Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and other random redirects/ browser highjack


  • This topic is locked This topic is locked
23 replies to this topic

#1 jm503

jm503

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 August 2010 - 05:20 AM

I have seen some posts that are somewhat similar, but mine has a little bit more to it. I get the Google search result redirects; which I close the new tab and click the search result again and it works. But I also get random redirects/ highjacks taking me to a few sites, videocop it takes me to the most, Google analytics is the other. Norton, Spybot S&D, superantispyware and malwarebytes all did not help me. I was reading some other posts and they were talking about getting DDS reports and RKUnhooker reports and also MBRCheck reports. So hopefully I am getting rid of a step here by adding all that info...


DDS Report


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 2:05:03.43 on Sun 08/15/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1136 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jason\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jason\Desktop\1st step\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jason\Desktop\1st step\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
uRun: [cdloader] "c:\users\jason\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
StartupFolder: c:\users\jason\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///D:/components/hidinputmonitorx.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///D:/components/A9.ocx
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} - file:///D:/components/wmvhdrating.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\l8ubfanj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\jason\appdata\roaming\mozilla\firefox\profiles\l8ubfanj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jason\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100813.004\IDSvix86.sys [2010-8-13 344112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-4 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-4 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-4 102448]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-3-4 48688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-7 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-6-26 32256]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

=============== Created Last 30 ================

2010-08-15 09:03:44 0 ----a-w- c:\users\jason\defogger_reenable
2010-08-13 10:01:42 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-13 08:22:49 0 d-----w- c:\programdata\Microsoft Help
2010-08-13 08:03:04 0 d-----w- c:\program files\PowerISO
2010-08-09 08:01:25 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-09 07:29:52 77312 ----a-w- c:\windows\MBR.exe
2010-08-09 07:29:50 98816 ----a-w- c:\windows\sed.exe
2010-08-09 07:29:50 256512 ----a-w- c:\windows\PEV.exe
2010-08-09 07:29:50 161792 ----a-w- c:\windows\SWREG.exe
2010-08-08 09:17:01 0 d-----w- c:\users\jason\appdata\roaming\Adobe Mini Bridge CS5
2010-08-08 09:17:00 0 d-----w- c:\users\jason\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-08 08:20:10 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-04 10:20:11 1096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-04 07:19:28 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-04 07:19:28 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 06:56:40 0 d-----w- c:\users\jason\appdata\roaming\IrfanView
2010-07-23 07:11:12 0 d-----w- c:\program files\iPod
2010-07-23 07:11:10 0 d-----w- c:\program files\iTunes
2010-07-21 07:37:59 0 d-----w- c:\program files\WinSCP
2010-07-16 20:42:59 0 d-----w- c:\users\jason\.shsh

==================== Find3M ====================

2010-08-13 21:54:03 122812 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 05:27:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47:21 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:06:37.50 ===============


RKUnhook...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90C24000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11567104 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 197.45 )
0x82C1A000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C1A000 PnpManager 4259840 bytes
0x82C1A000 RAW 4259840 bytes
0x82C1A000 WMIxWDM 4259840 bytes
0x98120000 Win32k 2400256 bytes
0x98120000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA9014000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100814.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8EA32000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x88E1A000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8FE28000 C:\Windows\system32\DRIVERS\athr.sys 1232896 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x90018000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x9172E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88CF6000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x9011B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x832E4000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x98F47000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98E02000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8DF6D000 C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x83211000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8338F000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8DEF1000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8DE6A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x88F87000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E495000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8DE12000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100813.004\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA54BF000 C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xA546E000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x91E85000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA541F000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88CA7000 C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x98000000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F739000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8F6C0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88AD7000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88A28000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88C12000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x89132000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FF98000 C:\Windows\system32\DRIVERS\Rt86win7.sys 282624 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x91E30000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8F60F000 C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x832A2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E5AA000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8903E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88DAD000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98ED5000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FF5F000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8302A000 ACPI_HAL 225280 bytes
0x91F78000 C:\Windows\System32\Drivers\dump_nvstor32.sys 225280 bytes
0x8302A000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88B83000 C:\Windows\system32\DRIVERS\nvstor32.sys 225280 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x88C62000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F785000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8E419000 C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x890CA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E4EF000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EB7B000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA91B1000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x91ED5000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89085000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88F49000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA5533000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88A8C000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8910D000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88BBA000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xA9175000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8E44D000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x88B56000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x98EB2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8FE00000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8EBD7000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F651000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x891CA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA5512000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x89191000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F71A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E528000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x983B0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DEC8000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x91E00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98F10000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F7DE000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x98E87000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91F04000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8DF55000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F684000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8FFDD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x901DD000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90000000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F7B9000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8EBAC000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0xA91E2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x91F3D000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x91F27000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x88B37000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8E480000 C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xA9160000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100814.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xA9000000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x91FDB000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88F74000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8E400000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E56F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90C0D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8F672000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x98EA0000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x890FC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91FAF000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88C96000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91E74000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88AB6000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83289000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E547000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x91E1B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x890B2000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8DE00000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E582000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88AC7000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F70B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8DFE8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E561000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8901B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88B29000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88FE4000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8E59C000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8E472000 C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x8F7D0000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83200000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90C00000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91F61000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F69C000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x901D0000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8F6A9000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x98FE8000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA91A4000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x891EB000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8DEE5000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x891BE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x91FD0000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91F56000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0xA555D000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89010000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x917F4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EBC3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88A81000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91F6E000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x91F1D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88B79000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E5F5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E5EB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8F600000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x8DFF6000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x8FFF5000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x98FDE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E592000 C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xA919A000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x8F6B6000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8FF55000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x88C59000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA55C7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88B4D000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA5414000 C:\Windows\system32\DRIVERS\dc3d.sys 36864 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x88FF2000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA5568000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8E558000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x98380000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88E00000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8EBCE000 C:\Windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x917EB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x88A70000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8329A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x890C2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88A79000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x901F5000 C:\Windows\system32\DRIVERS\nvoclock.sys 32768 bytes (NVIDIA Corp., NVIDIA System Utility Driver)
0x891F8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89000000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x89008000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8907D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x98FF5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x891B7000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91FC9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA91F9000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x891B0000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88B22000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E521000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x917E5000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x98F43000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x9172C000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 197.45 )
0x90C1F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91F54000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xA5587F2E Unknown thread object [ ETHREAD 0x882DD020 ] , 600 bytes


[indent=1]
MBRCheck...

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: eMachines
System Product Name: ET1641-02w
Logical Drives Mask: 0x00000dfc

Kernel Drivers (total 223):
0x82C1A000 \SystemRoot\system32\ntkrnlpa.exe
0x8302A000 \SystemRoot\system32\halmacpi.dll
0x80BCA000 \SystemRoot\system32\kdcom.dll
0x83211000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83289000 \SystemRoot\system32\PSHED.dll
0x8329A000 \SystemRoot\system32\BOOTVID.dll
0x832A2000 \SystemRoot\system32\CLFS.SYS
0x832E4000 \SystemRoot\system32\CI.dll
0x8338F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88A28000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88A70000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88A79000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88A81000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88A8C000 \SystemRoot\system32\DRIVERS\pci.sys
0x88AB6000 \SystemRoot\System32\drivers\partmgr.sys
0x88AC7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88AD7000 \SystemRoot\System32\drivers\volmgrx.sys
0x88B22000 \SystemRoot\system32\DRIVERS\pciide.sys
0x88B29000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88B37000 \SystemRoot\System32\drivers\mountmgr.sys
0x88B4D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88B56000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88B79000 \SystemRoot\system32\DRIVERS\msahci.sys
0x88B83000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x88C12000 \SystemRoot\system32\DRIVERS\storport.sys
0x88C59000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88C62000 \SystemRoot\system32\drivers\fltmgr.sys
0x88C96000 \SystemRoot\system32\drivers\fileinfo.sys
0x88CA7000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x88E1A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F49000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F74000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88F87000 \SystemRoot\System32\Drivers\cng.sys
0x88FE4000 \SystemRoot\System32\drivers\pcw.sys
0x88FF2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88CF6000 \SystemRoot\system32\drivers\ndis.sys
0x88DAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x88BBA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88E00000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8903E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8907D000 \SystemRoot\System32\Drivers\spldr.sys
0x89085000 \SystemRoot\System32\drivers\rdyboost.sys
0x890B2000 \SystemRoot\System32\Drivers\mup.sys
0x890C2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x890CA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x890FC000 \SystemRoot\system32\DRIVERS\disk.sys
0x8910D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89191000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x891B0000 \SystemRoot\System32\Drivers\Null.SYS
0x891B7000 \SystemRoot\System32\Drivers\Beep.SYS
0x891BE000 \SystemRoot\System32\drivers\vga.sys
0x891CA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x891EB000 \SystemRoot\System32\drivers\watchdog.sys
0x891F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89000000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89008000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89010000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8901B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EA32000 \SystemRoot\System32\drivers\tcpip.sys
0x8EB7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EBAC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EBC3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E419000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x8E44D000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E472000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x8E480000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x8E495000 \SystemRoot\system32\drivers\afd.sys
0x8E4EF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E521000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E528000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E547000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E558000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8E561000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E56F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E582000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E592000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x8E59C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8E5AA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E5EB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E5F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DE12000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100813.004\IDSvix86.sys
0x8DE6A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8DEC8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8DEE5000 \SystemRoot\System32\drivers\discache.sys
0x8DEF1000 \SystemRoot\system32\drivers\csc.sys
0x8DF55000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DF6D000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x8DFE8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F60F000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x8F651000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F672000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F684000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F69C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F6A9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F6B6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F6C0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F70B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F71A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F739000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8F785000 \SystemRoot\system32\DRIVERS\ks.sys
0x90018000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9011B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x901D0000 \SystemRoot\system32\drivers\modem.sys
0x8FE28000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FF55000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90C24000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9172C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9172E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FF5F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FF98000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x917E5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x917EB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90C00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90C0D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x917F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x901DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F7B9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FFF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90C1F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x901F5000 \SystemRoot\system32\DRIVERS\nvoclock.sys
0x8F7D0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91E30000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91E74000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91E85000 \SystemRoot\system32\drivers\HdAudio.sys
0x91ED5000 \SystemRoot\system32\drivers\portcls.sys
0x91F04000 \SystemRoot\system32\drivers\drmk.sys
0x98120000 \SystemRoot\System32\win32k.sys
0x91F1D000 \SystemRoot\System32\drivers\Dxapi.sys
0x91F27000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x91F3D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91F54000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91F56000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91F61000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91F6E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x91F78000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x91FAF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91FC9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91FD0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91FDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x98380000 \SystemRoot\System32\TSDDD.dll
0x983B0000 \SystemRoot\System32\cdd.dll
0x98000000 \SystemRoot\System32\ATMFD.DLL
0x91E00000 \SystemRoot\system32\drivers\luafv.sys
0x8F7DE000 \SystemRoot\system32\drivers\WudfPf.sys
0x91E1B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x89132000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F600000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x8DFF6000 \SystemRoot\system32\DRIVERS\purendis.sys
0x8E400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8EBCE000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x98E02000 \SystemRoot\system32\drivers\HTTP.sys
0x98E87000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98EA0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98EB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98ED5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98F10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98F43000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x98F47000 \SystemRoot\system32\drivers\peauth.sys
0x98FDE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8EBD7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98FE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98FF5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA541F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA546E000 \SystemRoot\System32\DRIVERS\srv.sys
0xA54BF000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xA9175000 \SystemRoot\System32\drivers\rdpdr.sys
0xA919A000 \SystemRoot\system32\drivers\tdtcp.sys
0xA91A4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA91B1000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA5512000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA91E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9000000 \SystemRoot\system32\drivers\usbaudio.sys
0xA5533000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA55C7000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA9014000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100814.002\NAVEX15.SYS
0xA9160000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100814.002\NAVENG.SYS
0xA5414000 \SystemRoot\system32\DRIVERS\dc3d.sys
0xA91F9000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xA555D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77C70000 \Windows\System32\ntdll.dll
0x48140000 \Windows\System32\smss.exe
0x77EB0000 \Windows\System32\apisetschema.dll
0x00E70000 \Windows\System32\autochk.exe
0x77E60000 \Windows\System32\ws2_32.dll
0x77A70000 \Windows\System32\iertutil.dll
0x77E50000 \Windows\System32\normaliz.dll
0x77930000 \Windows\System32\urlmon.dll
0x77DF0000 \Windows\System32\difxapi.dll
0x777D0000 \Windows\System32\ole32.dll
0x77DD0000 \Windows\System32\sechost.dll
0x77720000 \Windows\System32\msvcrt.dll
0x77DC0000 \Windows\System32\psapi.dll
0x77640000 \Windows\System32\kernel32.dll
0x775B0000 \Windows\System32\oleaut32.dll
0x77520000 \Windows\System32\clbcatq.dll
0x77420000 \Windows\System32\wininet.dll
0x773C0000 \Windows\System32\shlwapi.dll
0x77220000 \Windows\System32\setupapi.dll
0x77DB0000 \Windows\System32\lpk.dll
0x77200000 \Windows\System32\imm32.dll
0x771B0000 \Windows\System32\Wldap32.dll
0x77160000 \Windows\System32\gdi32.dll
0x77090000 \Windows\System32\msctf.dll
0x76FC0000 \Windows\System32\user32.dll
0x76F40000 \Windows\System32\comdlg32.dll
0x76E90000 \Windows\System32\rpcrt4.dll
0x76E80000 \Windows\System32\nsi.dll
0x76DE0000 \Windows\System32\usp10.dll
0x76DB0000 \Windows\System32\imagehlp.dll
0x76160000 \Windows\System32\shell32.dll
0x760C0000 \Windows\System32\advapi32.dll
0x76030000 \Windows\System32\comctl32.dll
0x75FE0000 \Windows\System32\KernelBase.dll
0x75FB0000 \Windows\System32\wintrust.dll
0x75E90000 \Windows\System32\crypt32.dll
0x75E70000 \Windows\System32\devobj.dll
0x75E40000 \Windows\System32\cfgmgr32.dll
0x75E30000 \Windows\System32\msasn1.dll

Processes (total 56):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
448 csrss.exe
516 C:\Windows\System32\wininit.exe
528 csrss.exe
580 C:\Windows\System32\winlogon.exe
608 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\nvvsvc.exe
1348 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\spoolsv.exe
1552 C:\Windows\System32\svchost.exe
1644 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1680 C:\Program Files\Bonjour\mDNSResponder.exe
1748 C:\Windows\System32\svchost.exe
1832 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
1888 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
108 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
1988 C:\Windows\System32\svchost.exe
2188 C:\Windows\System32\dwm.exe
2248 C:\Windows\explorer.exe
2256 C:\Windows\System32\taskhost.exe
2596 C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
2608 C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
2644 C:\Windows\System32\svchost.exe
2692 C:\Windows\System32\drivers\XAudio.exe
2752 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3032 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3448 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3524 C:\Program Files\iTunes\iTunesHelper.exe
3812 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
3836 C:\Program Files\PowerISO\PWRISOVM.EXE
3700 C:\Windows\System32\SearchIndexer.exe
3772 C:\Program Files\iPod\bin\iPodService.exe
2240 C:\Windows\System32\svchost.exe
4460 WUDFHost.exe
4544 C:\Windows\System32\svchost.exe
4748 C:\Program Files\Windows Media Player\wmpnetwk.exe
3520 C:\Users\Jason\AppData\Roaming\mjusbsp\magicJack.exe
5208 C:\Windows\System32\audiodg.exe
2900 C:\Windows\System32\notepad.exe
4788 C:\Users\Jason\Desktop\1st step\Defogger.exe
5704 C:\Windows\System32\conhost.exe
5436 taskhost.exe
5004 C:\Users\Jason\Desktop\1st step\MBRCheck.exe
5868 C:\Windows\System32\conhost.exe
4152 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Also if recommending Combofix next, it doesn't work for me even running in 2000 or XP compatibility modes. Thanks and hopefully someone can help me.

Edited by Blade Zephon, 15 August 2010 - 05:22 AM.
Move to Log Forum. ~BZ


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:50 AM

Posted 21 August 2010 - 02:34 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 August 2010 - 12:38 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 22:16:23.10 on Mon 08/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.853 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Jason\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\explorer.exe
C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jason\Desktop\1st step\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jason\Desktop\1\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [cdloader] "c:\users\jason\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\jason\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///D:/components/hidinputmonitorx.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///D:/components/A9.ocx
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} - file:///D:/components/wmvhdrating.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\l8ubfanj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\jason\appdata\roaming\mozilla\firefox\profiles\l8ubfanj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jason\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-4 310320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-18 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-18 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-18 243024]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100820.001\IDSvix86.sys [2010-8-20 344112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-18 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-18 308136]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-4 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-4 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-4 102448]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-3-4 48688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-7 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-18 431432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-6-26 32256]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

=============== Created Last 30 ================

2010-08-18 20:34:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-18 20:34:16 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-18 20:34:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-18 20:33:59 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-18 20:33:48 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-18 20:28:08 0 d-----w- c:\programdata\avg9
2010-08-18 19:34:22 382340822 ----a-w- c:\windows\MEMORY.DMP
2010-08-18 07:49:30 0 d-----w- c:\program files\Runtime Software
2010-08-15 09:53:10 0 d-----w- c:\program files\AVG
2010-08-15 09:03:44 0 ----a-w- c:\users\jason\defogger_reenable
2010-08-13 10:01:42 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-13 08:22:49 0 d-----w- c:\programdata\Microsoft Help
2010-08-13 08:03:04 0 d-----w- c:\program files\PowerISO
2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-09 08:01:25 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-09 07:29:52 77312 ----a-w- c:\windows\MBR.exe
2010-08-09 07:29:50 98816 ----a-w- c:\windows\sed.exe
2010-08-09 07:29:50 256512 ----a-w- c:\windows\PEV.exe
2010-08-09 07:29:50 161792 ----a-w- c:\windows\SWREG.exe
2010-08-08 09:17:01 0 d-----w- c:\users\jason\appdata\roaming\Adobe Mini Bridge CS5
2010-08-08 09:17:00 0 d-----w- c:\users\jason\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-08 08:20:10 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-04 10:20:11 1096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-04 07:19:28 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-04 07:19:28 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 06:56:40 0 d-----w- c:\users\jason\appdata\roaming\IrfanView

==================== Find3M ====================

2010-08-13 21:54:03 122812 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 05:27:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:17:53.01 ===============



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 22:37:38
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Jason\AppData\Local\Temp\pglcypog.sys


---- System - GMER 1.0.15 ----

SSDT 8672C568 ZwAlertResumeThread
SSDT 867CEF50 ZwAlertThread
SSDT 86897D28 ZwAllocateVirtualMemory
SSDT 85EE6BC8 ZwAlpcConnectPort
SSDT 86802550 ZwAssignProcessToJobObject
SSDT 868AEAC0 ZwCreateMutant
SSDT 868B5AF8 ZwCreateSymbolicLinkObject
SSDT 86877528 ZwCreateThread
SSDT 868B5008 ZwCreateThreadEx
SSDT 8681EA90 ZwDebugActiveProcess
SSDT 86897F40 ZwDuplicateObject
SSDT 86897688 ZwFreeVirtualMemory
SSDT 867AC750 ZwImpersonateAnonymousToken
SSDT 867C9D90 ZwImpersonateThread
SSDT 85EA8720 ZwLoadDriver
SSDT 86897528 ZwMapViewOfSection
SSDT 8681CAD0 ZwOpenEvent
SSDT 86896268 ZwOpenProcess
SSDT 867697A0 ZwOpenProcessToken
SSDT 86800E90 ZwOpenSection
SSDT 86896118 ZwOpenThread
SSDT 868B3830 ZwProtectVirtualMemory
SSDT 867694D0 ZwResumeThread
SSDT 867ABC10 ZwSetContextThread
SSDT 86897290 ZwSetInformationProcess
SSDT 8681DE10 ZwSetSystemInformation
SSDT 86818A60 ZwSuspendProcess
SSDT 867EF7D0 ZwSuspendThread
SSDT 8677FEC8 ZwTerminateProcess
SSDT 8677AA00 ZwTerminateThread
SSDT 867AB298 ZwUnmapViewOfSection
SSDT 86897A18 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E253F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0E2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E251DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E256F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E25F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E261A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E85599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82EB1734 8 Bytes [68, C5, 72, 86, 50, EF, 7C, ...] {PUSH 0x508672c5; OUT DX, EAX; JL 0xffffffffffffff8e}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB174C 4 Bytes [28, 7D, 89, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82EB1758 4 Bytes [C8, 6B, EE, 85] {ENTER 0xee6b, 0x85}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82EB17AC 4 Bytes [50, 25, 80, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82EB1828 4 Bytes JMP C116868A
.text ...
.text peauth.sys 9DE30C9D 1 Byte [04]
.text peauth.sys 9DE30C9D 28 Bytes [04, 27, 34, 76, E7, DB, 13, ...]
.text peauth.sys 9DE30CC1 1 Byte [04]
.text peauth.sys 9DE30CC1 28 Bytes [04, 27, 34, 76, E7, DB, 13, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[6976] ntdll.dll!LdrLoadDll 77D2F625 5 Bytes JMP 01AC003A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000064 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x09 0x79 0xE7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x09 0x79 0xE7 ...

---- EOF - GMER 1.0.15 ----


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 26 August 2010 - 02:07 PM

Hi jm503,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1
  1. Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
  2. Ensure Firefox browser is closed.
  3. Double click on it (XP), or right-click and select Run As Administrator (Vista).
  4. When prompted to run the scan, click Yes.
  5. GooredFix will check for infections, and then a log named GooredFix.txt should appear on your desktop . Please post the contents of that log in your next reply.


Step2
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  6. Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.GooredFix.txt
2.OTListIt.txt and Extra.txt

Tell me which browser gets you random redirects. Thanks

#5 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 01:28 AM

Alright here is the requested info. I get mainly highjacks in Firefox 3.6.8. My biggest problem is with Google Chrome, I get it all there.


GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:11 on 26/08/2010 (Jason)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:01 03/01/2010]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [05:18 02/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [22:44 27/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [05:27 27/07/2010]

C:\Users\Jason\Application Data\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\
{340c2bbc-ce74-4362-90b5-7c26312808ef} [02:12 17/08/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [22:30 21/08/2010]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [08:36 03/08/2010]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [06:03 27/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" [03:03 15/04/2010]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [09:53 15/08/2010]
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [20:33 18/08/2010]

---------- Old Logs ----------
GooredFix[06.10.55_27-08-2010].txt

-=E.O.F=-


OTL logfile created on: 8/26/2010 11:13:27 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jason\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 11.63 Gb Free Space | 4.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON-PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2010/08/18 13:33:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/18 13:33:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/18 13:33:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/18 13:33:01 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/18 13:32:47 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/15 06:39:40 | 022,533,520 | ---- | M] (magicJack L.P.) -- C:\Users\Jason\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/11/06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/02/24 05:32:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/13 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.023\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/28 12:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100826.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/03/03 20:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/03 20:19:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/03 20:19:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/03 20:19:51 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/03 20:19:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/03 20:19:51 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/03 20:19:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/03 20:19:51 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/03 20:19:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/03 20:19:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/05 18:10:15 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 17:43:32 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/16 20:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/22 16:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 52 2A 00 0B 59 CA 01 [binary data]
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/14 20:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/18 13:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/18 13:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]

[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/26 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions
[2010/08/16 19:12:11 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/21 15:30:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/03 01:36:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/26 23:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/26 23:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:44:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 22:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/26 22:27:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/13 12:02:24 | 000,415,912 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [cdloader] C:\Users\Jason\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 23:10:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\GooredFix Backups
[2010/08/26 23:07:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:06:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/25 01:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/23 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/08/23 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1
[2010/08/20 11:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Drive C backup
[2010/08/20 00:26:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/19 23:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\AVG Security Toolbar
[2010/08/18 13:34:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:16 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/18 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/18 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/18 12:34:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/18 01:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gmer
[2010/08/18 00:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/15 02:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/15 02:48:57 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Jason\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/15 02:31:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/15 01:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1st step
[2010/08/15 01:57:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2nd step
[2010/08/13 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/13 01:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/13 01:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/13 01:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft Help
[2010/08/13 01:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/13 01:21:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/13 01:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WORD
[2010/08/13 01:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/13 01:02:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\POWER ISO 4.7
[2010/08/09 01:01:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2010/08/09 00:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:29:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:29:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:24:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 00:23:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\TDSSKILLER
[2010/08/08 02:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
[2010/08/08 02:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/08 01:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Theme
[2010/08/08 01:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/08 01:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Adobe Photoshop CS5 Extended Edition
[2010/08/04 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Anti
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/24 23:56:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2010/07/23 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 00:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 00:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/07/21 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ram defrag
[2010/07/21 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ipod
[2010/07/16 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\.shsh
[2010/07/10 05:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/02 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2010/07/02 02:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Boogerman
[2010/06/26 11:51:06 | 000,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2010/06/26 11:51:06 | 000,032,256 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2010/06/26 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Symantec
[2010/06/25 03:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/25 00:00:05 | 000,000,000 | ---D | C] -- C:\7989eaf3dbd17347a140
[2010/06/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/06/18 00:25:09 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/18 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PMB Files
[2010/06/18 00:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/18 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/09 00:21:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WoW Documents
[2010/06/09 00:21:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Nancy Drew
[2010/06/08 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\AnyDVDHD
[2010/06/04 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/11/05 17:43:32 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\ezplay.sys
[2009/11/05 17:43:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/26 23:19:21 | 006,553,600 | -HS- | M] () -- C:\Users\Jason\ntuser.dat
[2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:07:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/26 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/26 22:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001UA.job
[2010/08/26 21:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001Core.job
[2010/08/26 19:52:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 17:37:03 | 063,989,774 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/25 20:51:40 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 20:51:40 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 02:59:32 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/25 02:49:07 | 000,000,955 | ---- | M] () -- C:\Users\Jason\Desktop\magicJack.lnk
[2010/08/25 02:13:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 02:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 02:13:21 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 02:11:26 | 003,373,395 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/08/20 00:59:33 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/08/20 00:56:12 | 000,089,651 | ---- | M] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/20 00:26:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:34:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:27 | 001,870,163 | ---- | M] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/16 09:08:40 | 000,064,392 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 03:23:02 | 003,655,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/15 02:49:00 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Jason\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/15 02:29:26 | 003,817,397 | ---- | M] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:09 | 000,133,632 | ---- | M] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:09 | 000,634,998 | ---- | M] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 23:45:56 | 000,006,337 | ---- | M] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/13 23:45:55 | 000,008,348 | ---- | M] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/13 23:45:55 | 000,004,593 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/13 14:54:03 | 000,122,812 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/13 12:02:24 | 000,415,912 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/13 03:07:58 | 000,027,486 | ---- | M] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | M] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 02:37:15 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-120224.backup
[2010/08/13 02:35:42 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023715.backup
[2010/08/13 02:22:15 | 000,051,244 | ---- | M] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/12 13:27:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2010/08/12 13:27:55 | 000,000,026 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023542.backup
[2010/08/10 00:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/09 22:55:54 | 000,026,126 | ---- | M] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:26 | 000,005,549 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 01:21:26 | 002,132,383 | ---- | M] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:53:36 | 000,000,244 | ---- | M] () -- C:\Windows\system.ini
[2010/08/08 02:13:23 | 000,001,131 | ---- | M] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/06 00:12:05 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 00:12:05 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 00:12:05 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 09:32:03 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/03 14:28:05 | 001,219,088 | ---- | M] () -- C:\Users\Jason\Desktop\Papa and Lucas 8 15 08.jpg
[2010/08/03 14:28:05 | 000,961,443 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0320.JPG.jpg
[2010/08/03 14:28:04 | 000,919,598 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0319.JPG.jpg
[2010/08/03 14:23:31 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/08/03 14:23:31 | 000,059,012 | ---- | M] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/08/03 14:23:31 | 000,023,082 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/08/03 14:22:51 | 000,075,170 | ---- | M] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100807-143644.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-015807.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-012652.backup
[2010/07/30 02:39:17 | 000,002,503 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/26 00:14:31 | 000,001,188 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 00:05:28 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/21 00:38:03 | 000,001,713 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:06:49 | 002,977,792 | ---- | M] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/10 05:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/10 05:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/09 22:04:28 | 001,609,320 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/07/09 22:03:54 | 001,495,560 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 00:21:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/07/07 13:57:57 | 000,001,829 | ---- | M] () -- C:\Users\Jason\Desktop\Defraggler.lnk
[2010/06/26 23:56:33 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/18 23:47:45 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/18 00:29:52 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | M] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/08 02:01:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/06/07 19:39:40 | 000,058,873 | ---- | M] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/05 03:42:26 | 000,001,797 | ---- | M] () -- C:\Users\Jason\Desktop\CCleaner.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/20 00:56:11 | 000,089,651 | ---- | C] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/18 13:34:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:00 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 13:33:59 | 063,989,774 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:14 | 001,870,163 | ---- | C] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/15 02:29:18 | 003,817,397 | ---- | C] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:07 | 000,133,632 | ---- | C] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:03 | 000,634,998 | ---- | C] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 03:07:58 | 000,027,486 | ---- | C] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | C] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 00:56:03 | 000,051,244 | ---- | C] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/09 23:59:18 | 000,008,348 | ---- | C] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/09 22:55:50 | 000,026,126 | ---- | C] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:24 | 000,005,549 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 02:26:24 | 000,004,593 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/09 01:21:17 | 002,132,383 | ---- | C] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:29:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:29:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:29:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:29:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:29:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 02:13:23 | 000,001,131 | ---- | C] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/08 02:02:44 | 000,006,337 | ---- | C] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/08 01:52:46 | 000,000,132 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/05 23:27:15 | 001,609,320 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/08/05 23:27:15 | 001,495,560 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/08/05 23:27:14 | 000,437,072 | ---- | C] () -- C:\Users\Jason\Desktop\21052107.JPG
[2010/08/04 03:20:11 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 13:45:13 | 000,075,170 | ---- | C] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/07/21 00:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/07/21 00:38:03 | 000,001,713 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:08:05 | 000,002,862 | ---- | C] () -- C:\Users\Jason\umbrella0.log
[2010/07/16 01:06:37 | 002,977,792 | ---- | C] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/01 14:05:25 | 016,098,368 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas Walking.AVI
[2010/06/26 23:56:33 | 000,000,312 | ---- | C] () -- C:\Users\Jason\Desktop\Curse Client.appref-ms
[2010/06/26 23:56:33 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 11:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/06/18 19:02:53 | 000,023,082 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/06/18 00:29:52 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | C] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/07 19:39:39 | 000,058,873 | ---- | C] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/07 13:26:00 | 000,059,012 | ---- | C] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/06/07 13:25:24 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/06/04 13:01:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/02 03:27:55 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/02/02 00:02:12 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2009/12/25 13:06:46 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/28 12:31:07 | 000,007,597 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2009/11/18 17:19:37 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 17:44:01 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.log
[2009/11/05 17:43:32 | 000,007,861 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.cat
[2009/11/05 17:43:32 | 000,001,104 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.inf
[2009/11/05 17:43:32 | 000,000,125 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.ini
[2009/11/05 17:43:31 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
[2009/11/05 17:43:04 | 000,007,887 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2009/11/05 17:43:04 | 000,001,144 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2009/10/29 15:46:31 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/13 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2010/01/01 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/31 01:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FreeFLVConverter
[2010/06/09 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GHISLER
[2010/04/03 04:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
[2010/06/09 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hardcore
[2009/11/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/07/26 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2009/11/05 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2010/06/18 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/08/25 02:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\mjusbsp
[2009/11/28 11:59:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Opera
[2009/11/04 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Songbird2
[2010/08/08 02:17:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/08 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeamViewer
[2009/10/29 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
[2009/11/05 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Vso
[2009/11/13 22:51:05 | 000,024,156 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 8/26/2010 11:13:27 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jason\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 11.63 Gb Free Space | 4.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASON-PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010/08/23 22:13:30 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010/08/23 22:13:30 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24328842-A29C-4FEA-81D3-1929D3A7F1AE}" = Nancy Drew: Legend of the Crystal Skull
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2702B8FC-6003-4AC6-ADBC-EC65746D800A}" = Lost Via Domus
"{3B304631-1355-4A32-BEA0-494DEFB3506D}" = Nancy Drew: The Final Scene
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60D8CA34-642C-476F-AB4E-94DECCAEED69}" = The White Wolf of Icicle Creek
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7335B542-4A03-412F-8731-77585B023936}" = Cisco Network Magic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.12 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"Boogerman_is1" = Boogerman
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Handbrake" = Handbrake 0.9.4
"ImgBurn" = ImgBurn
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Minefield (3.7a1pre)" = Minefield (3.7a1pre)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"N360" = Norton Security Suite
"Nancy Drew: Stay Tuned For Danger" = Nancy Drew: Stay Tuned For Danger
"Network MagicUninstall" = Network Magic
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"RAM_Defrag" = RAM Defrag (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.89
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.8
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2010 3:42:06 PM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/19/2010 3:42:06 PM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/19/2010 3:42:06 PM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/19/2010 3:42:06 PM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/20/2010 4:30:01 AM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/20/2010 4:30:14 AM | Computer Name = Jason-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\runtime
software\driveimage xml\vss64.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/20/2010 4:32:38 AM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program dixml.exe version 2.1.4.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1e88 Start Time:
01cb40421b96dc90 Termination Time: 22 Application Path: C:\Program Files\Runtime
Software\DriveImage XML\dixml.exe Report Id: 7648d121-ac35-11df-8fd0-002197339f8d


Error - 8/23/2010 1:11:19 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 18d0 Start Time:
01cb42e59148c340 Termination Time: 14 Application Path: C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 64b95cd1-aed9-11df-8fd0-002197339f8d

Error - 8/24/2010 1:44:32 AM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: aa8 Start
Time: 01cb3f0c89f37b80 Termination Time: 426 Application Path: C:\Windows\Explorer.EXE

Report
Id: 9a5e5521-af42-11df-8fd0-002197339f8d

Error - 8/25/2010 4:58:45 AM | Computer Name = Jason-PC | Source = MsiInstaller | ID = 10005
Description =

[ Media Center Events ]
Error - 12/17/2009 3:19:01 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 12/17/2009 3:19:13 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 12/17/2009 3:19:24 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 12/17/2009 3:19:43 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 6/30/2010 3:59:58 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

[ System Events ]
Error - 8/4/2010 12:52:18 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:48:47 AM on ?8/?4/?2010 was unexpected.

Error - 8/9/2010 3:32:47 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 8/9/2010 3:33:22 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7034
Description = The XAudioService service terminated unexpectedly. It has done this
1 time(s).

Error - 8/9/2010 3:33:57 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/9/2010 3:53:23 AM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/14/2010 1:39:55 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/18/2010 8:34:34 AM | Computer Name = Jason-PC | Source = DCOM | ID = 10010
Description =

Error - 8/18/2010 3:34:31 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:32:20 PM on ?8/?18/?2010 was unexpected.

Error - 8/18/2010 3:34:41 PM | Computer Name = Jason-PC | Source = BugCheck | ID = 1001
Description =

Error - 8/24/2010 1:46:42 AM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:44:52 PM on ?8/?23/?2010 was unexpected.


< End of report >


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 27 August 2010 - 02:01 AM

Hi jm503,



Step1

  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    CODE
    :OTL
    IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

    :Commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Perform the following tasks after resetting your router.

1.Click the start button and navigate to the command prompt (Start > All Programs > Accessories > Command Prompt)
2.Make sure that you right click on the command prompt application and choose "Run as Administrator"
3.Type in the command "ipconfig /flushdns" and press Enter. Restart your pc.

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .



In your next reply, please post back:

1.OTL delete log and a brand new OTL log
2.MBAM log

Let me know if you have any remaining issues on your pc.

#7 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 04:13 AM

Yes still have redirects, and redirect popups. Here is the requested info


All processes killed
========== OTL ==========
HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\S-1-5-21-3927500952-2604454239-3189536853-1001_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3927500952-2604454239-3189536853-1001_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 2822314 bytes
->Temporary Internet Files folder emptied: 35517071 bytes
->Java cache emptied: 65113402 bytes
->FireFox cache emptied: 31632414 bytes
->Google Chrome cache emptied: 333139014 bytes
->Apple Safari cache emptied: 11702272 bytes
->Flash cache emptied: 109538 bytes

User: Mcx1-JASON-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: Mcx2-JASON-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 475149 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 3611094524 bytes

Total Files Cleaned = 3,902.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08272010_005322

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETDC4A.tmp not found!

Registry entries deleted on Reboot...



OTL logfile created on: 8/27/2010 2:06:14 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jason\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 15.67 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.33% Space Free | Partition Type: FAT
Drive L: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JASON-PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2010/08/18 13:33:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/18 13:33:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/18 13:33:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/18 13:33:01 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/18 13:32:47 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/12 22:59:39 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Jason\AppData\Local\Apps\2.0\7Z85NEYZ.P6L\E4ZD23DV.KBY\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
PRC - [2010/08/05 22:45:33 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/05 22:45:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/11/06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/02/24 05:32:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/13 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.023\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/28 12:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100826.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/03/03 20:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/03 20:19:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/03 20:19:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/03 20:19:51 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/03 20:19:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/03 20:19:51 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/03 20:19:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/03 20:19:51 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/03 20:19:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/03 20:19:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/05 18:10:15 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 17:43:32 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/16 20:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/22 16:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 52 2A 00 0B 59 CA 01 [binary data]
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/14 20:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/18 13:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/18 13:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]

[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/26 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions
[2010/08/16 19:12:11 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/21 15:30:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/03 01:36:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/26 23:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/27 01:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:44:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 22:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/26 22:27:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/27 00:53:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [cdloader] C:\Users\Jason\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - L:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,016,158 | R--- | M] () - L:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,000,308 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - L:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 01:18:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/27 01:18:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/27 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 00:53:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 23:10:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\GooredFix Backups
[2010/08/26 23:07:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:06:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/25 01:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/23 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/08/23 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1
[2010/08/20 11:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Drive C backup
[2010/08/20 00:26:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/19 23:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\AVG Security Toolbar
[2010/08/18 13:34:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:16 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/18 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/18 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/18 12:34:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/18 01:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gmer
[2010/08/18 00:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/15 02:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/15 02:31:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/15 01:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1st step
[2010/08/15 01:57:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2nd step
[2010/08/13 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/13 01:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/13 01:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/13 01:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft Help
[2010/08/13 01:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/13 01:21:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/13 01:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WORD
[2010/08/13 01:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/13 01:02:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\POWER ISO 4.7
[2010/08/09 01:01:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2010/08/09 00:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:29:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:29:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:24:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 00:23:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\TDSSKILLER
[2010/08/08 02:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
[2010/08/08 02:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/08 01:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Theme
[2010/08/08 01:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/08 01:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Adobe Photoshop CS5 Extended Edition
[2010/08/04 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Anti
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/24 23:56:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2010/07/23 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 00:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 00:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/07/21 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ram defrag
[2010/07/21 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ipod
[2010/07/16 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\.shsh
[2010/07/10 05:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/02 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2010/07/02 02:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Boogerman
[2010/06/26 11:51:06 | 000,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2010/06/26 11:51:06 | 000,032,256 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2010/06/26 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Symantec
[2010/06/25 03:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/25 00:00:05 | 000,000,000 | ---D | C] -- C:\7989eaf3dbd17347a140
[2010/06/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/06/18 00:25:09 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/18 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PMB Files
[2010/06/18 00:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/18 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/09 00:21:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WoW Documents
[2010/06/09 00:21:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Nancy Drew
[2010/06/08 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\AnyDVDHD
[2010/06/04 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/11/05 17:43:32 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\ezplay.sys
[2009/11/05 17:43:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/27 02:08:15 | 006,553,600 | -HS- | M] () -- C:\Users\Jason\ntuser.dat
[2010/08/27 01:59:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 01:59:31 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 01:52:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 01:52:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 01:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 01:51:57 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 01:50:37 | 003,374,689 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/08/27 01:18:32 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 00:53:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/08/27 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 00:36:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001UA.job
[2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:07:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/26 21:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001Core.job
[2010/08/26 17:37:03 | 063,989,774 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/25 02:59:32 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/25 02:49:07 | 000,000,955 | ---- | M] () -- C:\Users\Jason\Desktop\magicJack.lnk
[2010/08/20 00:59:33 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/08/20 00:56:12 | 000,089,651 | ---- | M] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/20 00:26:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:34:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:27 | 001,870,163 | ---- | M] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/16 09:08:40 | 000,064,392 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 03:23:02 | 003,655,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/15 02:29:26 | 003,817,397 | ---- | M] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:09 | 000,133,632 | ---- | M] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:09 | 000,634,998 | ---- | M] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 23:45:56 | 000,006,337 | ---- | M] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/13 23:45:55 | 000,008,348 | ---- | M] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/13 23:45:55 | 000,004,593 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/13 14:54:03 | 000,122,812 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/13 03:07:58 | 000,027,486 | ---- | M] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | M] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 02:37:15 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-120224.backup
[2010/08/13 02:35:42 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023715.backup
[2010/08/13 02:22:15 | 000,051,244 | ---- | M] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/12 13:27:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2010/08/12 13:27:55 | 000,000,026 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023542.backup
[2010/08/10 00:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/09 22:55:54 | 000,026,126 | ---- | M] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:26 | 000,005,549 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 01:21:26 | 002,132,383 | ---- | M] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:53:36 | 000,000,244 | ---- | M] () -- C:\Windows\system.ini
[2010/08/08 02:13:23 | 000,001,131 | ---- | M] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/06 00:12:05 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 00:12:05 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 00:12:05 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 09:32:03 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/03 14:28:05 | 001,219,088 | ---- | M] () -- C:\Users\Jason\Desktop\Papa and Lucas 8 15 08.jpg
[2010/08/03 14:28:05 | 000,961,443 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0320.JPG.jpg
[2010/08/03 14:28:04 | 000,919,598 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0319.JPG.jpg
[2010/08/03 14:23:31 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/08/03 14:23:31 | 000,059,012 | ---- | M] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/08/03 14:23:31 | 000,023,082 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/08/03 14:22:51 | 000,075,170 | ---- | M] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100807-143644.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-015807.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-012652.backup
[2010/07/30 02:39:17 | 000,002,503 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/26 00:14:31 | 000,001,188 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 00:05:28 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/21 00:38:03 | 000,001,713 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:06:49 | 002,977,792 | ---- | M] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/10 05:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/10 05:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/09 22:04:28 | 001,609,320 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/07/09 22:03:54 | 001,495,560 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 00:21:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/07/07 13:57:57 | 000,001,829 | ---- | M] () -- C:\Users\Jason\Desktop\Defraggler.lnk
[2010/06/26 23:56:33 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/18 23:47:45 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/18 00:29:52 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | M] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/08 02:01:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/06/07 19:39:40 | 000,058,873 | ---- | M] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/05 03:42:26 | 000,001,797 | ---- | M] () -- C:\Users\Jason\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/08/27 01:18:32 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 00:56:11 | 000,089,651 | ---- | C] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/18 13:34:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:00 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 13:33:59 | 063,989,774 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:14 | 001,870,163 | ---- | C] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/15 02:29:18 | 003,817,397 | ---- | C] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:07 | 000,133,632 | ---- | C] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:03 | 000,634,998 | ---- | C] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 03:07:58 | 000,027,486 | ---- | C] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | C] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 00:56:03 | 000,051,244 | ---- | C] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/09 23:59:18 | 000,008,348 | ---- | C] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/09 22:55:50 | 000,026,126 | ---- | C] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:24 | 000,005,549 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 02:26:24 | 000,004,593 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/09 01:21:17 | 002,132,383 | ---- | C] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:29:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:29:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:29:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:29:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:29:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 02:13:23 | 000,001,131 | ---- | C] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/08 02:02:44 | 000,006,337 | ---- | C] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/08 01:52:46 | 000,000,132 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/05 23:27:15 | 001,609,320 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/08/05 23:27:15 | 001,495,560 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/08/05 23:27:14 | 000,437,072 | ---- | C] () -- C:\Users\Jason\Desktop\21052107.JPG
[2010/08/04 03:20:11 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 13:45:13 | 000,075,170 | ---- | C] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/07/21 00:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/07/21 00:38:03 | 000,001,713 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:08:05 | 000,002,862 | ---- | C] () -- C:\Users\Jason\umbrella0.log
[2010/07/16 01:06:37 | 002,977,792 | ---- | C] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/01 14:05:25 | 016,098,368 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas Walking.AVI
[2010/06/26 23:56:33 | 000,000,312 | ---- | C] () -- C:\Users\Jason\Desktop\Curse Client.appref-ms
[2010/06/26 23:56:33 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 11:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/06/18 19:02:53 | 000,023,082 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/06/18 00:29:52 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | C] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/07 19:39:39 | 000,058,873 | ---- | C] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/07 13:26:00 | 000,059,012 | ---- | C] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/06/07 13:25:24 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/06/04 13:01:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/02 03:27:55 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/02/02 00:02:12 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2009/12/25 13:06:46 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/28 12:31:07 | 000,007,597 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2009/11/18 17:19:37 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 17:44:01 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.log
[2009/11/05 17:43:32 | 000,007,861 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.cat
[2009/11/05 17:43:32 | 000,001,104 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.inf
[2009/11/05 17:43:32 | 000,000,125 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.ini
[2009/11/05 17:43:31 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
[2009/11/05 17:43:04 | 000,007,887 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2009/11/05 17:43:04 | 000,001,144 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2009/10/29 15:46:31 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/13 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2010/01/01 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/31 01:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FreeFLVConverter
[2010/06/09 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GHISLER
[2010/04/03 04:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
[2010/06/09 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hardcore
[2009/11/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/07/26 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2009/11/05 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2010/06/18 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/08/25 02:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\mjusbsp
[2009/11/28 11:59:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Opera
[2009/11/04 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Songbird2
[2010/08/08 02:17:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/08 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeamViewer
[2009/10/29 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
[2009/11/05 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Vso
[2009/11/13 22:51:05 | 000,024,908 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/27/2010 1:28:13 AM
mbam-log-2010-08-27 (01-28-13).txt

Scan type: Quick scan
Objects scanned: 133726
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 27 August 2010 - 04:39 AM

Hi jm503,



Are you aware of the following entry? Did you set this DNS personly?

HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23

If not, open command prompt with administrator privilege (click on Start -> type in “cmd” -> right click on the command prompt and choose “Run as Administrator”) and type the following bolded command and press Enter:

netsh int ip reset C:\netsh.log.txt
netsh winsock reset


Restart your pc. After that, reset your router and flushdns as instructed in my previous post. Rerun OTL and post the log. Tell me if redirects persist.



#9 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 05:31 AM

Well I know that the first bit of numbers is my router IP that I did set myself, as of the rest of the numbers I'm not sure what they are. I did everything asked and the entry is still the same, here is the log.


OTL logfile created on: 8/27/2010 3:10:35 AM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jason\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 15.67 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.33% Space Free | Partition Type: FAT
Drive L: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JASON-PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2010/08/18 13:33:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/18 13:33:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/18 13:33:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/18 13:33:01 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/18 13:32:47 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/12 22:59:39 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Jason\AppData\Local\Apps\2.0\7Z85NEYZ.P6L\E4ZD23DV.KBY\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/11/06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/02/24 05:32:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/13 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/28 12:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100826.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/03/03 20:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/03 20:19:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/03 20:19:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/03 20:19:51 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/03 20:19:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/03 20:19:51 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/03 20:19:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/03 20:19:51 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/03 20:19:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/03 20:19:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/05 18:10:15 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 17:43:32 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/16 20:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/22 16:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 52 2A 00 0B 59 CA 01 [binary data]
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/14 20:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/18 13:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/18 13:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]

[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/26 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions
[2010/08/16 19:12:11 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/21 15:30:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/03 01:36:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/26 23:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\l8ubfanj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/27 03:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 15:44:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/26 22:27:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/26 22:27:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/27 00:53:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [cdloader] C:\Users\Jason\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - L:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,016,158 | R--- | M] () - L:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,000,308 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - L:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 01:18:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/27 01:18:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/27 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 00:53:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 23:10:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\GooredFix Backups
[2010/08/26 23:07:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:06:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/25 01:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/23 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/08/23 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1
[2010/08/20 11:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Drive C backup
[2010/08/20 00:26:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/19 23:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\AVG Security Toolbar
[2010/08/18 13:34:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:16 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/18 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/18 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/18 12:34:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/18 01:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gmer
[2010/08/18 00:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/15 02:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/15 02:31:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/15 01:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1st step
[2010/08/15 01:57:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2nd step
[2010/08/13 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/13 01:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/13 01:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/13 01:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft Help
[2010/08/13 01:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/13 01:21:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/13 01:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WORD
[2010/08/13 01:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/13 01:02:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\POWER ISO 4.7
[2010/08/09 01:01:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2010/08/09 00:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:29:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:29:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:24:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 00:23:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\TDSSKILLER
[2010/08/08 02:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
[2010/08/08 02:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/08 01:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Theme
[2010/08/08 01:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/08 01:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Adobe Photoshop CS5 Extended Edition
[2010/08/04 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Anti
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/24 23:56:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2010/07/23 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 00:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 00:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/07/21 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ram defrag
[2010/07/21 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ipod
[2010/07/16 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\.shsh
[2010/07/10 05:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/02 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2010/07/02 02:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Boogerman
[2010/06/26 11:51:06 | 000,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2010/06/26 11:51:06 | 000,032,256 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2010/06/26 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Symantec
[2010/06/25 03:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/25 00:00:05 | 000,000,000 | ---D | C] -- C:\7989eaf3dbd17347a140
[2010/06/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/06/18 00:25:09 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/18 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PMB Files
[2010/06/18 00:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/18 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/09 00:21:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WoW Documents
[2010/06/09 00:21:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Nancy Drew
[2010/06/08 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\AnyDVDHD
[2010/06/04 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/11/05 17:43:32 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\ezplay.sys
[2009/11/05 17:43:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/27 03:09:25 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 03:09:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 03:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 03:09:01 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 02:59:07 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 02:59:07 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 02:58:58 | 006,553,600 | -HS- | M] () -- C:\Users\Jason\ntuser.dat
[2010/08/27 02:58:48 | 003,375,459 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/08/27 02:52:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 02:36:22 | 000,000,955 | ---- | M] () -- C:\Users\Jason\Desktop\magicJack.lnk
[2010/08/27 02:36:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001UA.job
[2010/08/27 01:18:32 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 00:53:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:07:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/26 21:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001Core.job
[2010/08/26 17:37:03 | 063,989,774 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/25 02:59:32 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 00:59:33 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/08/20 00:56:12 | 000,089,651 | ---- | M] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/20 00:26:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:34:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:27 | 001,870,163 | ---- | M] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/16 09:08:40 | 000,064,392 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 03:23:02 | 003,655,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/15 02:29:26 | 003,817,397 | ---- | M] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:09 | 000,133,632 | ---- | M] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:09 | 000,634,998 | ---- | M] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 23:45:56 | 000,006,337 | ---- | M] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/13 23:45:55 | 000,008,348 | ---- | M] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/13 23:45:55 | 000,004,593 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/13 14:54:03 | 000,122,812 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/13 03:07:58 | 000,027,486 | ---- | M] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | M] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 02:37:15 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-120224.backup
[2010/08/13 02:35:42 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023715.backup
[2010/08/13 02:22:15 | 000,051,244 | ---- | M] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/12 13:27:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2010/08/12 13:27:55 | 000,000,026 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023542.backup
[2010/08/10 00:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/09 22:55:54 | 000,026,126 | ---- | M] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:26 | 000,005,549 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 01:21:26 | 002,132,383 | ---- | M] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:53:36 | 000,000,244 | ---- | M] () -- C:\Windows\system.ini
[2010/08/08 02:13:23 | 000,001,131 | ---- | M] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/06 00:12:05 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 00:12:05 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 00:12:05 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 09:32:03 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/03 14:28:05 | 001,219,088 | ---- | M] () -- C:\Users\Jason\Desktop\Papa and Lucas 8 15 08.jpg
[2010/08/03 14:28:05 | 000,961,443 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0320.JPG.jpg
[2010/08/03 14:28:04 | 000,919,598 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0319.JPG.jpg
[2010/08/03 14:23:31 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/08/03 14:23:31 | 000,059,012 | ---- | M] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/08/03 14:23:31 | 000,023,082 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/08/03 14:22:51 | 000,075,170 | ---- | M] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100807-143644.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-015807.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-012652.backup
[2010/07/30 02:39:17 | 000,002,503 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/26 00:14:31 | 000,001,188 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 00:05:28 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/21 00:38:03 | 000,001,713 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:06:49 | 002,977,792 | ---- | M] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/10 05:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/10 05:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/09 22:04:28 | 001,609,320 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/07/09 22:03:54 | 001,495,560 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 00:21:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/07/07 13:57:57 | 000,001,829 | ---- | M] () -- C:\Users\Jason\Desktop\Defraggler.lnk
[2010/06/26 23:56:33 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/18 23:47:45 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/18 00:29:52 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | M] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/08 02:01:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/06/07 19:39:40 | 000,058,873 | ---- | M] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/05 03:42:26 | 000,001,797 | ---- | M] () -- C:\Users\Jason\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/08/27 01:18:32 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 00:56:11 | 000,089,651 | ---- | C] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/18 13:34:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:00 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 13:33:59 | 063,989,774 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:14 | 001,870,163 | ---- | C] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/15 02:29:18 | 003,817,397 | ---- | C] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:07 | 000,133,632 | ---- | C] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:03 | 000,634,998 | ---- | C] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 03:07:58 | 000,027,486 | ---- | C] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | C] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 00:56:03 | 000,051,244 | ---- | C] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/09 23:59:18 | 000,008,348 | ---- | C] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/09 22:55:50 | 000,026,126 | ---- | C] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:24 | 000,005,549 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 02:26:24 | 000,004,593 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/09 01:21:17 | 002,132,383 | ---- | C] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:29:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:29:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:29:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:29:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:29:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 02:13:23 | 000,001,131 | ---- | C] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/08 02:02:44 | 000,006,337 | ---- | C] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/08 01:52:46 | 000,000,132 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/05 23:27:15 | 001,609,320 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/08/05 23:27:15 | 001,495,560 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/08/05 23:27:14 | 000,437,072 | ---- | C] () -- C:\Users\Jason\Desktop\21052107.JPG
[2010/08/04 03:20:11 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 13:45:13 | 000,075,170 | ---- | C] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/07/21 00:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/07/21 00:38:03 | 000,001,713 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:08:05 | 000,002,862 | ---- | C] () -- C:\Users\Jason\umbrella0.log
[2010/07/16 01:06:37 | 002,977,792 | ---- | C] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/01 14:05:25 | 016,098,368 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas Walking.AVI
[2010/06/26 23:56:33 | 000,000,312 | ---- | C] () -- C:\Users\Jason\Desktop\Curse Client.appref-ms
[2010/06/26 23:56:33 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 11:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/06/18 19:02:53 | 000,023,082 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/06/18 00:29:52 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | C] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/07 19:39:39 | 000,058,873 | ---- | C] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/07 13:26:00 | 000,059,012 | ---- | C] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/06/07 13:25:24 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/06/04 13:01:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/02 03:27:55 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/02/02 00:02:12 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2009/12/25 13:06:46 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/28 12:31:07 | 000,007,597 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2009/11/18 17:19:37 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 17:44:01 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.log
[2009/11/05 17:43:32 | 000,007,861 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.cat
[2009/11/05 17:43:32 | 000,001,104 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.inf
[2009/11/05 17:43:32 | 000,000,125 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.ini
[2009/11/05 17:43:31 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
[2009/11/05 17:43:04 | 000,007,887 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2009/11/05 17:43:04 | 000,001,144 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2009/10/29 15:46:31 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/13 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2010/01/01 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/31 01:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FreeFLVConverter
[2010/06/09 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GHISLER
[2010/04/03 04:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
[2010/06/09 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hardcore
[2009/11/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/07/26 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2009/11/05 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2010/06/18 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/08/27 02:36:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\mjusbsp
[2009/11/28 11:59:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Opera
[2009/11/04 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Songbird2
[2010/08/08 02:17:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/08 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeamViewer
[2009/10/29 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
[2009/11/05 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Vso
[2009/11/13 22:51:05 | 000,025,408 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#10 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 05:40 AM

Also, when I type the other two strings of IPs (the ones after my router IP) into my browser I get a blank white page with bold letters at the top left within the page that says "It Works!".... VERY strange don't you think?


#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 27 August 2010 - 05:55 AM

Hi jm503,


QUOTE
"It Works!".... VERY strange don't you think?

Yes, It's really.... wacko.gif It sounds lik resetting your router isn't done correctly.

Do you still get redirects? All browsers? Did you reinstall FF? I need a little test for your browsers. Please do the following:

Unplug your internet access, redo the process as instructed in my previous post of #8. After that, reconnect your internet, launch your IE and do the following:

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Privacy tab and press Sites button, click Remove all button if there are some urls out there.
  5. Click Advanced tab and click on Reset button
  6. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
Restart your IE and tell me if the redirects still persist.

Start your FF> Tools menu> Clear Private data , check all boxes and press clear private data now button

Please close all your browsers. Click on Start / Run, Enter the following command:

firefox -safe-mode

Click Continue In Safe Mode. This starts Firefox in its Safe Mode. While you are in Safe Mode, your settings will reverted back to their defaults. Tell me if redirects persist.

If yes, go to next step.

Keep going to firefox in Safe Mode.

In the open window, check the following boxes.

Disable all add-ons
Reset Toolbars and Controls
Reset all your user preferences to FireFox Defaults
Restore Default Search Engines.

Click on "Make the changes and restart" Then, start your FF to test if you get redirects.

Please post the log c:\netsh.log.txt in your next reply. Let me know how things went.

Edited by sundavis, 27 August 2010 - 06:13 AM.


#12 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 02:39 PM

Alright, I've done everything requested. Did another hard reset of my router. Reinstalled a fresh new download of Firefox 4.0 beta. Did all that within IE. Did Firefox in safe mode and got a redirect almost immediately. Started FF in safe mode with those boxes checked, redirect almost immediately also. Redirects with IE, FF and Chrome. Now im not sure what you meant by " post the log c:\netsh.log.txt in your next reply." so I ran OTL again and here is that log.


OTL logfile created on: 8/27/2010 12:24:38 PM - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jason\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 15.85 Gb Free Space | 5.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 17.59 Mb Total Space | 17.30 Mb Free Space | 98.33% Space Free | Partition Type: FAT
Drive L: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JASON-PC
Current User Name: Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2010/08/18 13:33:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/18 13:33:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/18 13:33:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/18 13:33:01 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/18 13:32:47 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/12 22:59:39 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Jason\AppData\Local\Apps\2.0\7Z85NEYZ.P6L\E4ZD23DV.KBY\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/11/06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
MOD - [2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/18 13:32:26 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/18 13:32:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:19:49 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/02/24 05:32:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/11/06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/11/06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jason\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/13 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/28 12:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100826.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/04 13:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/03/03 20:20:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/03 20:19:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/03 20:19:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/03 20:19:51 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/03 20:19:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/03 20:19:51 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/03 20:19:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/03 20:19:51 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/03 20:19:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/03 20:19:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/05 18:10:15 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 17:43:32 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/16 20:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/22 16:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/14 20:03:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2010/08/19 23:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010/08/25 02:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2010/08/27 12:04:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins

[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2009/11/04 06:07:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

O1 HOSTS File: ([2010/08/27 00:53:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [cdloader] C:\Users\Jason\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 [2010/08/23 22:13:30 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3927500952-2604454239-3189536853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///D:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///D:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///D:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 213.109.67.72 213.109.77.23
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - K:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - L:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,016,158 | R--- | M] () - L:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,000,308 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 06:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - L:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 12:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 4
[2010/08/27 01:18:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/27 01:18:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/27 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 00:53:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/26 23:10:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\GooredFix Backups
[2010/08/26 23:07:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:06:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/25 01:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/23 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/08/23 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1
[2010/08/20 11:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Drive C backup
[2010/08/20 00:26:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/19 23:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\AVG Security Toolbar
[2010/08/18 13:34:18 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:16 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:33:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/18 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/18 13:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/18 12:34:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/18 01:01:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Gmer
[2010/08/18 00:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/15 02:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/15 02:31:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/15 01:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\1st step
[2010/08/15 01:57:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\2nd step
[2010/08/13 03:01:42 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/08/13 01:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/13 01:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/13 01:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft Help
[2010/08/13 01:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/13 01:21:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/13 01:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WORD
[2010/08/13 01:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/13 01:02:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\POWER ISO 4.7
[2010/08/09 01:01:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/09 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\temp
[2010/08/09 00:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/09 00:29:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/09 00:29:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/09 00:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/09 00:24:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 00:23:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/09 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\TDSSKILLER
[2010/08/08 02:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
[2010/08/08 02:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/08 01:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Theme
[2010/08/08 01:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/08 01:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Adobe Photoshop CS5 Extended Edition
[2010/08/04 02:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Anti
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/04 00:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/24 23:56:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2010/07/23 00:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 00:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 00:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/07/21 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ram defrag
[2010/07/21 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\ipod
[2010/07/16 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\.shsh
[2010/07/10 05:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/02 22:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2010/07/02 02:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Boogerman
[2010/06/26 11:51:06 | 000,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2010/06/26 11:51:06 | 000,032,256 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2010/06/26 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Symantec
[2010/06/25 03:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/25 00:00:05 | 000,000,000 | ---D | C] -- C:\7989eaf3dbd17347a140
[2010/06/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/06/18 00:25:09 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/18 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\PMB Files
[2010/06/18 00:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/18 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/09 00:21:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\WoW Documents
[2010/06/09 00:21:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Nancy Drew
[2010/06/08 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 13:04:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\AnyDVDHD
[2010/06/04 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/11/05 17:43:32 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\ezplay.sys
[2009/11/05 17:43:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/27 12:23:28 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 12:23:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 12:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 12:23:03 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 12:21:45 | 006,553,600 | -HS- | M] () -- C:\Users\Jason\ntuser.dat
[2010/08/27 12:21:38 | 003,378,075 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db
[2010/08/27 12:07:23 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 12:07:23 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 12:04:39 | 000,002,067 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 4.lnk
[2010/08/27 12:04:39 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 4.lnk
[2010/08/27 11:52:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 11:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001UA.job
[2010/08/27 08:04:57 | 064,013,829 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/27 03:49:01 | 000,000,955 | ---- | M] () -- C:\Users\Jason\Desktop\magicJack.lnk
[2010/08/27 01:18:32 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 00:53:29 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/08/26 23:07:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2010/08/26 23:07:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jason\Desktop\GooredFix.exe
[2010/08/26 21:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927500952-2604454239-3189536853-1001Core.job
[2010/08/25 02:59:32 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 00:59:33 | 000,000,600 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/08/20 00:56:12 | 000,089,651 | ---- | M] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/20 00:26:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jason\Desktop\HijackThis.exe
[2010/08/18 13:34:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/18 13:34:20 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/18 13:34:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/18 13:34:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/18 13:34:00 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:27 | 001,870,163 | ---- | M] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/16 09:08:40 | 000,064,392 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/16 03:23:02 | 003,655,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/15 02:29:26 | 003,817,397 | ---- | M] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:09 | 000,133,632 | ---- | M] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:09 | 000,634,998 | ---- | M] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 23:45:56 | 000,006,337 | ---- | M] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/13 23:45:55 | 000,008,348 | ---- | M] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/13 23:45:55 | 000,004,593 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/13 14:54:03 | 000,122,812 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/13 03:07:58 | 000,027,486 | ---- | M] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | M] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 02:37:15 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-120224.backup
[2010/08/13 02:35:42 | 000,414,870 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023715.backup
[2010/08/13 02:22:15 | 000,051,244 | ---- | M] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/12 13:27:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2010/08/12 13:27:55 | 000,000,026 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100813-023542.backup
[2010/08/10 00:10:29 | 000,000,132 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/09 22:55:54 | 000,026,126 | ---- | M] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:26 | 000,005,549 | ---- | M] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 01:21:26 | 002,132,383 | ---- | M] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:53:36 | 000,000,244 | ---- | M] () -- C:\Windows\system.ini
[2010/08/08 02:13:23 | 000,001,131 | ---- | M] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/06 00:12:05 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 00:12:05 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 00:12:05 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 09:32:03 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/03 14:28:05 | 001,219,088 | ---- | M] () -- C:\Users\Jason\Desktop\Papa and Lucas 8 15 08.jpg
[2010/08/03 14:28:05 | 000,961,443 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0320.JPG.jpg
[2010/08/03 14:28:04 | 000,919,598 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM0319.JPG.jpg
[2010/08/03 14:23:31 | 000,065,315 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/08/03 14:23:31 | 000,059,012 | ---- | M] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/08/03 14:23:31 | 000,023,082 | ---- | M] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/08/03 14:22:51 | 000,075,170 | ---- | M] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100807-143644.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-015807.backup
[2010/08/03 02:59:46 | 000,000,770 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100804-012652.backup
[2010/07/30 02:39:17 | 000,002,503 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/26 00:14:31 | 000,001,188 | ---- | M] () -- C:\Users\Jason\Desktop\Revo Uninstaller.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 00:05:28 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/21 00:38:03 | 000,001,713 | ---- | M] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:06:49 | 002,977,792 | ---- | M] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/10 05:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/10 05:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/07/09 22:04:28 | 001,609,320 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/07/09 22:03:54 | 001,495,560 | ---- | M] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 00:21:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 00:21:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/07/07 13:57:57 | 000,001,829 | ---- | M] () -- C:\Users\Jason\Desktop\Defraggler.lnk
[2010/06/26 23:56:33 | 000,000,000 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/18 23:47:45 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/18 00:29:52 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | M] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/08 02:01:05 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/06/07 19:39:40 | 000,058,873 | ---- | M] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/05 03:42:26 | 000,001,797 | ---- | M] () -- C:\Users\Jason\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010/08/27 12:04:39 | 000,002,067 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 4.lnk
[2010/08/27 12:04:39 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 4.lnk
[2010/08/27 01:18:32 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 00:56:11 | 000,089,651 | ---- | C] () -- C:\Users\Jason\Desktop\jwarren-billiardballs.jpg
[2010/08/18 13:34:20 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/08/18 13:34:00 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/18 13:33:59 | 064,013,829 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/18 12:34:22 | 382,340,822 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/18 00:49:33 | 000,001,067 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/18 00:49:33 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/18 00:48:14 | 001,870,163 | ---- | C] () -- C:\Users\Jason\Desktop\dixmlsetup.exe
[2010/08/15 02:29:18 | 003,817,397 | ---- | C] () -- C:\Users\Jason\Desktop\ComboFix.exe
[2010/08/15 02:01:07 | 000,133,632 | ---- | C] () -- C:\Users\Jason\Desktop\RKUnhookerLE.EXE
[2010/08/15 01:01:03 | 000,634,998 | ---- | C] () -- C:\Users\Jason\Desktop\cydia_1.0.3201-71_iphoneos-arm.deb
[2010/08/13 03:07:58 | 000,027,486 | ---- | C] () -- C:\Users\Jason\Desktop\Wanna fight (1).jpg
[2010/08/13 03:06:55 | 000,041,150 | ---- | C] () -- C:\Users\Jason\Desktop\Big boys growin up (1).jpg
[2010/08/13 00:56:03 | 000,051,244 | ---- | C] () -- C:\Users\Jason\Desktop\SpringBoard.strings
[2010/08/09 23:59:18 | 000,008,348 | ---- | C] () -- C:\Users\Jason\Desktop\iPod.png
[2010/08/09 22:55:50 | 000,026,126 | ---- | C] () -- C:\Users\Jason\Desktop\alphabet.gif
[2010/08/09 02:26:24 | 000,005,549 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia.png
[2010/08/09 02:26:24 | 000,004,593 | ---- | C] () -- C:\Users\Jason\Desktop\Cydia (2).png
[2010/08/09 01:21:17 | 002,132,383 | ---- | C] () -- C:\Users\Jason\Desktop\Aquarium-2.6-Hakzo-364867315.ipa
[2010/08/09 00:29:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/09 00:29:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/09 00:29:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/09 00:29:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/09 00:29:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/08 02:13:23 | 000,001,131 | ---- | C] () -- C:\Users\Jason\Desktop\Adobe Photoshop CS5.lnk
[2010/08/08 02:02:44 | 000,006,337 | ---- | C] () -- C:\Users\Jason\Desktop\Safari.png
[2010/08/08 01:52:46 | 000,000,132 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/05 23:27:15 | 001,609,320 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3156.JPG
[2010/08/05 23:27:15 | 001,495,560 | ---- | C] () -- C:\Users\Jason\Desktop\HPIM3155.JPG
[2010/08/05 23:27:14 | 000,437,072 | ---- | C] () -- C:\Users\Jason\Desktop\21052107.JPG
[2010/08/04 03:20:11 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/08/04 00:19:40 | 000,001,206 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/23 00:12:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 13:45:13 | 000,075,170 | ---- | C] () -- C:\Users\Jason\Desktop\Harry Potter.jpg
[2010/07/21 00:38:07 | 000,000,600 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\winscp.rnd
[2010/07/21 00:38:03 | 000,001,713 | ---- | C] () -- C:\Users\Jason\Desktop\WinSCP.lnk
[2010/07/16 01:08:05 | 000,002,862 | ---- | C] () -- C:\Users\Jason\umbrella0.log
[2010/07/16 01:06:37 | 002,977,792 | ---- | C] () -- C:\Users\Jason\Desktop\umbrella-4.00.80.exe
[2010/07/01 14:05:25 | 016,098,368 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas Walking.AVI
[2010/06/26 23:56:33 | 000,000,312 | ---- | C] () -- C:\Users\Jason\Desktop\Curse Client.appref-ms
[2010/06/26 23:56:33 | 000,000,000 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 11:33:09 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 11:33:09 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\ntuser.dat{4b00c2b9-8150-11df-867a-931bbe8120d7}.TM.blf
[2010/06/18 19:02:53 | 000,023,082 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas.jpg
[2010/06/18 00:29:52 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/09 00:24:45 | 000,000,943 | ---- | C] () -- C:\Users\Jason\Desktop\Handbrake.lnk
[2010/06/07 19:39:39 | 000,058,873 | ---- | C] () -- C:\Users\Jason\Desktop\060710_07321.jpg
[2010/06/07 13:26:00 | 000,059,012 | ---- | C] () -- C:\Users\Jason\Desktop\Ryan.jpg
[2010/06/07 13:25:24 | 000,065,315 | ---- | C] () -- C:\Users\Jason\Desktop\Lucas and Ryan.jpg
[2010/06/04 13:01:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/02 03:27:55 | 000,000,093 | ---- | C] () -- C:\Users\Jason\AppData\Local\fusioncache.dat
[2010/02/02 00:02:12 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2009/12/25 13:06:46 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/28 12:31:07 | 000,007,597 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2009/11/18 17:19:37 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 17:44:01 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.log
[2009/11/05 17:43:32 | 000,007,861 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.cat
[2009/11/05 17:43:32 | 000,001,104 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.inf
[2009/11/05 17:43:32 | 000,000,125 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\ezplay.ini
[2009/11/05 17:43:31 | 000,000,033 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.log
[2009/11/05 17:43:04 | 000,007,887 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2009/11/05 17:43:04 | 000,001,144 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2009/10/29 15:46:31 | 000,003,584 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/13 02:22:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BitTorrent
[2010/01/01 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/31 01:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FreeFLVConverter
[2010/06/09 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GHISLER
[2010/04/03 04:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
[2010/06/09 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Hardcore
[2009/11/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2010/07/26 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\IrfanView
[2009/11/05 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2010/06/18 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\LolClient
[2010/08/27 03:49:10 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\mjusbsp
[2009/11/28 11:59:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Opera
[2009/11/04 06:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Songbird2
[2010/08/08 02:17:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/08 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeamViewer
[2009/10/29 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Thunderbird
[2009/11/05 19:33:14 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Vso
[2009/11/13 22:51:05 | 000,026,164 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 27 August 2010 - 02:57 PM

Hi jm503,




It seemed something might go wrong. What's the name or model of router you're using now. Did you reinstall your backups of router settings?

Your router should be "reset" to the factory defaults. Anything restored from backups will make our efforts futile in this case. Your DNS entry should look like the following:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9

Please reset your router, and make sure obtain an IP address (and DNS server address) automatically is checked(#6) from Here if you don't know how.

Please specify that info in your next reply. Thanks

Edited by sundavis, 27 August 2010 - 03:23 PM.


#14 jm503

jm503
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 27 August 2010 - 05:34 PM

OK reset went good. Did everything requested. So far I have not come across a redirect (fingers crossed) will stay posted. One thing though is the DNS entry is still not right...


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.69.150 68.87.85.102


This is what it looks like now, let me know if you want the OTL log.

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 AM

Posted 27 August 2010 - 05:49 PM

Hi jm503,



QUOTE
One thing though is the DNS entry is still not right

Did you restart your pc before running OTL? Ok. Let's take a close look and dig deeper.

Step1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Right-click SystemLook.exe and Run as Administrator command to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85B20B24-8E34-4B9F-B804-B9FE8BE17F9B} /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please post back

1.SystemLook log
2.Router name

Let me know how things went.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users