008-12-19 18:01 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 04:00 . 2008-12-14 22:29 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-15 03:42 . 2007-08-16 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 20:51 . 2009-01-21 02:51 -------- d-----w- c:\program files\bearshare
2009-10-12 23:22 . 2007-08-16 20:15 -------- d-----w- c:\programdata\WildTangent
2009-10-12 22:18 . 2009-10-12 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-11 14:48 . 2009-06-06 13:51 -------- d-----w- c:\program files\ooVoo
2009-10-09 12:39 . 2009-10-09 12:39 -------- d-----w- c:\program files\Windows Virtual PC
2009-10-09 01:51 . 2009-08-06 03:26 -------- d-----w- c:\users\jt\AppData\Roaming\mojosoft
2009-10-09 01:21 . 2009-09-30 00:50 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 01:20 . 2009-01-24 17:19 -------- d-----w- c:\programdata\Intuit
2009-10-09 01:19 . 2007-08-16 20:01 -------- d-----w- c:\program files\Ulead Systems
2009-10-09 01:19 . 2009-01-24 17:18 -------- d-----w- c:\program files\TurboTax
2009-10-09 01:19 . 2007-08-16 19:43 -------- d-----w- c:\program files\Toshiba Registration
2009-10-09 01:19 . 2007-08-16 20:15 -------- d-----w- c:\program files\TOSHIBA Games
2009-10-09 01:17 . 2007-08-16 19:04 -------- d-----w- c:\program files\Toshiba
2009-10-09 01:16 . 2009-06-29 02:38 -------- d-----w- c:\program files\TeamViewer
2009-10-09 01:16 . 2009-02-17 05:19 -------- d-----w- c:\program files\Tablet
2009-10-09 01:16 . 2009-09-15 03:57 -------- d-----w- c:\program files\Symantec
2009-10-09 01:16 . 2008-12-14 22:30 -------- d-----w- c:\program files\SourceTec
2009-10-09 01:16 . 2009-05-29 15:14 -------- d-----r- c:\program files\Skype
2009-10-09 01:14 . 2009-01-28 17:20 -------- d-----w- c:\program files\MIKSOFT
2009-10-09 01:14 . 2009-02-08 14:50 -------- d-----w- c:\program files\Microsoft WSE
2009-10-09 01:14 . 2008-12-14 22:34 -------- d-----w- c:\program files\Microsoft Works
2009-10-09 01:14 . 2008-12-15 06:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-09 01:14 . 2008-12-16 02:12 -------- d-----w- c:\program files\Microsoft Streets & Trips
2009-10-09 01:14 . 2009-04-15 21:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-09 01:14 . 2008-12-19 01:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 01:12 . 2008-12-17 00:41 -------- d-----w- c:\program files\GPLGS
2009-10-09 01:11 . 2009-06-17 12:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-09 01:11 . 2008-12-15 14:19 -------- d-----w- c:\program files\Common Files\BCL Technologies
2009-10-09 01:11 . 2008-12-21 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-10-09 01:11 . 2009-01-24 17:25 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-10-09 01:11 . 2008-12-17 17:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:11 . 2007-08-16 19:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 01:07 . 2008-12-18 18:34 -------- d-----w- c:\program files\CoffeeCup Software
2009-10-09 00:59 . 2008-12-17 00:41 -------- d-----w- c:\program files\Acro Software
2009-10-09 00:55 . 2009-10-09 00:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-30 04:42 . 2009-09-30 04:42 200428 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:58 . 2009-09-21 22:58 1218048 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-15 02:10 . 2009-09-03 07:16 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-09-07 08:13 . 2009-09-07 08:13 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 12:17 . 2009-09-03 12:17 1421080 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 14:10 . 2009-08-17 14:07 121343 ----a-w- c:\windows\HPHins15.dat
2009-08-14 02:38 . 2009-08-14 02:36 2805203 ----a-w- C:\sprint32.zip
2009-08-11 10:55 . 2009-08-11 10:48 130542 ----a-w- c:\windows\HPHins13.dat
2009-08-05 12:34 . 2009-02-15 03:53 47360 ----a-w- c:\users\jt\AppData\Roaming\pcouffin.sys
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-01-21 00:48 . 2009-02-03 13:26 2826240 ----a-w- c:\program files\amtlib.dll
2009-01-21 00:48 . 2009-02-03 13:26 825 ----a-w- c:\program files\crack.bat
2002-08-01 01:55 . 2009-01-06 00:54 108 --sha-w- c:\windows\WSYS049.SYS
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-14 289072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-25 2025752]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-07 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/22/09 19:45 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/25/09 02:02 23832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/14/08 22:28 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/25/09 02:03 108552]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\System32\drivers\vpcnfltr.sys [10/09/09 06:12 55040]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\System32\drivers\vpcvmm.sys [10/09/09 06:12 293904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [07/13/09 17:52 48128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/25/09 07:02 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/25/09 07:02 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/08 05:45 13088]
R2 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/01/08 01:13 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [02/16/09 23:19 3032360]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/07/09 06:50 185640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [05/22/09 13:52 167936]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\System32\drivers\vpchbus.sys [10/09/09 06:12 165376]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\System32\drivers\vpcusb.sys [10/09/09 06:12 78336]
S1 pruukaju;pruukaju;c:\windows\System32\drivers\pruukaju.sys [10/31/09 08:33 30784]
S1 rolcinnd;rolcinnd;c:\windows\System32\drivers\rolcinnd.sys [11/01/09 08:42 30784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/24/09 05:17 1170768]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [03/30/09 15:28 1533808]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [07/07/08 13:45 124184]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [06/04/09 08:26 28672]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\System32\drivers\ser2at.sys [03/04/09 07:04 76288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [02/16/09 23:19 15144]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [02/21/07 17:26 151552]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [02/08/09 12:41 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [02/08/09 12:40 2743056]

--- Other Services/Drivers In Memory ---

*Deregistered* - pgrdypow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-11-01 13:14
ComboFix-quarantined-files.txt 2009-11-01 19:14

Pre-Run: 261,161,660,416 bytes free
Post-Run: 260,589,469,696 bytes free

- - End Of File - - 4BAABC73CCF21A9F6A2815EE75FDDC02


Jason

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 01 November 2009 - 03:10 PM

Hi,


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."






Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\rolcinnd.sys
c:\windows\system32\drivers\pruukaju.sys

Driver::
pruukaju
rolcinnd

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.






Step 2

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.




Step 3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)






Please post back with:
  • Combofix-Logfile
  • Malwarebytes-Logfile
  • Both RSIT-Logfiles

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 02 November 2009 - 02:13 AM

I was unable to get the RSIT to run, it would get a little over halfway on it's progrress bar, and then give me a message that said, "Line-1: Error: Variable used without being declared" I was however able to get both CF and MB to run. Here are their logs.

I did check and the problem with the browser being redirected is still there unfortunately.



ComboFix 09-10-30.01 - jt 11/01/09 14:59.2.2 - NTFSx86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2942.1355 [GMT -6:00]
Running from: c:\users\jt\Desktop\schrauber.exe
Command switches used :: c:\users\jt\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}

FILE ::
"c:\windows\system32\drivers\pruukaju.sys"
"c:\windows\system32\drivers\rolcinnd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\pruukaju.sys
c:\windows\system32\drivers\rolcinnd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_pruukaju
-------\Service_rolcinnd


((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 21:18 . 2009-11-01 21:22 -------- d-----w- c:\users\jt\AppData\Local\temp
2009-11-01 21:18 . 2009-11-01 21:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-01 21:18 . 2009-11-01 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-29 11:29 . 2009-10-29 11:29 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-29 03:44 . 2009-10-29 03:47 -------- d-----w- c:\program files\CitruswareDemo
2009-10-29 03:42 . 2009-10-29 03:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-27 22:35 . 2009-10-27 22:35 -------- d-----w- C:\VundoFix Backups
2009-10-26 22:46 . 1997-01-16 05:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-10-26 22:46 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2009-10-25 13:02 . 2009-10-25 13:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 10:55 . 2009-10-25 11:20 -------- d-----w- c:\programdata\SecTaskMan
2009-10-25 10:55 . 2009-10-25 10:55 -------- d-----w- c:\program files\Security Task Manager
2009-10-25 10:12 . 2009-10-25 10:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 08:03 . 2009-10-25 13:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 08:02 . 2009-10-25 13:02 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\users\jt\AppData\Roaming\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\programdata\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 22:49 . 2009-10-23 22:49 -------- d-----w- c:\program files\Trend Micro
2009-10-23 22:30 . 2009-10-23 22:30 -------- d-----w- c:\program files\ESET
2009-10-23 04:26 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-23 01:45 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-23 01:38 . 2009-10-23 01:38 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 01:37 . 2009-10-23 01:45 -------- d-----w- c:\programdata\Lavasoft
2009-10-23 01:37 . 2009-10-23 01:37 -------- d-----w- c:\program files\Lavasoft
2009-10-23 01:04 . 2009-10-23 01:04 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-23 01:03 . 2009-10-23 01:03 -------- d-----w- c:\programdata\XoftSpySE
2009-10-23 01:02 . 2009-10-23 01:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-22 11:23 . 2009-11-01 21:21 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-22 11:23 . 2009-10-22 11:22 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-10-22 11:22 . 2009-10-22 11:23 13160 ----a-w- c:\windows\system32\Upgrd.exe
2009-10-22 11:20 . 2009-10-25 15:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-22 11:19 . 2009-11-01 21:21 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\js
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\html
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\css
2009-10-21 16:54 . 2009-10-21 16:54 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-20 22:46 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-20 22:46 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-20 22:46 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-20 22:46 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-20 22:46 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-10-20 22:46 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-20 22:46 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-20 22:46 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-20 22:46 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sierra Wireless
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sprint
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Novatel Wireless
2009-10-20 15:32 . 2009-10-20 15:32 -------- d-----w- c:\programdata\Sprint
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNS
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNi
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\users\jt\AppData\Roaming\Win7codecs
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\program files\Win7codecs
2009-10-19 03:29 . 2009-10-19 03:30 -------- d-----w- c:\programdata\Win7codecs
2009-10-18 15:55 . 2009-10-18 15:56 -------- d-----w- c:\users\jt\AppData\Roaming\Usingit
2009-10-18 15:49 . 2009-10-18 15:49 -------- d-----w- c:\program files\Selteco
2009-10-17 04:43 . 2009-10-17 04:43 -------- d-----w- c:\program files\Winamp
2009-10-17 04:27 . 2009-10-17 04:48 -------- d-----w- c:\users\jt\AppData\Local\GPUMonitor
2009-10-17 02:14 . 2009-10-17 02:14 -------- d-----w- c:\users\jt\AppData\Local\BuildAGadget Content
2009-10-16 15:26 . 2009-10-22 18:24 -------- d-----w- C:\FTP_Files
2009-10-16 15:24 . 2009-10-22 18:22 -------- d-----w- c:\program files\SRSFTP2
2009-10-16 15:24 . 2009-10-22 18:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- C:\InstallFTP
2009-10-15 03:32 . 2008-05-27 21:55 28672 ----a-w- c:\windows\system32\nnr.dll
2009-10-15 03:32 . 2008-05-27 21:55 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2009-10-15 03:32 . 2008-05-27 21:55 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-10-15 03:30 . 2009-10-15 03:30 -------- d-----w- c:\program files\NetObjects
2009-10-15 03:12 . 2009-10-15 03:12 -------- d-----w- C:\Garmin
2009-10-14 23:35 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:47 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:48 . 2005-07-01 20:52 -------- d-----w- c:\program files\BearShare Test
2009-10-13 15:36 . 2009-10-13 15:36 1036288 ----a-w- c:\windows\system32\VSFilter.dll
2009-10-12 23:13 . 2009-10-12 23:13 -------- d-----w- c:\users\jt\AppData\Roaming\WildTangent
2009-10-12 22:10 . 2009-10-14 17:25 -------- d-----w- c:\users\jt\AppData\Local\ElevatedDiagnostics
2009-10-09 12:55 . 2009-10-09 12:55 -------- d-----w- c:\program files\Windows XP Mode
2009-10-09 12:46 . 2009-10-09 22:05 -------- d-----r- c:\users\jt\Virtual Machines
2009-10-09 12:13 . 2009-07-22 21:53 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-09 12:12 . 2009-07-22 21:53 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-09 12:12 . 2009-07-22 21:53 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-09 12:12 . 2009-07-22 21:54 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-09 12:12 . 2009-07-22 21:54 293904 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-09 12:12 . 2009-07-22 21:53 2168320 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-09 12:12 . 2009-07-22 21:53 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-09 12:12 . 2009-07-22 21:53 1001984 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-09 12:12 . 2009-07-22 21:53 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-09 12:12 . 2009-07-22 21:53 792064 ----a-w- c:\windows\system32\vmsal.exe
2009-10-09 12:12 . 2009-07-22 21:53 3329024 ----a-w- c:\windows\system32\vpc.exe
2009-10-09 03:51 . 2009-10-09 02:29 -------- d-----w- c:\windows\Panther
2009-10-09 03:39 . 2009-10-09 02:11 -------- d-----w- C:\$WINDOWS.~Q
2009-10-09 03:21 . 2009-10-09 03:32 -------- d-----w- C:\$INPLACE.~TR
2009-10-09 03:04 . 2009-10-09 03:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-09 03:03 . 2009-10-09 03:03 -------- d-----w- c:\windows\PCHEALTH
2009-10-09 03:02 . 2009-10-21 22:52 128760 ----a-w- c:\users\jt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 02:41 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 02:29 . 2009-11-01 21:22 -------- d-----w- c:\windows\system32\wbem\Performance
2009-10-09 02:28 . 2009-10-09 02:28 -------- d-----w- C:\Recovery
2009-10-09 02:09 . 2009-10-09 02:09 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-09 00:56 . 2009-10-09 00:56 -------- d-----w- c:\windows\system32\RTCOM
2009-10-09 00:55 . 2009-10-09 00:55 -------- d-----w- c:\program files\Synaptics
2009-10-06 05:13 . 2009-10-06 05:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-03 13:46 . 2009-10-03 13:46 -------- d-----w- C:\dell
2009-10-03 13:05 . 2009-10-09 01:48 -------- d-----w- c:\users\jt\AppData\Local\Apps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 21:22 . 2009-08-26 16:23 -------- d-----w- c:\users\jt\AppData\Roaming\uTorrent
2009-11-01 21:21 . 2009-02-17 05:23 -------- d-----w- c:\users\jt\AppData\Roaming\WTablet
2009-11-01 16:07 . 2008-12-20 02:01 -------- d-----w- c:\program files\Starcraft
2009-10-31 23:40 . 2008-12-19 02:06 -------- d-----w- c:\users\jt\AppData\Roaming\FileZilla
2009-10-29 03:42 . 2007-08-16 19:55 -------- d-----w- c:\programdata\McAfee
2009-10-27 04:08 . 2009-10-27 04:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-25 15:25 . 2009-01-16 20:58 -------- d-----w- c:\program files\f3setupinstall
2009-10-25 13:02 . 2008-12-15 04:28 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 13:02 . 2008-12-15 04:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-25 10:10 . 2007-08-16 19:58 -------- d-----w- c:\program files\Java
2009-10-25 08:02 . 2008-12-15 04:28 -------- d-----w- c:\programdata\avg8
2009-10-25 04:43 . 2009-09-30 19:51 -------- d-----w- c:\program files\Common Files\AVI
2009-10-23 01:05 . 2009-10-21 17:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-22 08:17 . 2008-12-14 22:36 -------- d-----w- c:\programdata\Microsoft Help
2009-10-22 08:09 . 2009-10-21 16:56 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-21 17:26 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-21 17:26 . 2009-10-21 17:26 -------- d-----w- c:\program files\Business Objects
2009-10-21 17:23 . 2008-12-15 06:03 -------- d-----w- c:\program files\Microsoft.NET
2009-10-21 17:20 . 2009-10-21 17:20 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-10-21 17:20 . 2009-10-21 17:19 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-10-21 17:18 . 2009-10-21 17:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-21 17:18 . 2009-04-15 21:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-21 17:06 . 2009-10-21 17:06 -------- d-----w- c:\programdata\PreEmptive Solutions
2009-10-21 16:59 . 2009-10-21 16:56 -------- d-----w- c:\program files\HTML Help Workshop
2009-10-21 16:59 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\CE Remote Tools
2009-10-21 15:47 . 2009-02-15 03:53 -------- d-----w- c:\users\jt\AppData\Roaming\Vso
2009-10-20 15:43 . 2009-01-06 04:03 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-18 16:00 . 2008-12-19 18:01 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 04:00 . 2008-12-14 22:29 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-15 03:42 . 2007-08-16 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 20:51 . 2009-01-21 02:51 -------- d-----w- c:\program files\bearshare
2009-10-12 23:22 . 2007-08-16 20:15 -------- d-----w- c:\programdata\WildTangent
2009-10-12 22:18 . 2009-10-12 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-11 14:48 . 2009-06-06 13:51 -------- d-----w- c:\program files\ooVoo
2009-10-09 12:39 . 2009-10-09 12:39 -------- d-----w- c:\program files\Windows Virtual PC
2009-10-09 01:51 . 2009-08-06 03:26 -------- d-----w- c:\users\jt\AppData\Roaming\mojosoft
2009-10-09 01:21 . 2009-09-30 00:50 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 01:20 . 2009-01-24 17:19 -------- d-----w- c:\programdata\Intuit
2009-10-09 01:19 . 2007-08-16 20:01 -------- d-----w- c:\program files\Ulead Systems
2009-10-09 01:19 . 2009-01-24 17:18 -------- d-----w- c:\program files\TurboTax
2009-10-09 01:19 . 2007-08-16 19:43 -------- d-----w- c:\program files\Toshiba Registration
2009-10-09 01:19 . 2007-08-16 20:15 -------- d-----w- c:\program files\TOSHIBA Games
2009-10-09 01:17 . 2007-08-16 19:04 -------- d-----w- c:\program files\Toshiba
2009-10-09 01:16 . 2009-06-29 02:38 -------- d-----w- c:\program files\TeamViewer
2009-10-09 01:16 . 2009-02-17 05:19 -------- d-----w- c:\program files\Tablet
2009-10-09 01:16 . 2009-09-15 03:57 -------- d-----w- c:\program files\Symantec
2009-10-09 01:16 . 2008-12-14 22:30 -------- d-----w- c:\program files\SourceTec
2009-10-09 01:16 . 2009-05-29 15:14 -------- d-----r- c:\program files\Skype
2009-10-09 01:14 . 2009-01-28 17:20 -------- d-----w- c:\program files\MIKSOFT
2009-10-09 01:14 . 2009-02-08 14:50 -------- d-----w- c:\program files\Microsoft WSE
2009-10-09 01:14 . 2008-12-14 22:34 -------- d-----w- c:\program files\Microsoft Works
2009-10-09 01:14 . 2008-12-15 06:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-09 01:14 . 2008-12-16 02:12 -------- d-----w- c:\program files\Microsoft Streets & Trips
2009-10-09 01:14 . 2009-04-15 21:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-09 01:14 . 2008-12-19 01:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 01:12 . 2008-12-17 00:41 -------- d-----w- c:\program files\GPLGS
2009-10-09 01:11 . 2009-06-17 12:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-09 01:11 . 2008-12-15 14:19 -------- d-----w- c:\program files\Common Files\BCL Technologies
2009-10-09 01:11 . 2008-12-21 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-10-09 01:11 . 2009-01-24 17:25 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-10-09 01:11 . 2008-12-17 17:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:11 . 2007-08-16 19:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 01:07 . 2008-12-18 18:34 -------- d-----w- c:\program files\CoffeeCup Software
2009-10-09 00:59 . 2008-12-17 00:41 -------- d-----w- c:\program files\Acro Software
2009-10-09 00:55 . 2009-10-09 00:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-30 04:42 . 2009-09-30 04:42 200428 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:58 . 2009-09-21 22:58 1218048 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-15 02:10 . 2009-09-03 07:16 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-09-07 08:13 . 2009-09-07 08:13 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 12:17 . 2009-09-03 12:17 1421080 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 14:10 . 2009-08-17 14:07 121343 ----a-w- c:\windows\HPHins15.dat
2009-08-14 02:38 . 2009-08-14 02:36 2805203 ----a-w- C:\sprint32.zip
2009-08-11 10:55 . 2009-08-11 10:48 130542 ----a-w- c:\windows\HPHins13.dat
2009-08-05 12:34 . 2009-02-15 03:53 47360 ----a-w- c:\users\jt\AppData\Roaming\pcouffin.sys
2009-01-21 00:48 . 2009-02-03 13:26 2826240 ----a-w- c:\program files\amtlib.dll
2009-01-21 00:48 . 2009-02-03 13:26 825 ----a-w- c:\program files\crack.bat
2002-08-01 01:55 . 2009-01-06 00:54 108 --sha-w- c:\windows\WSYS049.SYS
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-01_19.09.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 00:57 . 2009-11-01 21:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-09 00:57 . 2009-11-01 03:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-09 00:57 . 2009-11-01 03:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-09 00:57 . 2009-11-01 21:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2009-11-01 21:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2009-11-01 03:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2009-11-01 21:22 71736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-10-09 14:07 . 2009-11-01 19:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-09 14:07 . 2009-11-01 21:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-09 14:07 . 2009-11-01 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-09 14:07 . 2009-11-01 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-09 14:07 . 2009-11-01 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-09 14:07 . 2009-11-01 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-09 11:34 . 2009-11-01 19:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-09 11:34 . 2009-11-01 21:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-25 15:27 . 2009-11-01 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-25 15:27 . 2009-10-25 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-25 15:27 . 2009-10-25 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-25 15:27 . 2009-11-01 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-10 21:03 . 2009-11-01 20:52 275514 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:34 . 2009-10-23 01:45 3607991 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2009-11-01 21:21 3607991 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-14 289072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-25 2025752]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-07 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/22/09 19:45 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/25/09 02:02 23832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/14/08 22:28 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/25/09 02:03 108552]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\System32\drivers\vpcnfltr.sys [10/09/09 06:12 55040]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\System32\drivers\vpcvmm.sys [10/09/09 06:12 293904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [07/13/09 17:52 48128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/25/09 07:02 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/25/09 07:02 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/08 05:45 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/24/09 05:17 1170768]
R2 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/01/08 01:13 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [02/16/09 23:19 3032360]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/07/09 06:50 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [03/30/09 15:28 1533808]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [05/22/09 13:52 167936]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\System32\drivers\vpchbus.sys [10/09/09 06:12 165376]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\System32\drivers\vpcusb.sys [10/09/09 06:12 78336]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [07/07/08 13:45 124184]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [06/04/09 08:26 28672]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\System32\drivers\ser2at.sys [03/04/09 07:04 76288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [02/16/09 23:19 15144]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [02/21/07 17:26 151552]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [02/08/09 12:41 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [02/08/09 12:40 2743056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4064)
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-01 15:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 21:32
ComboFix2.txt 2009-11-01 19:15

Pre-Run: 260,691,197,952 bytes free
Post-Run: 260,353,810,432 bytes free

- - End Of File - - B8E10D28A47F22C32A7791163870420D


Malwarebytes' Anti-Malware 1.41
Database version: 3081
Windows 6.1.7600

11/02/09 01:04:26
mbam-log-2009-11-02 (01-04-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 467552
Time elapsed: 2 hour(s), 55 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 02 November 2009 - 02:57 PM

Hi,

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 02 November 2009 - 04:58 PM

OK, that scan ran good. Here are the two logs, first is the OTL


OTL logfile created on: 11/02/09 15:45:58 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\jt\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.82% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 411.98 Gb Total Space | 242.23 Gb Free Space | 58.80% Space Free | Partition Type: NTFS
Drive D: | 53.08 Gb Total Space | 44.25 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
Drive E: | 4.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 625.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JT-PC
Current User Name: jt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/02 15:45:23 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\jt\Desktop\OTL.exe
PRC - [2009/11/02 08:43:24 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/28 20:49:08 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/25 07:02:46 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/10/25 07:02:46 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/25 07:02:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/10/25 07:02:45 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/25 07:02:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/10/25 04:10:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/22 05:22:58 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/10/07 06:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/08/02 23:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:47 | 00,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/07/13 19:14:43 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/07/13 19:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/07/13 19:14:24 | 00,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/07/13 19:14:21 | 00,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009/07/13 19:14:12 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/02 02:38:58 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/05/01 16:41:38 | 00,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 16:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008/05/01 16:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2007/07/19 18:27:18 | 04,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/07/14 00:50:18 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/14 00:50:18 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/07 04:06:52 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/28 17:25:30 | 00,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/06/15 22:01:58 | 00,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/22 17:32:52 | 00,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/05/22 12:50:02 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/06 18:14:44 | 00,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/02 15:45:23 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\jt\Desktop\OTL.exe
MOD - [2009/07/13 19:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/01 20:52:23 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/25 07:02:45 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2009/10/25 07:02:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/10/22 05:22:58 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2009/10/07 06:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/13 19:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2009/07/13 19:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 19:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 19:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 19:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/06/10 15:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 15:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 15:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/06/10 15:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/08 12:46:15 | 00,114,688 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swstrtr.exe -- (ColdFusion 8 ODBC Server)
SRV - [2009/02/08 12:46:14 | 00,696,320 | ---- | M] () -- C:\ColdFusion8\db\slserver54\bin\swagent.exe -- (ColdFusion 8 ODBC Agent)
SRV - [2008/12/17 11:06:15 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/07 13:45:50 | 00,111,896 | ---- | M] (PCTEL) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/07/07 13:45:36 | 00,124,184 | ---- | M] (PCTEL) -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2008/05/01 16:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/03/18 03:11:40 | 00,065,536 | ---- | M] (Macromedia Inc.) -- C:\ColdFusion8\runtime\bin\jrunsvc.exe -- (ColdFusion 8 Application Server)
SRV - [2008/03/12 03:19:55 | 02,743,056 | ---- | M] (Verity, Inc.) -- C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion 8 Search Server)
SRV - [2007/11/07 07:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/08/16 14:25:01 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/07/14 00:50:18 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/06/28 17:25:30 | 00,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/05 20:35:40 | 01,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/21 17:26:40 | 00,151,552 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/02 06:27:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ljznamkl.sys -- (ljznamkl) ljznamkl [Kernel | System | Stopped]
DRV - [2009/10/25 07:02:46 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running]
DRV - [2009/10/25 07:02:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running]
DRV - [2009/10/25 07:02:45 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) AVG8 Network Redirector [Kernel | System | Running]
DRV - [2009/10/25 07:02:45 | 00,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) AVG network filter service [Kernel | System | Running]
DRV - [2009/09/23 06:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) Lbd [File_System | Boot | Running]
DRV - [2009/09/21 16:58:28 | 01,218,048 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running]
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/22 15:54:19 | 00,293,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) Virtual PC Virtual Machine Monitor [Kernel | System | Running]
DRV - [2009/07/22 15:54:19 | 00,055,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) Virtual PC Network Filter Driver [Kernel | System | Running]
DRV - [2009/07/22 15:53:23 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) USB Virtualization Connector Service [Kernel | On_Demand | Running]
DRV - [2009/07/22 15:53:19 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) Virtual PC Host Bus Service [Kernel | On_Demand | Running]
DRV - [2009/07/13 19:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) cmdide [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) adpahci [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) adp94xx [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) amdsbs [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) adpu320 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) arcsas [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) amdsata [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) arc [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) amdxata [Kernel | Boot | Running]
DRV - [2009/07/13 19:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) aliide [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) nvstor [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) nvraid [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) nfrd960 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) LSI_SAS [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) iaStorV [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) MegaSR [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) KSecPkg [Kernel | Boot | Running]
DRV - [2009/07/13 19:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) LSI_SCSI [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) LSI_FC [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) iirsp [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) megasas [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) Hardware Policy Driver [Kernel | Boot | Running]
DRV - [2009/07/13 19:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) elxstor [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) aic78xx [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) HpSAMD [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped]
DRV - [2009/07/13 19:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) vsmraid [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) Virtual Machine Bus [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) vhdmp [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) Disk Virtual Machine Bus Acceleration Filter Driver [Kernel | Boot | Running]
DRV - [2009/07/13 19:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running]
DRV - [2009/07/13 19:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) storvsc [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) WIMMount [File_System | On_Demand | Stopped]
DRV - [2009/07/13 19:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) viaide [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) ql2300 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) ReadyBoost [Kernel | Boot | Running]
DRV - [2009/07/13 19:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) ql40xx [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) SiSRaid4 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw) Performance Counters for Windows Driver [Kernel | Boot | Running]
DRV - [2009/07/13 19:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) SiSRaid2 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) stexstor [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 19:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG) CNG [Kernel | Boot | Running]
DRV - [2009/07/13 18:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 18:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running]
DRV - [2009/07/13 18:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running]
DRV - [2009/07/13 17:55:21 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running]
DRV - [2009/07/13 17:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running]
DRV - [2009/07/13 17:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) WFP Lightweight Filter [Kernel | System | Running]
DRV - [2009/07/13 17:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running]
DRV - [2009/07/13 17:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running]
DRV - [2009/07/13 17:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Running]
DRV - [2009/07/13 17:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) WinUsb [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running]
DRV - [2009/07/13 17:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID) AppID Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped]
DRV - [2009/07/13 17:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) s3cap [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) VMBusHID [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache) System Attribute Cache [Kernel | System | Running]
DRV - [2009/07/13 17:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 17:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM Serial driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:13:48 | 01,035,776 | ---- | M] (LSI Corp) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running]
DRV - [2009/07/13 16:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 16:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped]
DRV - [2009/07/13 14:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) Security Driver [Kernel | Auto | Running]
DRV - [2009/06/19 20:44:14 | 00,290,816 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) tifm21 [Kernel | On_Demand | Running]
DRV - [2009/05/22 13:52:04 | 00,167,936 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running]
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running]
DRV - [2009/03/20 06:37:42 | 00,208,688 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running]
DRV - [2009/02/14 21:53:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped]
DRV - [2008/12/23 03:47:52 | 00,138,240 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Stopped]
DRV - [2008/11/02 02:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) SCDEmu [Kernel | System | Running]
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\drivers\adfs.sys -- (adfs) adfs [Kernel | Auto | Running]
DRV - [2008/07/07 14:42:52 | 00,164,480 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) [Kernel | On_Demand | Stopped]
DRV - [2008/07/07 14:42:52 | 00,024,840 | ---- | M] () -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) swmsflt [Kernel | On_Demand | Stopped]
DRV - [2008/07/07 14:42:50 | 00,149,000 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00) [Kernel | On_Demand | Stopped]
DRV - [2008/07/07 13:42:42 | 00,038,680 | ---- | M] (PCTEL Inc.) -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea) Sprint Connection Manager - emulates the NMEA ports [Kernel | On_Demand | Running]
DRV - [2008/07/07 13:41:32 | 00,032,408 | ---- | M] (PCTEL Inc.) -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5) PCTINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped]
DRV - [2008/06/01 01:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys -- (npf) NetGroup Packet Filter Driver [Kernel | Auto | Running]
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped]
DRV - [2008/03/17 14:14:52 | 00,015,144 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) Wacom Mode Helper [Kernel | On_Demand | Stopped]
DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20) PxHelp20 [Kernel | Boot | Running]
DRV - [2007/12/20 16:13:54 | 00,136,416 | ---- | M] (StorageCraft) -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap) Symantec Volume Snap Shot Driver [File_System | Boot | Running]
DRV - [2007/12/10 03:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k) Cdralw2k [Kernel | System | Stopped]
DRV - [2007/12/10 03:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) Cdr4_xp [Kernel | System | Stopped]
DRV - [2007/11/09 05:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running]
DRV - [2007/10/12 16:04:40 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) PCASp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped]
DRV - [2007/09/06 14:30:24 | 00,194,048 | ---- | M] (Novatel Wireless Inc) -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) NWADI Bus Enumerator [Kernel | On_Demand | Running]
DRV - [2007/07/19 12:32:40 | 01,841,312 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running]
DRV - [2007/07/14 01:01:30 | 02,771,968 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) atikmdag [Kernel | On_Demand | Running]
DRV - [2007/06/08 13:40:28 | 00,076,288 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2at.sys -- (Ser2at) ATEN USB to Serial port driver [Kernel | On_Demand | Stopped]
DRV - [2007/04/16 12:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) UVCFTR [Kernel | On_Demand | Running]
DRV - [2007/03/20 10:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) LibUsb-Win32 - Kernel Driver, Version 0.1.12.1 [Kernel | On_Demand | Stopped]
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running]
DRV - [2006/11/09 15:32:00 | 00,219,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I) KR10I [Kernel | Disabled | Stopped]
DRV - [2006/11/09 15:31:00 | 00,211,072 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N) KR10N [Kernel | Disabled | Stopped]
DRV - [2006/10/30 13:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) Filter [Kernel | Boot | Running]
DRV - [2006/10/18 12:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running]
DRV - [2006/09/27 21:06:00 | 00,479,488 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP) KR3NPXP [Kernel | Disabled | Stopped]
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc) PPdus ASPI Shell [Kernel | On_Demand | Running]


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 EA 35 8E 22 3D CA 01 [binary data]
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\S-1-5-21-1620325317-2913189182-4131943758-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\S-1-5-21-1620325317-2913189182-4131943758-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}:3.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: close@doubleclick:1.10
FF - prefs.js..extensions.enabledItems: {420ed894-c19f-4318-a83f-bacae374db28}:0.4.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: {83874588-ae10-4dbb-8dba-8301c86cb8fc}:2.0.4.9
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.5.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 08:44:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/10/08 19:15:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/10/25 02:02:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 20:49:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/01 12:40:56 | 00,000,000 | ---D | M]

[2009/10/24 22:28:10 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\undoclosedtabsbutton@supernova00.biz
[2009/10/08 19:52:01 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\moveplayer@movenetworks.com
[2009/10/14 16:23:43 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\firebug@software.joehewitt.com
[2009/10/26 17:50:14 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\close@doubleclick
[2009/10/08 19:52:08 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/08 19:52:07 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/08 19:52:07 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/14 16:23:45 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/24 22:28:09 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2009/10/08 19:52:05 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{83874588-ae10-4dbb-8dba-8301c86cb8fc}
[2009/10/08 19:52:05 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/08 19:52:03 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{420ed894-c19f-4318-a83f-bacae374db28}
[2009/10/16 20:11:18 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/10/08 19:52:03 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/14 16:23:39 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/10/08 19:52:02 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}
[2009/11/01 07:50:16 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/01 13:17:05 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions
[2008/12/14 21:38:32 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/08 19:51:56 | 00,000,000 | ---D | M] -- C:\Users\jt\AppData\Roaming\Mozilla\Extensions
[2009/02/09 11:42:48 | 00,000,681 | ---- | M] () -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\searchplugins\ask.xml
[2009/02/09 20:14:01 | 00,000,872 | ---- | M] () -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\searchplugins\yahoo.gif
[2009/02/09 20:14:01 | 00,000,466 | ---- | M] () -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\searchplugins\yahoo.src
[2009/02/09 20:14:00 | 00,001,767 | ---- | M] () -- C:\Users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\searchplugins\yahoo.xml
[2009/10/25 04:12:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/28 20:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/01 07:50:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/28 20:49:07 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/28 20:49:07 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/25 04:10:22 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/28 20:49:09 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/12/21 12:14:58 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/29 18:49:39 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/12/21 12:15:14 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/12/21 12:14:51 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/10/24 22:27:37 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/24 22:27:37 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/02 10:59:26 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/10/24 22:27:37 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/24 22:27:37 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/24 22:27:37 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/24 22:27:37 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/24 22:27:37 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1620325317-2913189182-4131943758-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 09:42:25 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/11 18:21:22 | 00,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [1998/12/13 01:43:32 | 00,000,040 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [1998/11/30 23:04:40 | 00,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/02 15:45:14 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\jt\Desktop\OTL.exe
[2009/11/02 06:27:25 | 00,030,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ljznamkl.sys
[2009/11/02 01:05:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/01 20:54:04 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/01 15:18:44 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Local\temp
[2009/10/28 21:44:31 | 00,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCAL.OCX
[2009/10/28 21:44:29 | 00,000,000 | ---D | C] -- C:\Program Files\CitruswareDemo
[2009/10/28 21:42:09 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/28 21:42:09 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/27 20:39:51 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\sar apps
[2009/10/27 16:35:48 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/26 16:46:37 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST5UNST.EXE
[2009/10/26 16:46:37 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5StKit.dll
[2009/10/25 07:02:46 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/25 04:55:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/10/25 04:55:56 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/10/25 04:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/10/25 04:12:14 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/25 04:12:13 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/25 04:12:12 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/25 04:12:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/25 02:03:13 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/25 02:02:36 | 00,023,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/10/24 22:34:52 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Roaming\Malwarebytes
[2009/10/24 22:34:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/24 22:34:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/24 22:34:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/24 22:34:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/24 22:34:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/23 23:52:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/23 23:52:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/23 23:52:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/23 23:52:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/23 16:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/23 16:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/23 14:06:17 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/23 14:05:04 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/23 14:02:54 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\repair
[2009/10/23 14:02:20 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\Garmin Stuff
[2009/10/22 19:45:46 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/22 19:38:21 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/22 19:38:21 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/22 19:37:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/22 19:37:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/22 19:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/22 19:04:56 | 00,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU
[2009/10/22 19:03:40 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/22 19:03:40 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/22 19:02:32 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/10/22 05:23:21 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/10/22 05:23:21 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/10/22 05:22:59 | 00,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2009/10/21 11:26:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\js
[2009/10/21 11:26:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\html
[2009/10/21 11:26:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\css
[2009/10/21 11:26:26 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2009/10/21 11:21:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/10/21 11:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2009/10/21 11:19:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009/10/21 11:18:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/10/21 11:06:11 | 00,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2009/10/21 11:06:11 | 00,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2009/10/21 10:58:40 | 00,000,000 | ---D | C] -- C:\Windows\symbols
[2009/10/21 10:58:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/10/21 10:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/10/21 10:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/10/21 10:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/10/21 10:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2009/10/21 10:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/10/21 10:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2009/10/21 10:50:48 | 00,000,000 | ---D | C] -- C:\Users\jt\Documents\Visual Studio 2008
[2009/10/20 16:46:43 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/20 16:46:41 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/20 16:46:41 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/20 16:46:41 | 00,728,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/20 16:46:41 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/20 16:46:41 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/20 16:46:41 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/10/20 16:46:41 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/10/20 16:46:41 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/10/20 16:46:40 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/20 09:43:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless
[2009/10/20 09:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PctelEapPeer Authentication
[2009/10/20 09:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Sprint
[2009/10/20 09:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2009/10/20 09:32:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Sprint
[2009/10/20 09:32:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Sprint
[2009/10/19 14:59:07 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\usb_sd
[2009/10/19 00:57:39 | 00,000,000 | ---D | C] -- C:\Windows\MSSecurityNS
[2009/10/19 00:57:38 | 00,000,000 | ---D | C] -- C:\Windows\MSSecurityNi
[2009/10/18 21:30:58 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Roaming\Win7codecs
[2009/10/18 21:30:54 | 00,000,000 | ---D | C] -- C:\Program Files\Win7codecs
[2009/10/18 21:29:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2009/10/18 21:29:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2009/10/18 12:18:48 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\musicplayer
[2009/10/18 09:55:05 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Roaming\Usingit
[2009/10/18 09:49:16 | 00,000,000 | ---D | C] -- C:\Program Files\Selteco
[2009/10/16 22:43:25 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/10/16 22:27:06 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Local\GPUMonitor
[2009/10/16 20:14:03 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Local\BuildAGadget Content
[2009/10/16 09:26:05 | 00,000,000 | ---D | C] -- C:\FTP_Files
[2009/10/16 09:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\SRSFTP2
[2009/10/16 09:24:44 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2009/10/16 09:24:21 | 00,000,000 | ---D | C] -- C:\InstallFTP
[2009/10/14 21:35:42 | 00,000,000 | ---D | C] -- C:\Users\jt\Documents\NetObjects Fusion 11.0
[2009/10/14 21:32:48 | 01,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\ROBOEX32.DLL
[2009/10/14 21:32:48 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\INETWH32.DLL
[2009/10/14 21:31:37 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\NetObjects Fusion 11.0
[2009/10/14 21:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\NetObjects
[2009/10/14 21:12:49 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/10/14 21:08:34 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\iosdk
[2009/10/14 17:35:37 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 17:28:36 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/10/14 15:11:55 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\66 Ford
[2009/10/14 15:11:27 | 00,000,000 | ---D | C] -- C:\Users\jt\Desktop\Relm Radio
[2009/10/14 13:47:43 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 13:47:41 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/14 13:47:41 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/14 11:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Test
[2009/10/13 09:36:04 | 01,036,288 | ---- | C] (Gabest) -- C:\Windows\System32\VSFilter.dll
[2009/10/12 17:13:06 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Roaming\WildTangent
[2009/10/12 17:02:53 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/10/12 16:10:21 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Local\ElevatedDiagnostics
[2009/10/09 06:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2009/10/09 06:46:38 | 00,000,000 | R--D | C] -- C:\Users\jt\Virtual Machines
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2009/10/09 06:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC
[2009/10/09 06:13:05 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll
[2009/10/09 06:13:05 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpchbus.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcuxd.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcuxd.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcuxd.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcusb.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcusb.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcusb.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcnfltr.sys.mui
[2009/10/09 06:13:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcnfltr.sys.mui
[2009/10/09 06:13:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpchbus.sys.mui
[2009/10/09 06:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcuxd.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcusb.sys.mui
[2009/10/09 06:13:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcusb.sys.mui
[2009/10/09 06:13:01 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcvmm.sys.mui
[2009/10/09 06:13:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcvmm.sys.mui
[2009/10/09 06:13:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcnfltr.sys.mui
[2009/10/09 06:13:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcnfltr.sys.mui
[2009/10/09 06:12:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcnfltr.sys.mui
[2009/10/09 06:12:57 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys
[2009/10/09 06:12:57 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys
[2009/10/09 06:12:56 | 02,168,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe
[2009/10/09 06:12:56 | 01,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe
[2009/10/09 06:12:56 | 01,001,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe
[2009/10/09 06:12:56 | 00,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll
[2009/10/09 06:12:56 | 00,293,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys
[2009/10/09 06:12:56 | 00,055,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys
[2009/10/09 06:12:55 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe
[2009/10/09 06:12:53 | 03,329,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe
[2009/10/08 21:51:25 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/10/08 21:39:16 | 00,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2009/10/08 21:21:20 | 00,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2009/10/08 21:03:52 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/10/08 20:41:09 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/08 20:28:15 | 00,000,000 | ---D | C] -- C:\Recovery
[2009/10/08 18:57:20 | 00,000,000 | --SD | C] -- C:\Users\jt\AppData\Roaming\Microsoft
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Videos
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Saved Games
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Pictures
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Music
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Links
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Favorites
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Downloads
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Documents
[2009/10/08 18:57:20 | 00,000,000 | R--D | C] -- C:\Users\jt\Desktop
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Templates
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Start Menu
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\SendTo
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Recent
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\PrintHood
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\NetHood
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Documents\My Videos
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Documents\My Pictures
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Documents\My Music
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\My Documents
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Local Settings
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Cookies
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\Application Data
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\AppData\Local\Temporary Internet Files
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\AppData\Local\History
[2009/10/08 18:57:20 | 00,000,000 | -HSD | C] -- C:\Users\jt\AppData\Local\Application Data
[2009/10/08 18:57:20 | 00,000,000 | -H-D | C] -- C:\Users\jt\AppData
[2009/10/08 18:57:20 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Roaming\Media Center Programs
[2009/10/08 18:57:20 | 00,000,000 | ---D | C] -- C:\Users\jt\AppData\Local\Microsoft
[2009/10/08 18:56:00 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/10/08 18:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/10/08 18:53:04 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/10/07 07:59:13 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone
[2009/10/07 07:40:45 | 00,000,000 | ---D | C] -- C:\Users\jt\Documents\iPhone Ringtones
[2009/10/07 07:37:43 | 03,640,832 | ---- | C] (Mouse Industries) -- C:\Users\jt\Desktop\iRinger.exe
[2009/02/14 21:53:31 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\jt\AppData\Roaming\pcouffin.sys
[2009/02/03 07:26:47 | 02,826,240 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib.dll

========== Files - Modified Within 30 Days ==========

[2009/11/02 15:51:11 | 05,767,168 | -HS- | M] () -- C:\Users\jt\NTUSER.DAT
[2009/11/02 15:45:23 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\jt\Desktop\OTL.exe
[2009/11/02 06:27:26 | 00,030,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ljznamkl.sys
[2009/11/02 05:40:57 | 44,641,555 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/02 05:40:57 | 00,069,252 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/02 05:33:56 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/11/02 05:33:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/01 20:53:41 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/01 15:26:46 | 00,787,042 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/01 15:26:46 | 00,669,136 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/01 15:26:46 | 00,123,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/01 15:26:46 | 00,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 15:26:46 | 00,006,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 15:23:06 | 00,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/11/01 15:22:28 | 00,000,273 | ---- | M] () -- C:\Windows\system.ini
[2009/11/01 15:21:43 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/01 15:21:23 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/11/01 15:21:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/01 15:20:42 | 23,137,19808 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 14:55:11 | 00,781,909 | ---- | M] () -- C:\Users\jt\Desktop\RSIT.exe
[2009/11/01 12:37:21 | 03,430,299 | R--- | M] () -- C:\Users\jt\Desktop\schrauber.exe
[2009/11/01 06:35:19 | 00,291,328 | ---- | M] () -- C:\Users\jt\Desktop\5mwtr21t.exe
[2009/10/31 21:51:24 | 00,523,776 | ---- | M] () -- C:\Users\jt\Desktop\dds.scr
[2009/10/29 05:31:33 | 37,824,544 | ---- | M] () -- C:\Users\jt\Desktop\090_000_264_000_dj_sf_driveronly_nonnetwork_dvd_NB.exe
[2009/10/29 05:29:51 | 00,022,016 | ---- | M] () -- C:\Windows\System32\tdlwsp.dll
[2009/10/26 22:08:16 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/10/26 16:46:38 | 00,000,793 | ---- | M] () -- C:\Windows\ST5UNST.000
[2009/10/25 09:27:34 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/10/25 07:02:46 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/25 07:02:46 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/25 07:02:46 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/25 07:02:45 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/25 07:02:45 | 00,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/25 05:09:22 | 06,794,110 | ---- | M] () -- C:\Users\jt\Documents\AutoRuns.arn
[2009/10/25 04:17:11 | 00,000,016 | ---- | M] () -- C:\Users\jt\.javafx_ping_sent
[2009/10/25 04:17:01 | 00,000,000 | ---- | M] () -- C:\Users\jt\.javafx_eula_accepted
[2009/10/25 04:10:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/25 04:10:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/25 04:10:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/25 04:10:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/25 02:19:18 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/24 22:34:50 | 00,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 19:38:17 | 00,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/22 12:04:47 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2009/10/22 05:23:02 | 00,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2009/10/22 05:22:58 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/10/22 05:20:07 | 02,384,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/21 16:52:32 | 00,128,760 | ---- | M] () -- C:\Users\jt\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/21 16:28:25 | 00,000,566 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/10/20 10:23:28 | 00,871,853 | ---- | M] () -- C:\Users\jt\Desktop\GMapTool.zip
[2009/10/20 09:43:20 | 00,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Sprint SmartView.lnk
[2009/10/19 10:27:02 | 00,015,062 | ---- | M] () -- C:\Users\jt\Desktop\dollyhandle.jpg
[2009/10/19 10:27:01 | 00,017,060 | ---- | M] () -- C:\Users\jt\Desktop\dolly.jpg
[2009/10/19 10:26:35 | 00,221,877 | ---- | M] () -- C:\Users\jt\Desktop\08.jpg
[2009/10/19 01:16:53 | 60,525,3632 | ---- | M] () -- C:\Users\jt\Desktop\ubuntu-9.04-server-i386.iso
[2009/10/19 01:06:40 | 02,542,640 | ---- | M] () -- C:\Users\jt\Desktop\XTCommerce_v2.0_RC1.2_24_09_04.zip
[2009/10/18 10:00:03 | 00,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2009/10/14 22:28:34 | 00,003,741 | ---- | M] () -- C:\Users\jt\Desktop\jtllogo.png.gif
[2009/10/14 21:35:39 | 00,002,125 | ---- | M] () -- C:\Users\Public\Desktop\NetObjects Fusion 11.0.lnk
[2009/10/14 21:11:07 | 00,865,832 | ---- | M] () -- C:\Users\jt\Desktop\USBDrivers_221.exe
[2009/10/13 21:13:05 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2009/10/13 21:13:05 | 00,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2009/10/13 21:13:05 | 00,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2009/10/13 09:36:04 | 01,036,288 | ---- | M] (Gabest) -- C:\Windows\System32\VSFilter.dll
[2009/10/12 16:18:23 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/08 21:51:11 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/10/08 21:04:30 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2009/10/08 20:31:37 | 00,000,020 | -HS- | M] () -- C:\Users\jt\ntuser.ini
[2009/10/08 20:22:49 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/10/08 20:09:57 | 00,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/08 18:57:22 | 00,524,288 | -HS- | M] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/08 18:57:22 | 00,524,288 | -HS- | M] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/08 18:57:22 | 00,065,536 | -HS- | M] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/08 18:55:49 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/10/08 18:13:26 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 18:13:26 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 17:01:36 | 00,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/10/08 17:01:36 | 00,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/10/08 16:34:45 | 54,140,6280 | ---- | M] () -- C:\Users\jt\Documents\WinxpKEY--vk8kv-6d44h-722df-8mr6t-rhhyw.daa
[2009/10/08 16:11:55 | 35,648,87510 | ---- | M] () -- C:\Users\jt\Documents\win7.daa
[2009/10/07 07:38:12 | 03,640,832 | ---- | M] (Mouse Industries) -- C:\Users\jt\Desktop\iRinger.exe
[2009/10/05 23:13:56 | 00,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll

========== Files Created - No Company Name ==========

[2009/11/01 14:55:06 | 00,781,909 | ---- | C] () -- C:\Users\jt\Desktop\RSIT.exe
[2009/11/01 12:43:55 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/01 12:36:45 | 03,430,299 | R--- | C] () -- C:\Users\jt\Desktop\schrauber.exe
[2009/11/01 06:35:11 | 00,291,328 | ---- | C] () -- C:\Users\jt\Desktop\5mwtr21t.exe
[2009/10/31 21:51:11 | 00,523,776 | ---- | C] () -- C:\Users\jt\Desktop\dds.scr
[2009/10/29 05:29:49 | 00,022,016 | ---- | C] () -- C:\Windows\System32\tdlwsp.dll
[2009/10/29 05:23:32 | 37,824,544 | ---- | C] () -- C:\Users\jt\Desktop\090_000_264_000_dj_sf_driveronly_nonnetwork_dvd_NB.exe
[2009/10/26 22:08:16 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/10/26 16:46:37 | 00,000,793 | ---- | C] () -- C:\Windows\ST5UNST.000
[2009/10/25 04:17:11 | 00,000,016 | ---- | C] () -- C:\Users\jt\.javafx_ping_sent
[2009/10/25 04:17:01 | 00,000,000 | ---- | C] () -- C:\Users\jt\.javafx_eula_accepted
[2009/10/24 22:34:50 | 00,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 23:52:14 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/23 23:52:14 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/23 23:52:14 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/23 23:52:14 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/22 22:26:31 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/10/22 19:38:17 | 00,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/22 05:20:39 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009/10/22 05:19:38 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2009/10/20 10:23:07 | 00,871,853 | ---- | C] () -- C:\Users\jt\Desktop\GMapTool.zip
[2009/10/20 09:43:20 | 00,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Sprint SmartView.lnk
[2009/10/19 10:27:01 | 00,015,062 | ---- | C] () -- C:\Users\jt\Desktop\dollyhandle.jpg
[2009/10/19 10:27:00 | 00,017,060 | ---- | C] () -- C:\Users\jt\Desktop\dolly.jpg
[2009/10/19 10:26:33 | 00,221,877 | ---- | C] () -- C:\Users\jt\Desktop\08.jpg
[2009/10/19 01:05:27 | 02,542,640 | ---- | C] () -- C:\Users\jt\Desktop\XTCommerce_v2.0_RC1.2_24_09_04.zip
[2009/10/19 00:20:17 | 60,525,3632 | ---- | C] () -- C:\Users\jt\Desktop\ubuntu-9.04-server-i386.iso
[2009/10/14 22:28:32 | 00,003,741 | ---- | C] () -- C:\Users\jt\Desktop\jtllogo.png.gif
[2009/10/14 21:35:39 | 00,002,125 | ---- | C] () -- C:\Users\Public\Desktop\NetObjects Fusion 11.0.lnk
[2009/10/14 21:32:48 | 00,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2009/10/14 21:11:02 | 00,865,832 | ---- | C] () -- C:\Users\jt\Desktop\USBDrivers_221.exe
[2009/10/14 11:47:06 | 00,192,947 | ---- | C] () -- C:\Users\jt\Desktop\BearStart v2-1.exe
[2009/10/12 16:18:23 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/10/08 21:02:14 | 00,128,760 | ---- | C] () -- C:\Users\jt\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/08 20:31:37 | 00,000,020 | -HS- | C] () -- C:\Users\jt\ntuser.ini
[2009/10/08 20:29:45 | 00,171,136 | RHS- | C] () -- C:\grldr
[2009/10/08 20:24:37 | 23,137,19808 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/08 20:09:57 | 00,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/08 18:57:20 | 05,767,168 | -HS- | C] () -- C:\Users\jt\NTUSER.DAT
[2009/10/08 18:57:20 | 00,524,288 | -HS- | C] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/10/08 18:57:20 | 00,524,288 | -HS- | C] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/10/08 18:57:20 | 00,065,536 | -HS- | C] () -- C:\Users\jt\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/10/08 18:55:49 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/10/08 18:55:47 | 00,006,304 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 18:55:47 | 00,006,304 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/08 16:30:57 | 54,140,6280 | ---- | C] () -- C:\Users\jt\Documents\WinxpKEY--vk8kv-6d44h-722df-8mr6t-rhhyw.daa
[2009/10/08 16:03:08 | 35,648,87510 | ---- | C] () -- C:\Users\jt\Documents\win7.daa
[2009/10/05 23:13:56 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/28 08:40:15 | 00,076,407 | ---- | C] () -- C:\Users\jt\AppData\Roaming\Smiley.ico
[2009/08/11 19:44:48 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009/08/06 07:46:49 | 00,000,082 | ---- | C] () -- C:\Windows\forminfo.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/16 21:13:52 | 00,032,768 | ---- | C] () -- C:\Users\jt\AppData\Roaming\SharedSettings.ccs
[2009/07/13 22:52:31 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:52:31 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:31 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:41:57 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009/07/13 17:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/28 09:03:57 | 00,000,264 | ---- | C] () -- C:\Users\jt\AppData\Roaming\wklnhst.dat
[2009/06/24 22:36:32 | 00,000,600 | ---- | C] () -- C:\Users\jt\AppData\Roaming\winscp.rnd
[2009/05/29 15:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 15:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/27 22:44:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 08:09:14 | 00,000,566 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/20 16:33:17 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/03/15 19:18:16 | 00,000,006 | -HS- | C] () -- C:\Users\jt\AppData\Roaming\desktop.ini
[2009/03/08 14:04:45 | 00,000,254 | ---- | C] () -- C:\Users\jt\AppData\Roaming\iPod Access v4 Prefs
[2009/03/08 14:04:36 | 00,000,042 | -H-- | C] () -- C:\Users\jt\AppData\Roaming\iPodAccessv4_OwnerName
[2009/03/08 14:03:06 | 00,000,010 | -H-- | C] () -- C:\Users\jt\AppData\Roaming\iPodAccess_Time
[2009/03/05 05:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/26 08:11:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/02/26 08:11:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009/02/26 08:11:17 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009/02/26 08:11:17 | 00,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009/02/26 07:14:02 | 00,749,568 | ---- | C] () -- C:\Windows\System32\swfgen.dll
[2009/02/22 15:22:12 | 00,000,672 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/02/22 15:22:11 | 00,000,503 | ---- | C] () -- C:\Windows\CDRip.INI
[2009/02/22 14:26:22 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/22 14:17:09 | 00,151,040 | ---- | C] () -- C:\Windows\System32\wimadll.dll
[2009/02/22 14:14:20 | 01,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/02/22 14:14:19 | 00,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2009/02/22 14:14:19 | 00,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2009/02/22 14:14:16 | 00,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/02/22 14:14:16 | 00,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2009/02/22 14:14:15 | 00,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/02/22 14:14:14 | 01,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/02/22 14:14:14 | 00,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/02/16 07:28:04 | 00,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/02/14 21:54:47 | 00,000,033 | ---- | C] () -- C:\Users\jt\AppData\Roaming\pcouffin.log
[2009/02/14 21:53:31 | 00,007,887 | ---- | C] () -- C:\Users\jt\AppData\Roaming\pcouffin.cat
[2009/02/14 21:53:31 | 00,001,144 | ---- | C] () -- C:\Users\jt\AppData\Roaming\pcouffin.inf
[2009/02/03 07:26:47 | 00,000,825 | ---- | C] () -- C:\Program Files\crack.bat
[2009/01/05 18:54:30 | 00,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2008/12/16 18:41:38 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/10/10 00:36:28 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2008/07/07 14:42:52 | 00,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/06/01 01:13:10 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/09/04 11:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/16 16:56:19 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/16 14:05:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/16 14:05:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/16 14:05:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/16 14:05:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/16 14:05:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/16 14:05:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/16 13:28:39 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/16 13:27:43 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007/08/16 13:18:23 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/16 13:18:23 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/16 13:18:23 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/16 13:18:23 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/07/14 00:52:00 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/05 18:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 04:23:31 | 00,000,344 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 04:23:31 | 00,000,273 | ---- | C] () -- C:\Windows\system.ini
[2006/10/13 08:02:00 | 00,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2006/10/13 08:02:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2000/04/12 14:24:10 | 00,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[1997/09/30 13:30:02 | 00,122,880 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 278 bytes -> C:\Windows\System32\drivers\ljznamkl.sys:changelist
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
< End of report >


Here is the Extra.txt Log

OTL Extras logfile created on: 11/02/09 15:46:03 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\jt\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.82% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 411.98 Gb Total Space | 242.23 Gb Free Space | 58.80% Space Free | Partition Type: NTFS
Drive D: | 53.08 Gb Total Space | 44.25 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
Drive E: | 4.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 625.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JT-PC
Current User Name: jt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004AFB1B-202C-4CE9-2F0A-AC2C254B7474}" = Catalyst Control Center Core Implementation
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F8BA4A0-40C2-5EDD-208E-44F9D99AF66A}" = ccc-utility
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12396D22-A3C5-BE0E-4BE9-40925B547124}" = Catalyst Control Center Localization French
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B0D089-0C76-1138-BF98-AA3764B95B3C}" = Catalyst Control Center Graphics Previews Vista
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{137A3487-27CB-46F6-8EE3-5EDEA0C9F87F}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{13AF861C-23DD-46E7-8833-E37420F0759A}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B9E9846-F9F9-108F-7101-3F04C1ECF7F4}" = CCC Help Norwegian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D1FCDD-FE3F-43D4-96D6-EDA0A8F633E7}_is1" = Sothink DHTML Menu 8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25E3424B-E50A-A739-E7BC-28D51257EB3D}" = Catalyst Control Center Localization Japanese
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B81D384-C464-A647-E0BC-2F0B0A259101}" = CCC Help Polish
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D9720C9-68DC-E26F-556C-0E187F7F75B5}" = Skins
"{2DBD54E4-60FF-5C22-8A4F-07CE91D4BCA9}" = CCC Help Czech
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{306583FF-1018-9418-5165-4323FE79297E}" = ccc-core-static
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}" = TurboTax 2008 wmoiper
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40ACD261-6346-22D6-9E35-7A0AF351A5A0}" = CCC Help Chinese Traditional
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{462D573C-5652-07A8-81BB-A6F06A8DF6D6}" = CCC Help Thai
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5121C4F9-BC62-4F47-B313-474A619E3813}" = Sprint SmartView
"{518CFBF4-6D36-3BD6-1261-4BB2E7B66592}" = Catalyst Control Center Localization Norwegian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5334052F-BCE7-09B0-760A-C07C0C95165A}" = CCC Help Chinese Standard
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5452824A-9D54-D448-7D83-A9F06BC82B08}" = Catalyst Control Center Localization Dutch
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B461F1-B9A6-A755-D44D-35B30265F55B}" = Catalyst Control Center Localization Turkish
"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B0DEC51-454B-7A22-1344-C0667D7EE297}" = Catalyst Control Center Localization Hungarian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}" = BlackBerry Device Software Updater
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68076F84-541F-A160-CA5A-5D495BC2774A}" = Catalyst Control Center Graphics Light
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F7A4C02-81A3-52CC-F146-BF341B6B6F66}" = CCC Help Italian
"{7000D045-5626-577C-37D7-4340CBDBF1F5}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73265757-21E0-F0B4-BA10-AE041A4D0A66}" = CCC Help Swedish
"{7376080E-7468-4E48-B2D6-475A75174E73}" = Effect3D Studio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77523838-39A6-CE90-A73B-83B78852D0BA}" = CCC Help French
"{77ABDB01-BB12-6C05-1FC7-1D000DD01BF2}" = CCC Help Portuguese
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D7FFF01-953A-DC52-F32A-043C7EA9DA8A}" = Catalyst Control Center Graphics Full Existing
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84610568-58EC-B9C7-604B-F336384CD41C}" = Catalyst Control Center Localization German
"{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87D3F51A-BB3B-6780-F5BD-B68085D7243E}" = Catalyst Control Center Localization Chinese Traditional
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B3ADA-8F72-ECEB-AD49-7DD1B2FDEAEA}" = Catalyst Control Center Localization Czech
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B119FA0-443D-992E-F390-0372263B4634}" = Catalyst Control Center Localization Polish
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F6497B5-8570-F8F5-0BC3-4EB466DF348C}" = Catalyst Control Center Graphics Full New
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C8F4D6-8479-C80D-9BD1-2EBAF6BF71E6}" = CCC Help Finnish
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{A56F5DFC-AB11-EE35-DBEC-DA491E31EB45}" = Catalyst Control Center Localization Italian
"{A6A8B5E4-60FE-EAAB-3A17-425979599B5D}" = Catalyst Control Center Localization Spanish
"{A7ED90ED-0FCF-1477-59C5-DEAFBF600A05}" = CCC Help Hungarian
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB152608-B0D3-46AF-A6D0-F34DD1C3F8ED}_is1" = iReceiver 1.5.3
"{AB1DC37B-800F-7DBD-ADC7-1F39F77B6139}" = Catalyst Control Center Localization Thai
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B038E6F8-412A-87C2-D629-130748480DB6}" = Catalyst Control Center Localization Portuguese
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7C328ED-447B-4881-A404-5778E3CD0BE4}" = CCC Help Dutch
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C121A2E8-0487-5CDD-7D2F-6F1E894ED570}" = CCC Help Japanese
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C4C5B527-1EB2-642C-A2A0-E3010F2B1ACC}" = CCC Help Korean
"{C4DDCEFB-BB7A-0743-9E0B-FA8F2FB9CD85}" = Catalyst Control Center Localization Russian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7CDD6EC-2144-4AA3-AEC8-4E4BE596A382}" = Catalyst Control Center Localization Swedish
"{C7D2A2C1-48A3-9DC3-A2EB-EF3C8EF4E1F0}" = CCC Help Turkish
"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{C8650C9A-F3DC-77F7-D162-AE15407A3F12}" = Catalyst Control Center Localization Chinese Standard
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C941DC8B-7DEE-B47D-233D-9921B74808E5}" = CCC Help Russian
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CF844630-B4B6-FD54-A983-D9CF69EE47D3}" = Catalyst Control Center Localization Greek
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7B3C832-1DEA-7F3A-1BF3-FE3661248DDC}" = Catalyst Control Center Localization Danish
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D947631B-933E-5F26-AB61-24EA0BF6BCD6}" = Catalyst Control Center Localization Korean
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E2DC4C9A-43CF-8F23-8EEA-2D0C76C96A2D}" = CCC Help Greek
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7FB56B1-F318-0AEF-8696-7C715219B190}" = Catalyst Control Center Localization Finnish
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA8B703F-43F2-9BC9-CE76-BB0E527F3DA6}" = CCC Help English
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}" = D1400_Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C2AD51-9F09-4B75-82EE-74DA80F708D8}" = Nitro PDF Professional
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F648E1F9-3835-46EA-44A6-0A7F13FB75D3}" = CCC Help Spanish
"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}" = D1400
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9283871-C040-488C-BD11-D0DC96BF39CE}" = NetObjects Fusion 11.0
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBEDF075-637E-8C96-9B2C-13B1B0F43F4C}" = CCC Help Danish
"{FC348F0A-7C7C-11D6-B34A-0050DA8F8110}" = KPG-44D
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Alligator Flash Designer 7" = Alligator Flash Designer 7 (7.0.7.3) Trial
"ATT-PRT22" = ATT-PRT22
"AVG8Uninstall" = AVG 8.5
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"BearShare Test" = BearShare Test
"BlackBerry_{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"CCleaner" = CCleaner (remove only)
"CoffeeCup Ad Producer" = CoffeeCup Ad Producer
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Google SiteMapper" = CoffeeCup Google SiteMapper
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"CoffeeCup Image Mapper" = CoffeeCup Image Mapper
"CoffeeCup MP3 Rip & Burn" = CoffeeCup MP3 Rip & Burn
"CoffeeCup RSS News Flash - Registered" = CoffeeCup RSS News Flash - Registered
"CoffeeCup Shopping Cart Creator 3.5.2278" = CoffeeCup Shopping Cart Creator
"CoffeeCup StyleSheet Maker" = CoffeeCup StyleSheet Maker
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered
"CoffeeCup Web Video Player - Registered" = CoffeeCup Web Video Player - Registered
"CoffeeCup Web Video Recorder" = CoffeeCup Web Video Recorder
"CoffeeCup Website Color Schemer" = CoffeeCup Website Color Schemer
"CoffeeCup Website Font 4.1" = CoffeeCup Website Font
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler (remove only)
"DiskAid_is1" = DiskAid 3.1
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2009" = Family Tree Maker 2009
"ffdshow_is1" = ffdshow [rev 1299] [2007-06-17]
"FileZilla Client" = FileZilla Client 3.2.8.1
"Free Audio Converter_is1" = Free Audio Converter version 1.1
"Free Audio Editor" = Free Audio Editor
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"IcoFX_is1" = IcoFX 1.6.4
"ImgBurn" = ImgBurn
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"iPod Access for Windows_is1" = iPod Access for Windows v4.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Pen Tablet Driver" = Pen Tablet
"PHPMaker6.0.0" = PHPMaker 6.0.0
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"Railroad Map 3.1_is1" = North American Railroad Map v 3.10
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"ST6UNST #1" = SRSFTP2
"ST6UNST #2" = SRSFTP2 (C:\Program Files\SRSFTP2\)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TurboTax 2008" = TurboTax 2008
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall Adobe ColdFusion 8" = Adobe ColdFusion 8
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xilisoft iPod Manager" = Xilisoft iPod Rip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1620325317-2913189182-4131943758-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"CoffeeCup Website Access Manager" = CoffeeCup Website Access Manager
"DialogDemo" = DialogDemo
"Tech Test Train" = Tech Test Train

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 03 November 2009 - 02:41 PM

Hi,



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\System32\drivers\ljznamkl.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 03 November 2009 - 06:45 PM

Unfortunately, both Jotti and Virustotal showed the file to be clean.

Neither one generated a log that i could open to copy/paste, just displayed the results but the Jotti page showed "Found Nothing" next to all the scans and the Virustotal page just had a - in the results column, which I assume means that it didn't find anything.

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:31 AM

Posted 04 November 2009 - 12:52 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
C:\Windows\System32\drivers\ljznamkl.sys

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 JTLaDue

JTLaDue
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 November 2009 - 04:40 PM

Ok, here is the log from ComboFix

ComboFix 09-10-30.01 - jt 11/04/09 12:46.4.2 - NTFSx86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2942.1438 [GMT -6:00]
Running from: c:\users\jt\Desktop\schrauber.exe
Command switches used :: c:\users\jt\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\jt\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 19:08 . 2009-11-04 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-04 19:08 . 2009-11-04 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-04 01:59 . 2009-11-04 01:59 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-03 04:37 . 2009-11-03 04:37 -------- d-----w- c:\users\jt\AppData\Roaming\MoveFab
2009-11-03 02:22 . 2009-11-03 02:22 -------- d-----w- c:\program files\DVDFab 6
2009-11-02 07:05 . 2009-11-02 07:05 -------- d-----w- C:\rsit
2009-11-02 02:54 . 2009-11-02 02:53 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 21:18 . 2009-11-04 19:08 -------- d-----w- c:\users\jt\AppData\Local\temp
2009-10-29 03:44 . 2009-10-29 03:47 -------- d-----w- c:\program files\CitruswareDemo
2009-10-29 03:42 . 2009-10-29 03:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-27 22:35 . 2009-10-27 22:35 -------- d-----w- C:\VundoFix Backups
2009-10-26 22:46 . 1997-01-16 06:00 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-10-26 22:46 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2009-10-25 13:02 . 2009-10-25 13:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 10:55 . 2009-10-25 11:20 -------- d-----w- c:\programdata\SecTaskMan
2009-10-25 10:55 . 2009-10-25 10:55 -------- d-----w- c:\program files\Security Task Manager
2009-10-25 10:12 . 2009-10-25 10:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 08:03 . 2009-10-25 13:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 08:02 . 2009-10-25 13:02 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\users\jt\AppData\Roaming\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 04:34 . 2009-10-25 04:34 -------- d-----w- c:\programdata\Malwarebytes
2009-10-25 04:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 22:49 . 2009-10-23 22:49 -------- d-----w- c:\program files\Trend Micro
2009-10-23 22:30 . 2009-10-23 22:30 -------- d-----w- c:\program files\ESET
2009-10-23 04:26 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-23 01:45 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-23 01:38 . 2009-10-23 01:38 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 01:37 . 2009-10-23 01:45 -------- d-----w- c:\programdata\Lavasoft
2009-10-23 01:37 . 2009-10-23 01:37 -------- d-----w- c:\program files\Lavasoft
2009-10-23 01:04 . 2009-10-23 01:04 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-23 01:03 . 2009-10-23 01:03 -------- d-----w- c:\programdata\XoftSpySE
2009-10-23 01:02 . 2009-10-23 01:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-22 11:23 . 2009-11-04 10:32 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-10-22 11:23 . 2009-10-22 11:22 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-10-22 11:22 . 2009-10-22 11:23 13160 ----a-w- c:\windows\system32\Upgrd.exe
2009-10-22 11:20 . 2009-10-25 15:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-10-22 11:19 . 2009-11-04 13:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\js
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\html
2009-10-21 17:26 . 2009-10-21 22:28 -------- d-----w- c:\windows\system32\css
2009-10-21 16:54 . 2009-10-21 16:54 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-20 22:46 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-20 22:46 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-20 22:46 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-20 22:46 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-20 22:46 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-10-20 22:46 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-20 22:46 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-20 22:46 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-20 22:46 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sierra Wireless
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Sprint
2009-10-20 15:43 . 2009-10-20 15:43 -------- d-----w- c:\program files\Novatel Wireless
2009-10-20 15:32 . 2009-10-20 15:32 -------- d-----w- c:\programdata\Sprint
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNS
2009-10-19 06:57 . 2009-10-19 06:57 -------- d-----w- c:\windows\MSSecurityNi
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\users\jt\AppData\Roaming\Win7codecs
2009-10-19 03:30 . 2009-10-19 03:30 -------- d-----w- c:\program files\Win7codecs
2009-10-19 03:29 . 2009-10-19 03:30 -------- d-----w- c:\programdata\Win7codecs
2009-10-18 15:55 . 2009-10-18 15:56 -------- d-----w- c:\users\jt\AppData\Roaming\Usingit
2009-10-18 15:49 . 2009-10-18 15:49 -------- d-----w- c:\program files\Selteco
2009-10-17 04:43 . 2009-10-17 04:43 -------- d-----w- c:\program files\Winamp
2009-10-17 04:27 . 2009-10-17 04:48 -------- d-----w- c:\users\jt\AppData\Local\GPUMonitor
2009-10-17 02:14 . 2009-10-17 02:14 -------- d-----w- c:\users\jt\AppData\Local\BuildAGadget Content
2009-10-17 02:12 . 2009-10-17 02:12 435200 ----a-w- c:\windows\system32\ipcoin.dll
2009-10-17 02:12 . 2009-10-17 02:12 25088 ----a-w- c:\windows\system32\drivers\point32k.sys
2009-10-16 15:26 . 2009-10-22 18:24 -------- d-----w- C:\FTP_Files
2009-10-16 15:24 . 2009-10-22 18:22 -------- d-----w- c:\program files\SRSFTP2
2009-10-16 15:24 . 2009-10-22 18:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- C:\InstallFTP
2009-10-15 03:32 . 2008-05-27 21:55 28672 ----a-w- c:\windows\system32\nnr.dll
2009-10-15 03:32 . 2008-05-27 21:55 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2009-10-15 03:32 . 2008-05-27 21:55 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-10-15 03:30 . 2009-10-15 03:30 -------- d-----w- c:\program files\NetObjects
2009-10-15 03:12 . 2009-10-15 03:12 -------- d-----w- C:\Garmin
2009-10-14 23:35 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 19:47 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:48 . 2005-07-01 20:52 -------- d-----w- c:\program files\BearShare Test
2009-10-13 15:36 . 2009-10-13 15:36 1036288 ----a-w- c:\windows\system32\VSFilter.dll
2009-10-12 23:13 . 2009-10-12 23:13 -------- d-----w- c:\users\jt\AppData\Roaming\WildTangent
2009-10-12 22:10 . 2009-10-14 17:25 -------- d-----w- c:\users\jt\AppData\Local\ElevatedDiagnostics
2009-10-09 12:55 . 2009-10-09 12:55 -------- d-----w- c:\program files\Windows XP Mode
2009-10-09 12:46 . 2009-10-09 22:05 -------- d-----r- c:\users\jt\Virtual Machines
2009-10-09 12:13 . 2009-07-22 21:53 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-09 12:12 . 2009-07-22 21:53 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-09 12:12 . 2009-07-22 21:53 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-09 12:12 . 2009-07-22 21:54 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-09 12:12 . 2009-07-22 21:54 293904 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-09 12:12 . 2009-07-22 21:53 2168320 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-09 12:12 . 2009-07-22 21:53 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-09 12:12 . 2009-07-22 21:53 1001984 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-09 12:12 . 2009-07-22 21:53 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-09 12:12 . 2009-07-22 21:53 792064 ----a-w- c:\windows\system32\vmsal.exe
2009-10-09 12:12 . 2009-07-22 21:53 3329024 ----a-w- c:\windows\system32\vpc.exe
2009-10-09 03:51 . 2009-10-09 02:29 -------- d-----w- c:\windows\Panther
2009-10-09 03:39 . 2009-10-09 02:11 -------- d-----w- C:\$WINDOWS.~Q
2009-10-09 03:21 . 2009-10-09 03:32 -------- d-----w- C:\$INPLACE.~TR
2009-10-09 03:04 . 2009-10-09 03:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-09 03:03 . 2009-10-09 03:03 -------- d-----w- c:\windows\PCHEALTH
2009-10-09 03:02 . 2009-11-04 10:36 129152 ----a-w- c:\users\jt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 02:41 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 02:29 . 2009-11-04 15:15 -------- d-----w- c:\windows\system32\wbem\Performance
2009-10-09 02:28 . 2009-10-09 02:28 -------- d-----w- C:\Recovery
2009-10-09 02:09 . 2009-10-09 02:09 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-09 00:56 . 2009-10-09 00:56 -------- d-----w- c:\windows\system32\RTCOM
2009-10-09 00:55 . 2009-10-09 00:55 -------- d-----w- c:\program files\Synaptics
2009-10-06 05:13 . 2009-10-06 05:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 15:15 . 2008-12-19 18:01 256 ----a-w- c:\windows\system32\pool.bin
2009-11-04 11:27 . 2009-08-26 16:23 -------- d-----w- c:\users\jt\AppData\Roaming\uTorrent
2009-11-04 10:35 . 2009-02-17 05:23 -------- d-----w- c:\users\jt\AppData\Roaming\WTablet
2009-11-03 04:13 . 2008-12-19 02:06 -------- d-----w- c:\users\jt\AppData\Roaming\FileZilla
2009-11-03 03:10 . 2009-08-05 21:15 -------- d-----w- c:\users\jt\AppData\Roaming\DVDFab
2009-11-03 02:23 . 2009-02-15 03:53 -------- d-----w- c:\users\jt\AppData\Roaming\Vso
2009-11-03 02:22 . 2009-02-15 03:53 47360 ----a-w- c:\users\jt\AppData\Roaming\pcouffin.sys
2009-11-01 22:54 . 2008-12-20 02:01 -------- d-----w- c:\program files\Starcraft
2009-10-29 03:42 . 2007-08-16 19:55 -------- d-----w- c:\programdata\McAfee
2009-10-27 04:08 . 2009-10-27 04:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-25 15:25 . 2009-01-16 20:58 -------- d-----w- c:\program files\f3setupinstall
2009-10-25 13:02 . 2008-12-15 04:28 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 13:02 . 2008-12-15 04:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-25 10:10 . 2007-08-16 19:58 -------- d-----w- c:\program files\Java
2009-10-25 08:02 . 2008-12-15 04:28 -------- d-----w- c:\programdata\avg8
2009-10-25 04:43 . 2009-09-30 19:51 -------- d-----w- c:\program files\Common Files\AVI
2009-10-23 01:05 . 2009-10-21 17:21 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-22 08:17 . 2008-12-14 22:36 -------- d-----w- c:\programdata\Microsoft Help
2009-10-22 08:09 . 2009-10-21 16:56 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-21 17:26 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-10-21 17:26 . 2009-10-21 17:26 -------- d-----w- c:\program files\Business Objects
2009-10-21 17:23 . 2008-12-15 06:03 -------- d-----w- c:\program files\Microsoft.NET
2009-10-21 17:20 . 2009-10-21 17:20 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-10-21 17:20 . 2009-10-21 17:19 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-10-21 17:18 . 2009-10-21 17:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-10-21 17:18 . 2009-04-15 21:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-21 17:06 . 2009-10-21 17:06 -------- d-----w- c:\programdata\PreEmptive Solutions
2009-10-21 16:59 . 2009-10-21 16:56 -------- d-----w- c:\program files\HTML Help Workshop
2009-10-21 16:59 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-21 16:56 . 2009-10-21 16:56 -------- d-----w- c:\program files\CE Remote Tools
2009-10-20 15:43 . 2009-01-06 04:03 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-18 04:00 . 2008-12-14 22:29 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-15 03:42 . 2007-08-16 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 20:51 . 2009-01-21 02:51 -------- d-----w- c:\program files\bearshare
2009-10-12 23:22 . 2007-08-16 20:15 -------- d-----w- c:\programdata\WildTangent
2009-10-12 22:18 . 2009-10-12 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-11 14:48 . 2009-06-06 13:51 -------- d-----w- c:\program files\ooVoo
2009-10-09 12:39 . 2009-10-09 12:39 -------- d-----w- c:\program files\Windows Virtual PC
2009-10-09 01:51 . 2009-08-06 03:26 -------- d-----w- c:\users\jt\AppData\Roaming\mojosoft
2009-10-09 01:21 . 2009-09-30 00:50 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 01:20 . 2009-01-24 17:19 -------- d-----w- c:\programdata\Intuit
2009-10-09 01:19 . 2007-08-16 20:01 -------- d-----w- c:\program files\Ulead Systems
2009-10-09 01:19 . 2009-01-24 17:18 -------- d-----w- c:\program files\TurboTax
2009-10-09 01:19 . 2007-08-16 19:43 -------- d-----w- c:\program files\Toshiba Registration
2009-10-09 01:19 . 2007-08-16 20:15 -------- d-----w- c:\program files\TOSHIBA Games
2009-10-09 01:17 . 2007-08-16 19:04 -------- d-----w- c:\program files\Toshiba
2009-10-09 01:16 . 2009-06-29 02:38 -------- d-----w- c:\program files\TeamViewer
2009-10-09 01:16 . 2009-02-17 05:19 -------- d-----w- c:\program files\Tablet
2009-10-09 01:16 . 2009-09-15 03:57 -------- d-----w- c:\program files\Symantec
2009-10-09 01:16 . 2008-12-14 22:30 -------- d-----w- c:\program files\SourceTec
2009-10-09 01:16 . 2009-05-29 15:14 -------- d-----r- c:\program files\Skype
2009-10-09 01:14 . 2009-01-28 17:20 -------- d-----w- c:\program files\MIKSOFT
2009-10-09 01:14 . 2009-02-08 14:50 -------- d-----w- c:\program files\Microsoft WSE
2009-10-09 01:14 . 2008-12-14 22:34 -------- d-----w- c:\program files\Microsoft Works
2009-10-09 01:14 . 2008-12-15 06:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-09 01:14 . 2008-12-16 02:12 -------- d-----w- c:\program files\Microsoft Streets & Trips
2009-10-09 01:14 . 2009-04-15 21:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-09 01:14 . 2008-12-19 01:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 01:12 . 2008-12-17 00:41 -------- d-----w- c:\program files\GPLGS
2009-10-09 01:11 . 2009-06-17 12:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-09 01:11 . 2008-12-15 14:19 -------- d-----w- c:\program files\Common Files\BCL Technologies
2009-10-09 01:11 . 2008-12-21 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-10-09 01:11 . 2009-01-24 17:25 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-10-09 01:11 . 2008-12-17 17:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:11 . 2007-08-16 19:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 01:07 . 2008-12-18 18:34 -------- d-----w- c:\program files\CoffeeCup Software
2009-10-09 00:59 . 2008-12-17 00:41 -------- d-----w- c:\program files\Acro Software
2009-10-09 00:55 . 2009-10-09 00:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-30 04:42 . 2009-09-30 04:42 200428 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-21 22:58 . 2009-09-21 22:58 1218048 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-15 02:10 . 2009-09-03 07:16 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-09-07 08:13 . 2009-09-07 08:13 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 12:17 . 2009-09-03 12:17 1421080 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 14:10 . 2009-08-17 14:07 121343 ----a-w- c:\windows\HPHins15.dat
2009-08-14 02:38 . 2009-08-14 02:36 2805203 ----a-w- C:\sprint32.zip
2009-08-11 10:55 . 2009-08-11 10:48 130542 ----a-w- c:\windows\HPHins13.dat
2009-01-21 00:48 . 2009-02-03 13:26 2826240 ----a-w- c:\program files\amtlib.dll
2009-01-21 00:48 . 2009-02-03 13:26 825 ----a-w- c:\program files\crack.bat
2002-08-01 01:55 . 2009-01-06 00:54 108 --sha-w- c:\windows\WSYS049.SYS
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-14 289072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-25 149280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-07 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/22/09 19:45 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [10/25/09 02:02 23832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/14/08 22:28 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/25/09 02:03 108552]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\System32\drivers\vpcnfltr.sys [10/09/09 06:12 55040]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\System32\drivers\vpcvmm.sys [10/09/09 06:12 293904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [07/13/09 17:52 48128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/25/09 07:02 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [10/25/09 07:02 1370488]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/08 05:45 13088]
R2 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/01/08 01:13 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [02/16/09 23:19 3032360]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/07/09 06:50 185640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [05/22/09 13:52 167936]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\System32\drivers\vpchbus.sys [10/09/09 06:12 165376]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\System32\drivers\vpcusb.sys [10/09/09 06:12 78336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/24/09 05:17 1179232]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [03/30/09 15:28 1533808]
S3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [07/07/08 13:45 124184]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [06/04/09 08:26 28672]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\System32\drivers\ser2at.sys [03/04/09 07:04 76288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [02/16/09 23:19 15144]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [02/21/07 17:26 151552]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [02/08/09 12:41 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [02/08/09 12:40 2743056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jt\AppData\Roaming\Mozilla\Firefox\Profiles\7wgrg9wt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:35,51,0f,57,dd,f1,fc,50,b4,0c,b6,a9,31,56,86,10,0c,ed,11,1b,c8,
24,4b,f4,d3,95,15,e4,ca,66,68,21,5a,04,c0,27,d4,a4,ce,36,46,26,a6,b6,0e,3d,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-11-04 13:13
ComboFix-quarantined-files.txt 2009-11-04 19:13
ComboFix2.txt 2009-11-04 18:31
ComboFix3.txt 2009-11-01 21:32
ComboFix4.txt 2009-11-01 19:15

Pre-Run: 256,507,232,256 bytes free
Post-Run: 256,195,686,400 bytes free

- - End Of File - - 898D205C9640804086B5FCF0CD249ECB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users