Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 SuperXero

SuperXero

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 14 January 2010 - 03:49 PM

Hey there. I, like many others, seem to have recently been infected with a worm that redirects web search results. I'm running Windows 7, and AVG is telling me that bfskul.com/loaderadv699.exe is a trojan in system32\svchost.exe.

Rootrepeal would not run as it seems to error when it starts, and displays some errors when attempting to scan. I attached the log that appears when it starts, called "rootrepeallog.txt" and it created a crash report, which I've attached as well.

I'm also currently running an OTL scan on all users as I post this.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Andrew at 15:38:12.44 on Thu 01/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3582.2216 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\e6rubk5l.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-25 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-12-25 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-25 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-25 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-25 360584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-14 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-14 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-1-14 2304192]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-14 17:52:48 524288 --sha-w- c:\users\andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
2010-01-14 17:52:47 65536 --sha-w- c:\users\andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TM.blf
2010-01-14 17:52:47 524288 --sha-w- c:\users\andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
2010-01-14 15:24:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-14 15:21:12 65536 --sha-w- c:\users\andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TM.blf
2010-01-14 15:21:12 524288 --sha-w- c:\users\andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000002.regtrans-ms
2010-01-14 15:21:12 524288 --sha-w- c:\users\andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000001.regtrans-ms
2010-01-14 15:14:14 65536 --sha-w- c:\users\andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TM.blf
2010-01-14 15:14:14 524288 --sha-w- c:\users\andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000002.regtrans-ms
2010-01-14 15:14:14 524288 --sha-w- c:\users\andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000001.regtrans-ms
2010-01-12 23:50:15 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 23:50:15 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-10 16:26:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-01-05 13:28:08 0 d-----w- c:\users\andrew\appdata\roaming\AVG9
2010-01-04 20:58:20 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-01-04 20:58:17 0 d-----w- c:\program files\Total Video Converter
2010-01-04 20:58:01 7662866 ----a-w- c:\users\andrew\appdata\roaming\tvcnew.exe
2010-01-04 20:55:02 0 d-----w- c:\program files\VideoLAN
2010-01-04 20:42:18 54318 ----a-w- c:\users\andrew\appdata\roaming\nvModes.dat
2010-01-04 20:41:43 0 d-----w- c:\programdata\NVIDIA
2010-01-04 20:38:57 753664 ----a-w- c:\windows\system32\nvcplui.exe
2010-01-04 20:38:57 413696 ----a-w- c:\windows\system32\nvcpl.cpl
2010-01-04 20:38:57 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2010-01-04 20:38:57 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2010-01-04 20:37:10 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-04 20:35:14 0 d-----w- c:\windows\system32\vmm32
2010-01-04 20:35:14 0 d-----w- c:\program files\Dell
2010-01-02 21:22:31 0 d-----w- c:\programdata\CyberLink
2010-01-02 20:23:30 0 d-----w- c:\programdata\Temp
2010-01-02 19:32:18 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-02 19:31:26 0 d-----w- c:\users\andrew\appdata\roaming\DAEMON Tools Lite
2010-01-02 19:31:18 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-01-02 19:25:27 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-01-02 19:25:27 0 d-----w- c:\program files\DAEMON Tools Pro
2010-01-02 19:22:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 19:21:47 0 d-----w- c:\users\andrew\appdata\roaming\DAEMON Tools Pro
2010-01-02 03:09:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-02 03:02:12 0 d-----w- c:\windows\ehome
2010-01-02 03:02:07 0 d-----w- c:\program files\Windows Portable Devices
2010-01-02 03:02:07 0 d-----w- c:\program files\DVD Maker
2010-01-02 02:21:55 488448 ----a-w- c:\windows\system32\evr.dll
2010-01-02 01:58:21 0 d-----w- c:\programdata\FLEXnet
2009-12-31 17:41:06 0 d-----w- c:\programdata\vsosdk
2009-12-31 16:47:10 87608 ----a-w- c:\users\andrew\appdata\roaming\inst.exe
2009-12-31 16:47:10 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-31 16:47:10 47360 ----a-w- c:\users\andrew\appdata\roaming\pcouffin.sys
2009-12-31 16:46:55 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-12-31 16:46:55 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-12-31 16:46:55 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-12-31 16:46:55 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-12-31 16:46:55 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-12-31 16:46:54 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-12-31 16:46:54 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-12-31 16:46:48 0 d-----w- c:\program files\VSO
2009-12-31 05:04:05 0 d-----w- c:\programdata\Adobe
2009-12-31 05:03:34 0 d-----w- c:\programdata\NOS
2009-12-28 23:13:32 0 d-----w- c:\program files\Stanza
2009-12-28 16:33:23 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-28 16:33:23 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-28 16:32:54 0 d-----w- c:\program files\iPod
2009-12-28 16:32:53 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 16:32:53 0 d-----w- c:\program files\iTunes
2009-12-28 16:32:27 0 d-----w- c:\program files\Bonjour
2009-12-28 16:32:06 0 d-----w- c:\programdata\Apple Computer
2009-12-28 16:31:15 0 d-----w- c:\programdata\Apple
2009-12-28 16:11:11 65536 --sha-w- c:\users\andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TM.blf
2009-12-28 16:11:11 524288 --sha-w- c:\users\andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
2009-12-28 16:11:11 524288 --sha-w- c:\users\andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
2009-12-27 06:35:19 137499215 ----a-w- c:\windows\MEMORY.DMP
2009-12-25 11:37:00 0 d-----w- C:\$AVG
2009-12-25 11:36:58 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-25 11:36:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-25 11:36:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-25 11:36:51 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-25 11:36:35 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-12-25 11:36:35 0 d-----w- c:\program files\AVG
2009-12-25 11:36:34 0 d-----w- c:\programdata\avg9
2009-12-25 11:35:39 0 d-sh--w- c:\windows\Installer
2009-12-25 10:56:35 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-12-25 10:56:35 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-12-25 10:56:12 13160 ----a-w- c:\windows\system32\Upgrd.exe
2009-12-25 04:24:44 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-25 04:23:57 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-25 01:30:50 781312 ----a-w- c:\windows\system32\RGSS102J.dll
2009-12-25 01:30:50 778752 ----a-w- c:\windows\system32\RGSS102E.dll
2009-12-25 01:30:50 771584 ----a-w- c:\windows\system32\RGSS100J.dll
2009-12-24 08:23:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-24 08:21:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-12-24 08:20:38 0 d-----w- c:\windows\Panther
2009-12-24 08:20:25 8192 --sha-r- C:\BOOTSECT.BAK
2009-12-24 08:05:16 0 d-----w- C:\Windows.old
2009-12-24 08:01:58 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-24 08:01:55 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-24 08:01:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-24 08:01:54 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-24 08:01:54 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-24 08:01:54 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-24 08:01:54 2613248 ----a-w- c:\windows\explorer.exe
2009-12-24 06:04:06 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-12-24 05:51:21 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI

==================== Find3M ====================

2009-11-03 00:51:14 9728 ----a-w- c:\windows\system32\wceprv.dll
2009-10-21 16:45:04 33792 ----a-w- c:\windows\system32\identprv.dll
2009-07-14 04:54:36 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:54:36 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:54:36 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:54:36 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:08:58 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:38:57.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SuperXero

SuperXero
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 14 January 2010 - 03:52 PM

And here are the results of the OTL scan.

OTL logfile created on: 1/14/2010 3:48:19 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Andrew\Desktop
Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.00 Gb Total Space | 1.20 Gb Free Space | 0.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.16 Gb Free Space | 51.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREWSLAPTOP
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 15:32:05 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2010/01/14 13:01:27 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/12/27 09:23:32 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/27 09:23:31 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/27 09:23:31 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/27 09:23:30 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/27 09:23:29 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/27 09:23:28 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/25 06:36:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/12/25 06:36:42 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/12/25 05:56:11 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/02 22:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:12 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/04/17 11:01:12 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/09 17:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (SafeList) ==========

MOD - [2010/01/14 15:32:05 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
MOD - [2009/12/27 09:23:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/14 13:01:27 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/27 09:23:30 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/25 06:36:43 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/25 05:56:11 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/17 11:01:12 | 00,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


========== Driver Services (SafeList) ==========

DRV - [2010/01/02 14:32:48 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/31 11:47:10 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/12/27 09:23:31 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/27 09:23:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/25 06:36:58 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/12/25 06:36:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/25 06:36:35 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:53 | 00,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 01,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/10/10 17:03:00 | 00,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 05:49:00 | 07,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/05 10:45:04 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A DF 5C D6 5B 92 CA 01 [binary data]
IE - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001\S-1-5-21-2668486948-3513151309-3926282236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001\S-1-5-21-2668486948-3513151309-3926282236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/14 12:50:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/31 00:01:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 12:01:24 | 00,000,000 | ---D | M]

[2009/12/24 01:11:21 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2010/01/01 22:50:29 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\e6rubk5l.default\extensions
[2009/12/31 00:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (857 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2668486948-3513151309-3926282236-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ee6a4fb-f7d6-11de-87d1-00219bd4484f}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee6a4fb-f7d6-11de-87d1-00219bd4484f}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 15:39:47 | 00,472,064 | ---- | C] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2010/01/14 15:32:04 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/01/14 10:24:43 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/12 18:50:15 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 18:50:15 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/05 08:28:08 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\AVG9
[2010/01/04 15:58:20 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2010/01/04 15:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2010/01/04 15:58:01 | 07,662,866 | ---- | C] (EffectMatrix Inc. ) -- C:\Users\Andrew\AppData\Roaming\tvcnew.exe
[2010/01/04 15:55:02 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/01/04 15:41:43 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/01/04 15:38:57 | 01,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/01/04 15:38:57 | 00,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010/01/04 15:38:57 | 00,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010/01/04 15:38:57 | 00,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010/01/04 15:37:10 | 00,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010/01/04 15:37:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/01/04 15:36:52 | 03,629,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvsr.dll
[2010/01/04 15:36:52 | 02,441,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwssr.dll
[2010/01/04 15:36:52 | 02,363,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll
[2010/01/04 15:36:52 | 01,500,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/01/04 15:36:51 | 06,889,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/01/04 15:36:51 | 03,547,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll
[2010/01/04 15:36:51 | 02,854,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmoblsr.dll
[2010/01/04 15:36:51 | 01,146,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll
[2010/01/04 15:36:51 | 00,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010/01/04 15:36:51 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010/01/04 15:36:50 | 07,620,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/01/04 15:36:50 | 03,166,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgamesr.dll
[2010/01/04 15:36:50 | 00,458,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccssr.dll
[2010/01/04 15:36:50 | 00,229,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccs.dll
[2010/01/04 15:36:50 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll
[2010/01/04 15:36:50 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010/01/04 15:36:50 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll
[2010/01/04 15:36:50 | 00,045,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccsrs.dll
[2010/01/04 15:36:49 | 05,509,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispsr.dll
[2010/01/04 15:36:49 | 03,325,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll
[2010/01/04 15:36:48 | 06,340,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll
[2010/01/04 15:36:48 | 04,943,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/01/04 15:36:46 | 08,497,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010/01/04 15:36:46 | 00,521,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/01/04 15:36:46 | 00,364,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/01/04 15:36:46 | 00,147,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcolor.exe
[2010/01/04 15:36:46 | 00,036,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod100.dll
[2010/01/04 15:36:46 | 00,036,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/01/04 15:35:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2010/01/04 15:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/01/02 21:57:06 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\EVERYTHING
[2010/01/02 16:22:44 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\CyberLink
[2010/01/02 16:22:37 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\CyberLink
[2010/01/02 16:22:31 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/01/02 15:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010/01/02 15:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/01/02 15:23:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/01/02 14:32:18 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/02 14:31:26 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2010/01/02 14:31:18 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/01/02 14:25:27 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/01/02 14:25:27 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010/01/02 14:21:47 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Pro
[2010/01/01 22:09:02 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/01/01 22:02:12 | 00,000,000 | ---D | C] -- C:\Windows\ehome
[2010/01/01 22:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/01/01 22:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/01/01 22:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2010/01/01 21:22:59 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WmpDui.dll
[2010/01/01 21:22:49 | 00,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/01/01 21:22:49 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/01/01 21:22:49 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/01/01 21:22:48 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/01/01 21:22:41 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2010/01/01 21:22:35 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfh264enc.dll
[2010/01/01 21:22:35 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfdvdec.dll
[2010/01/01 21:22:35 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfAACEnc.dll
[2010/01/01 21:22:35 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmjpegdec.dll
[2010/01/01 21:22:35 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/01/01 21:22:31 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/01/01 21:22:31 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/01/01 21:22:30 | 00,237,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/01/01 21:22:30 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdmlog.dll
[2010/01/01 21:22:29 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2010/01/01 21:22:24 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/01/01 21:22:12 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2010/01/01 21:22:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmerror.dll
[2010/01/01 21:22:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/01/01 21:22:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/01/01 21:22:10 | 00,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/01/01 21:22:10 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2010/01/01 21:22:10 | 00,064,000 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/01/01 21:22:10 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/01/01 21:22:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysprepMCE.dll
[2010/01/01 21:22:09 | 00,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/01/01 21:22:09 | 00,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/01/01 21:22:08 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2010/01/01 21:22:08 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010/01/01 21:22:08 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2010/01/01 21:22:08 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2010/01/01 21:22:08 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/01/01 21:22:08 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcsrchPH.dll
[2010/01/01 21:22:08 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmcodecdspps.dll
[2010/01/01 21:22:08 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsPbdaCoInst.dll
[2010/01/01 21:22:08 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdmps.dll
[2010/01/01 21:22:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/01/01 21:22:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/01/01 21:22:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/01/01 21:22:06 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2010/01/01 21:22:06 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2010/01/01 21:22:05 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/01/01 21:22:05 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2010/01/01 21:22:05 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/01/01 21:22:04 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2010/01/01 21:21:55 | 01,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/01/01 21:21:55 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/01/01 21:21:55 | 00,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/01/01 21:21:55 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/01/01 21:21:55 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2010/01/01 21:21:55 | 00,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/01/01 21:21:55 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2010/01/01 21:21:55 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2010/01/01 21:21:55 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2010/01/01 21:21:54 | 00,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/01/01 21:21:53 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2010/01/01 21:21:50 | 00,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/01/01 21:21:50 | 00,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/01/01 21:21:50 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/01/01 21:21:50 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/01/01 21:21:50 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2010/01/01 21:21:50 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/01/01 21:21:49 | 00,986,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/01/01 21:21:49 | 00,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/01/01 21:21:49 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/01/01 21:21:49 | 00,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010/01/01 21:21:49 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/01/01 21:21:49 | 00,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2010/01/01 21:21:49 | 00,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/01/01 21:21:49 | 00,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2010/01/01 21:21:49 | 00,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/01/01 21:21:49 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2010/01/01 21:21:49 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2010/01/01 21:21:49 | 00,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2010/01/01 21:21:48 | 03,177,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/01/01 21:21:48 | 00,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2010/01/01 21:21:48 | 00,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2010/01/01 21:21:47 | 01,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/01/01 21:21:47 | 01,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/01/01 21:21:47 | 01,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2010/01/01 21:21:47 | 00,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2010/01/01 21:21:47 | 00,812,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2010/01/01 21:21:47 | 00,664,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/01/01 21:21:47 | 00,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/01/01 21:21:47 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2010/01/01 21:21:46 | 02,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/01/01 21:21:46 | 01,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2010/01/01 21:21:46 | 00,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2010/01/01 21:21:45 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/01/01 20:59:09 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Adobe
[2010/01/01 20:58:21 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/01/01 20:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/12/31 15:44:07 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Homeland Security
[2009/12/31 15:44:07 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Computer Science
[2009/12/31 12:41:06 | 00,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2009/12/31 11:56:01 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\ConvertXToDVD
[2009/12/31 11:47:10 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/12/31 11:47:10 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Andrew\AppData\Roaming\pcouffin.sys
[2009/12/31 11:47:09 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Documents\PcSetup
[2009/12/31 11:46:55 | 00,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2009/12/31 11:46:55 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2009/12/31 11:46:55 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2009/12/31 11:46:55 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2009/12/31 11:46:55 | 00,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2009/12/31 11:46:55 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2009/12/31 11:46:54 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2009/12/31 11:46:54 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/12/31 11:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/12/31 00:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/31 00:04:11 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/31 00:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/31 00:04:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/12/31 00:03:48 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Adobe
[2009/12/31 00:03:34 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/12/31 00:01:08 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Diagnostics
[2009/12/28 18:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\Stanza
[2009/12/28 18:13:29 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/28 18:13:29 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/28 18:13:29 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/28 18:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/12/28 18:12:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/12/28 11:33:45 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Apple Computer
[2009/12/28 11:33:45 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple Computer
[2009/12/28 11:33:23 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/12/28 11:33:23 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/12/28 11:33:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/28 11:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/28 11:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/28 11:32:53 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/28 11:32:27 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/28 11:32:06 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/28 11:32:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/12/28 11:31:59 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple
[2009/12/28 11:31:58 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/28 11:31:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/12/28 11:31:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/27 01:27:11 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
[2009/12/27 01:15:46 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/25 06:37:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/12/25 06:36:58 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/12/25 06:36:57 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/12/25 06:36:53 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/12/25 06:36:52 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/12/25 06:36:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/12/25 06:36:35 | 00,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/12/25 06:36:35 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/25 06:36:34 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/12/25 06:35:39 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/12/25 06:24:34 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\WinRAR
[2009/12/25 05:56:35 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/12/25 05:56:35 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/12/25 05:56:12 | 00,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2009/12/24 23:23:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/12/24 20:29:42 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Vso
[2009/12/24 20:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/12/24 03:25:16 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/24 03:23:08 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/12/24 03:20:38 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/24 03:05:16 | 00,000,000 | ---D | C] -- C:\Windows.old
[2009/12/24 03:01:57 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/24 03:01:55 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/12/24 03:01:54 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/12/24 03:01:54 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/12/24 03:01:54 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/12/24 03:01:54 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/12/24 01:57:23 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Macromedia
[2009/12/24 01:57:23 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Adobe
[2009/12/24 01:57:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/12/24 01:11:13 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Mozilla
[2009/12/24 01:11:13 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Mozilla
[2009/12/24 01:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/12/24 01:04:06 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/12/24 00:52:48 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Searches
[2009/12/24 00:52:41 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Identities
[2009/12/24 00:52:40 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Contacts
[2009/12/24 00:52:34 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\VirtualStore
[2009/12/24 00:52:31 | 00,000,000 | --SD | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Videos
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Saved Games
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Pictures
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Music
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Links
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Favorites
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Downloads
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Documents
[2009/12/24 00:52:31 | 00,000,000 | R--D | C] -- C:\Users\Andrew\Desktop
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Temporary Internet Files
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Templates
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Start Menu
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\SendTo
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Recent
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\PrintHood
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\NetHood
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Videos
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Pictures
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Documents\My Music
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\My Documents
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Local Settings
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\History
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Cookies
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\Application Data
[2009/12/24 00:52:31 | 00,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\Application Data
[2009/12/24 00:52:31 | 00,000,000 | -H-D | C] -- C:\Users\Andrew\AppData
[2009/12/24 00:52:31 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Temp
[2009/12/24 00:52:31 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft
[2009/12/24 00:52:17 | 00,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2049/12/31 15:00:00 | 00,781,312 | ---- | M] () -- C:\Windows\System32\RGSS102J.dll
[2049/12/31 15:00:00 | 00,778,752 | ---- | M] () -- C:\Windows\System32\RGSS102E.dll
[2049/12/31 15:00:00 | 00,771,584 | ---- | M] () -- C:\Windows\System32\RGSS100J.dll
[2010/01/14 15:50:17 | 01,572,864 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
[2010/01/14 15:44:31 | 00,188,905 | ---- | M] () -- C:\Users\Andrew\Desktop\RootRepeal.dmp
[2010/01/14 15:41:03 | 00,000,000 | ---- | M] () -- C:\Users\Andrew\Desktop\settings.dat
[2010/01/14 15:39:48 | 00,472,064 | ---- | M] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2010/01/14 15:32:05 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/01/14 15:10:11 | 00,524,288 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/01/14 13:00:38 | 00,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 13:00:38 | 00,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 13:00:01 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/14 13:00:01 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/14 13:00:01 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/14 12:56:44 | 00,557,283 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/01/14 12:56:43 | 47,843,427 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/14 12:56:30 | 00,139,535 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/14 12:53:14 | 00,054,318 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
[2010/01/14 12:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 12:52:47 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 12:52:47 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TM.blf
[2010/01/14 12:52:37 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/01/14 12:52:37 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/01/14 12:52:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/14 12:52:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/14 12:52:11 | 28,170,48576 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 12:52:07 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/01/14 12:47:58 | 01,001,388 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
[2010/01/14 10:30:15 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TM.blf
[2010/01/14 10:30:14 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 10:30:14 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 10:14:14 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 10:14:14 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 10:14:14 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TM.blf
[2010/01/12 16:09:59 | 00,001,041 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\vso_ts_preview.xml
[2010/01/12 15:49:08 | 00,054,318 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
[2010/01/10 11:27:09 | 00,063,040 | ---- | M] () -- C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/10 11:26:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/01/10 10:59:48 | 02,210,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/04 15:58:01 | 07,662,866 | ---- | M] (EffectMatrix Inc. ) -- C:\Users\Andrew\AppData\Roaming\tvcnew.exe
[2010/01/02 18:15:37 | 00,117,217 | ---- | M] () -- C:\Users\Andrew\Documents\OWA.pds
[2010/01/02 14:32:48 | 00,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/31 11:47:10 | 00,087,608 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\inst.exe
[2009/12/31 11:47:10 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/12/31 11:47:10 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\Andrew\AppData\Roaming\pcouffin.sys
[2009/12/31 11:47:10 | 00,007,887 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.cat
[2009/12/31 11:47:10 | 00,001,144 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.inf
[2009/12/31 00:05:04 | 00,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/28 11:33:39 | 00,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/28 11:32:12 | 00,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/12/28 11:11:11 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 11:11:11 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 11:11:11 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TM.blf
[2009/12/27 09:23:31 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/12/27 09:23:31 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/12/27 09:23:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/12/27 01:35:19 | 13,749,9215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/25 06:37:00 | 00,001,818 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/12/25 06:36:58 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/12/25 06:36:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/12/25 06:36:52 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/12/25 06:36:51 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/12/25 06:36:51 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/12/25 06:36:35 | 00,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2009/12/25 05:56:16 | 00,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2009/12/25 05:56:11 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/12/24 23:23:45 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/24 23:23:45 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/24 23:23:45 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/24 03:26:07 | 00,038,517 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/12/24 03:20:25 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/12/24 00:52:31 | 00,000,020 | -HS- | M] () -- C:\Users\Andrew\ntuser.ini

========== Files Created - No Company Name ==========

[2010/01/14 15:44:31 | 00,188,905 | ---- | C] () -- C:\Users\Andrew\Desktop\RootRepeal.dmp
[2010/01/14 15:41:03 | 00,000,000 | ---- | C] () -- C:\Users\Andrew\Desktop\settings.dat
[2010/01/14 15:10:10 | 00,524,288 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/01/14 12:52:48 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 12:52:47 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 12:52:47 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{cd4a6071-0121-11df-9336-00219bd4484f}.TM.blf
[2010/01/14 10:21:12 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 10:21:12 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 10:21:12 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{adecfe7c-011f-11df-8f93-c47cb84aaf0e}.TM.blf
[2010/01/14 10:14:14 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000002.regtrans-ms
[2010/01/14 10:14:14 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 10:14:14 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{953018fa-011e-11df-803b-c5337c80ce0e}.TM.blf
[2010/01/10 11:26:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/01/04 15:42:42 | 00,054,318 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
[2010/01/04 15:42:18 | 00,054,318 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
[2010/01/04 15:36:52 | 00,017,331 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2010/01/04 15:36:48 | 00,006,457 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010/01/04 15:36:46 | 00,134,059 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2010/01/02 18:00:08 | 00,117,217 | ---- | C] () -- C:\Users\Andrew\Documents\OWA.pds
[2010/01/02 14:22:12 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/01/01 21:21:55 | 00,316,640 | ---- | C] () -- C:\Windows\WMSysPr9.prx
[2009/12/31 11:48:19 | 00,000,034 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.log
[2009/12/31 11:47:10 | 00,087,608 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\inst.exe
[2009/12/31 11:47:10 | 00,007,887 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.cat
[2009/12/31 11:47:10 | 00,001,144 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.inf
[2009/12/31 00:05:04 | 00,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/28 11:33:39 | 00,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/28 11:32:12 | 00,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/12/28 11:11:11 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 11:11:11 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 11:11:11 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{e883dd18-f2af-11de-99de-00219bd4484f}.TM.blf
[2009/12/27 01:35:19 | 13,749,9215 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/25 06:37:00 | 00,001,818 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/12/25 06:36:52 | 00,557,283 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2009/12/25 06:36:52 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/12/25 06:36:51 | 47,843,427 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/25 06:36:51 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/12/25 06:36:51 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/12/25 06:36:51 | 00,139,535 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/24 20:30:50 | 00,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2009/12/24 20:30:50 | 00,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2009/12/24 20:30:50 | 00,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2009/12/24 20:29:42 | 00,001,041 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\vso_ts_preview.xml
[2009/12/24 03:23:07 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009/12/24 03:21:27 | 28,170,48576 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/24 03:21:24 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2009/12/24 03:20:25 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/12/24 00:52:31 | 01,572,864 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat
[2009/12/24 00:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/24 00:52:31 | 00,524,288 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/24 00:52:31 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/24 00:52:31 | 00,000,020 | -HS- | C] () -- C:\Users\Andrew\ntuser.ini
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/05/06 19:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
< End of report >


And now Extras.txt...

OTL Extras logfile created on: 1/14/2010 3:48:19 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Andrew\Desktop
Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.00 Gb Total Space | 1.20 Gb Free Space | 0.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.16 Gb Free Space | 51.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREWSLAPTOP
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2668486948-3513151309-3926282236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"AVG9Uninstall" = AVG 9.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Stanza" = Stanza
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 08113
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2010 11:01:40 AM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 11:25:18 AM | Computer Name = AndrewsLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000000b8 Faulting process id: 0x56c Faulting application
start time: 0x01ca952d307ae876 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 051c3495-0121-11df-a0d3-00219bd4484f

Error - 1/14/2010 11:26:48 AM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 11:26:49 AM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 1:47:37 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 1:56:44 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8194
Description =

Error - 1/14/2010 1:56:44 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 1:56:45 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 2:01:32 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

Error - 1/14/2010 2:01:33 PM | Computer Name = AndrewsLaptop | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:49 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/14/2010 11:16:57 AM | Computer Name = AndrewsLaptop | Source = DCOM | ID = 10005
Description =

Error - 1/14/2010 11:25:27 AM | Computer Name = AndrewsLaptop | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/14/2010 1:47:11 PM | Computer Name = AndrewsLaptop | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >



Thanks in advance for all the help.
SuperXero

#3 SuperXero

SuperXero
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 15 January 2010 - 12:43 PM

A simple use of ComboFix has fixed this problem. This topic may be closed, thank you.

SuperXero

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 AM

Posted 15 January 2010 - 07:42 PM

Since this topic appears to be resolved, I will now close it. Thanks for lettings us know.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users