Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects


  • This topic is locked This topic is locked
21 replies to this topic

#1 mo536

mo536

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 03:29 AM

I posted in the other subforum (the one where reports don't go), but I already know I've got something, so I guess this is the place to be.
I've done scans with AVG, HouseCall, Spybot, and SUPERAntiSpyware, which all found stuff and appeared to remove it, but I keep getting redirected to quiz, survey, or domain squatting sites in Firefox.

Here's my DDS report:


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Matt at 3:02:46 on 2011-05-30
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1102 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
J:\PROGRA~1\AVG\AVG10\avgchsvx.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
J:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
J:\WINDOWS\system32\ZoneLabs\vsmon.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\AVG\AVG10\avgwdsvc.exe
j:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
J:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
J:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
J:\Program Files\AVG\AVG10\avgnsx.exe
J:\Program Files\AVG\AVG10\avgemcx.exe
J:\WINDOWS\RTHDCPL.EXE
J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
J:\Program Files\AVG\AVG10\avgtray.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\WINDOWS\System32\svchost.exe -k HTTPFilter
J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
J:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
J:\PROGRA~1\AVG\AVG10\avgrsx.exe
J:\Program Files\AVG\AVG10\avgcsrvx.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\Documents and Settings\Matt\Desktop\dds.scr
J:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
BHO: {2624bf0d-fa01-4928-af11-16885c34ce49} - j:\windows\system32\aticalrt32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - j:\program files\avg\avg10\avgssie.dll
BHO: {4c497e1a-fa01-4928-af11-16885c34ce49} - j:\windows\system32\aticalrt32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - j:\progra~1\spybot~1\SDHelper.dll
BHO: d0b95852: {85aa134a-81c5-be05-73a6-4918362c8829} - j:\windows\system32\nlsdl32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] j:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] j:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] j:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [ZoneAlarm Client] "j:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [StartCCC] "j:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeCS5ServiceManager] "j:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] j:\program files\avg\avg10\avgtray.exe
StartupFolder: j:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - j:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - j:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - j:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - j:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: j:\windows\system32\nlsdl32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - j:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - j:\documents and settings\matt\application data\mozilla\firefox\profiles\cyxcf7lp.default\
FF - plugin: j:\documents and settings\matt\application data\move networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: j:\documents and settings\matt\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: j:\documents and settings\matt\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: j:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: j:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: j:\program files\planb\bin\nppb.dll
FF - plugin: j:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;j:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;j:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;j:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;j:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;j:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;j:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;j:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;j:\windows\system32\vsdatant.sys [2009-8-29 532224]
R2 avgwd;AVG WatchDog;j:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 TabletServiceWacom;TabletServiceWacom;j:\program files\tablet\wacom\Wacom_Tablet.exe [2011-5-27 4807536]
R2 vsmon;TrueVector Internet Monitor;j:\windows\system32\zonelabs\vsmon.exe -service --> j:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AE1000;Linksys AE1000 Driver;j:\windows\system32\drivers\AE1000XP.sys [2011-2-18 829152]
R3 wacmoumonitor;Wacom Mode Helper;j:\windows\system32\drivers\wacmoumonitor.sys [2011-5-27 10752]
S2 DcomLaunch32;DCOM Server Process Launcher ;j:\windows\system32\wmpshell32.exe --> j:\windows\system32\wmpshell32.exe [?]
S3 Ambfilt;Ambfilt;j:\windows\system32\drivers\Ambfilt.sys [2009-12-25 1684736]
S3 AVGIDSAgent;AVGIDSAgent;j:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S3 AVGIDSDriver;AVGIDSDriver;j:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;j:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;j:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 RDID1009;EDIROL UM-1;j:\windows\system32\drivers\Rdwm1009.sys [2010-7-27 65794]
S3 Slnt7554;USB Soft Modem Driver;j:\windows\system32\drivers\slnt7554.sys [2009-8-29 129535]
S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;j:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
S4 SwitchBoard;Adobe SwitchBoard;j:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 TomTomHOMEService;TomTomHOMEService;j:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
S4 UMVPFSrv;UMVPFSrv;j:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
.
=============== Created Last 30 ================
.
2011-05-30 07:18:45 -------- d-----w- j:\documents and settings\matt\application data\SUPERAntiSpyware.com
2011-05-30 07:18:45 -------- d-----w- j:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-30 07:18:37 -------- d-----w- j:\program files\SUPERAntiSpyware
2011-05-29 07:42:58 -------- d-----w- j:\documents and settings\matt\application data\AVG10
2011-05-29 07:41:17 -------- d--h--w- j:\documents and settings\all users\application data\Common Files
2011-05-29 07:39:01 -------- d-----w- j:\windows\system32\drivers\AVG
2011-05-29 07:39:01 -------- d-----w- j:\documents and settings\all users\application data\AVG10
2011-05-29 07:38:21 -------- d-----w- j:\program files\AVG
2011-05-29 07:34:27 -------- d-----w- j:\documents and settings\all users\application data\MFAData
2011-05-29 04:02:37 0 ---ha-w- j:\documents and settings\matt\lthiqdzhkg.tmp
2011-05-29 03:27:17 -------- d-----w- j:\program files\Spybot - Search & Destroy
2011-05-29 03:27:17 -------- d-----w- j:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-29 03:07:54 350720 ----a-w- j:\windows\system32\aticalrt32.dll
2011-05-28 00:17:47 -------- d-----w- j:\documents and settings\matt\application data\WTablet
2011-05-28 00:17:41 -------- d-----w- j:\program files\TabletPlugins
2011-05-28 00:17:40 10752 ----a-w- j:\windows\system32\drivers\wacmoumonitor.sys
2011-05-28 00:17:33 11312 ----a-w- j:\windows\system32\drivers\wacommousefilter.sys
2011-05-28 00:17:19 14120 ----a-w- j:\windows\system32\drivers\wacomvhid.sys
2011-05-28 00:17:17 644976 ----a-w- j:\windows\system32\Wacom_Tablet.dll
2011-05-28 00:17:17 506736 ----a-w- j:\windows\system32\Wintab32.dll
2011-05-27 22:01:12 952 --sha-w- j:\documents and settings\all users\application data\KGyGaAvL.sys
2011-05-27 22:00:40 -------- d-----w- j:\program files\common files\Protexis
2011-05-27 22:00:39 -------- d-----w- j:\documents and settings\all users\application data\Corel
2011-05-27 22:00:10 -------- d-----w- j:\program files\Corel
2011-05-27 21:49:36 -------- d-----w- j:\documents and settings\all users\application data\Alias
2011-05-27 21:48:08 -------- d-----w- J:\Autodesk
2011-05-27 09:15:31 -------- d-----w- j:\documents and settings\matt\application data\Unity
2011-05-27 09:09:00 -------- d-----w- j:\documents and settings\matt\local settings\application data\Unity
2011-05-15 06:53:57 -------- d-sh--w- J:\$RECYCLE.BIN
2011-05-14 19:17:07 -------- d--h--w- J:\$AVG
.
==================== Find3M ====================
.
2011-04-15 02:28:42 134480 ----a-w- j:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 05:59:56 297168 ----a-w- j:\windows\system32\drivers\avgtdix.sys
2011-04-01 05:11:10 4333280 ----a-w- j:\windows\system32\drivers\lvuvc.sys
2011-04-01 05:10:46 539232 ----a-w- j:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- j:\windows\system32\LVUI2.dll
2011-04-01 05:09:48 291424 ----a-w- j:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08:56 195168 ----a-w- j:\windows\system32\lvci13251014.dll
2011-04-01 05:08:36 301664 ----a-w- j:\windows\system32\lvcodec2.dll
2011-04-01 05:07:02 10877272 ----a-w- j:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- j:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- j:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- j:\windows\system32\Repository.reg
2011-03-23 04:58:22 14168 ----a-w- j:\windows\system32\drivers\iKeyLFT2.dll
2011-03-16 21:03:20 32592 ----a-w- j:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 3:03:28.40 ===============


I've got GMER running right now, so I'll post the results from that once it finishes.

The attach.txt from DDS said not to attach unless requested, so I haven't attached it.

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 04:50 AM

Hello mo536 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



:step1:



Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).


:step2:



We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\My Documents\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


:step3:



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Please include the following logs in your next reply:

  • Goored.txt
  • OTL.txt and Extra.txt
  • aswMBR.txt



Regards,
Georgi

cXfZ4wS.png


#3 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 05:25 AM

Hi, Georgi! Thank you for your prompt response.

Here are the logs...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 06:08 on 30/05/2011 (Matt)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

Deleting "J:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\cyxcf7lp.default\extensions\{45e42043-8062-4c17-9d7c-c267f48669b0}" -> Success!
Deleting "J:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\cyxcf7lp.default\extensions\{eb208d2e-b979-4f30-84e5-acca9b616d8a}" -> Success!

========== GooredLog ==========

J:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:08 29/05/2011]

J:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\cyxcf7lp.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="J:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:13 01/09/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="J:\Program Files\AVG\AVG10\Firefox4\" [07:39 29/05/2011]

-=E.O.F=-

OTL logfile created on: 5/30/2011 6:12:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = J:\Documents and Settings\Matt\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.05% Memory free
3.63 Gb Paging File | 2.86 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): J:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Program Files
Drive C: | 931.51 Gb Total Space | 895.01 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
Drive J: | 465.75 Gb Total Space | 351.79 Gb Free Space | 75.53% Space Free | Partition Type: NTFS

Computer Name: MPC9001 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 06:10:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2011/05/23 10:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- J:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- J:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/11/15 11:08:08 | 001,158,512 | ---- | M] (Wacom Technology, Corp.) -- J:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) -- J:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- J:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- j:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\explorer.exe
PRC - [2004/08/04 07:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- J:\Program Files\Windows NT\Accessories\wordpad.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 06:10:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Matt\Desktop\OTL.exe
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DcomLaunch32)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- J:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- J:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- J:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- J:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- J:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- J:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- J:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- J:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/31 11:27:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- J:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 16:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- J:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- j:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2004/08/03 19:56:58 | 000,073,796 | ---- | M] (Smart Link) [Disabled | Stopped] -- J:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- J:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/01/04 22:34:28 | 005,656,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/11/02 16:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/25 10:59:32 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/25 10:59:28 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- J:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- J:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 17:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- J:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/08 20:28:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- J:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/22 23:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- J:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/22 11:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 11:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 11:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/11/10 09:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/06/04 02:36:16 | 000,065,794 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2004/10/25 12:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/14 13:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 17:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 17:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 17:41:42 | 000,129,535 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\slnt7554.sys -- (Slnt7554)
DRV - [2004/08/03 17:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 17:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 17:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 17:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D BF 24 26 01 FA 28 49 AF 11 16 88 5C 34 CE 49 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D BF 24 26 01 FA 28 49 AF 11 16 88 5C 34 CE 49 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D BF 24 26 01 FA 28 49 AF 11 16 88 5C 34 CE 49 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D BF 24 26 01 FA 28 49 AF 11 16 88 5C 34 CE 49 [binary data]

IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = J:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0D BF 24 26 01 FA 28 49 AF 11 16 88 5C 34 CE 49 [binary data]
IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - J:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-515967899-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: J:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 19:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: J:\Program Files\AVG\AVG10\Firefox4\ [2011/05/29 02:40:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components [2011/05/29 04:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins [2011/05/28 16:02:54 | 000,000,000 | ---D | M]

[2011/05/29 04:02:23 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2011/02/28 18:16:49 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\Matt\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/05/30 06:08:15 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\cyxcf7lp.default\extensions
[2011/05/29 04:08:34 | 000,000,000 | ---D | M] (No name found) -- J:\Program Files\Mozilla Firefox\extensions
[2011/05/29 04:08:34 | 000,000,000 | ---D | M] (Default) -- J:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/05/29 02:40:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- J:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- J:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/02/13 20:39:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/02/27 03:10:38 | 000,075,208 | ---- | M] (Foxit Software Company) -- J:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/23 15:37:30 | 000,032,448 | ---- | M] (NOS Microsystems Ltd.) -- J:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/05/28 22:59:27 | 000,434,580 | R--- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14958 more lines...
O2 - BHO: (no name) - {2624BF0D-FA01-4928-AF11-16885C34CE49} - J:\WINDOWS\system32\aticalrt32.dll (wpcubed GmbH)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - J:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4C497E1A-FA01-4928-AF11-16885C34CE49} - J:\WINDOWS\system32\aticalrt32.dll (wpcubed GmbH)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (d0b95852) - {85AA134A-81C5-BE05-73A6-4918362C8829} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-515967899-573735546-725345543-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-515967899-573735546-725345543-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] J:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] J:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_TRAY] J:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RTHDCPL] J:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] J:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] J:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-515967899-573735546-725345543-1004..\Run: [ctfmon.exe] File not found
O4 - HKU\S-1-5-21-515967899-573735546-725345543-1004..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-515967899-573735546-725345543-1004..\Run: [SUPERAntiSpyware] J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: J:\Documents and Settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - J:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - J:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - J:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - J:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - J:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - J:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - J:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - J:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - J:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - J:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (J:\WINDOWS\system32\nlsdl32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (J:\WINDOWS\system32\userinit.exe) - J:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - J:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - J:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - J:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - J:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - J:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - J:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - J:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - J:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - J:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - J:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - J:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - J:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: J:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: J:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - J:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - J:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - J:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - J:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - J:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - J:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - J:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - J:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - J:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - J:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - J:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/27 16:48:08 | 000,000,000 | ---D | M] - J:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{46c0b1a0-4390-11e0-bd46-687f74f7b804}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{6eccc182-6324-11e0-bd71-687f74f7b804}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (J:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - J:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (J:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - J:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-515967899-573735546-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-515967899-573735546-725345543-1004\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 90 Days ==========

[2011/05/30 06:10:47 | 000,586,240 | ---- | C] (AVAST Software) -- J:\Documents and Settings\Matt\Desktop\aswMBR.exe
[2011/05/30 06:10:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- J:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/05/30 06:08:15 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Desktop\GooredFix Backups
[2011/05/30 06:07:05 | 000,071,398 | ---- | C] (jpshortstuff) -- J:\Documents and Settings\Matt\Desktop\GooredFix.exe
[2011/05/30 03:02:46 | 000,000,000 | R--D | C] -- J:\Documents and Settings\All Users\Documents\My Videos
[2011/05/30 03:02:46 | 000,000,000 | R--D | C] -- J:\Documents and Settings\Matt\Start Menu\Programs\Administrative Tools
[2011/05/30 03:01:24 | 000,606,738 | R--- | C] (Swearware) -- J:\Documents and Settings\Matt\Desktop\dds.scr
[2011/05/30 02:56:24 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- J:\Documents and Settings\Matt\Desktop\TDSSKiller.exe
[2011/05/30 02:18:45 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com
[2011/05/30 02:18:45 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/30 02:18:39 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/30 02:18:37 | 000,000,000 | ---D | C] -- J:\Program Files\SUPERAntiSpyware
[2011/05/29 02:42:58 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\AVG10
[2011/05/29 02:41:17 | 000,000,000 | -H-D | C] -- J:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/29 02:40:43 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/29 02:39:01 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/29 02:39:01 | 000,000,000 | ---D | C] -- J:\WINDOWS\System32\drivers\AVG
[2011/05/29 02:38:21 | 000,000,000 | ---D | C] -- J:\Program Files\AVG
[2011/05/29 02:34:27 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/28 22:27:21 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/28 22:27:17 | 000,000,000 | ---D | C] -- J:\Program Files\Spybot - Search & Destroy
[2011/05/28 22:27:17 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/28 22:07:54 | 000,350,720 | ---- | C] (wpcubed GmbH) -- J:\WINDOWS\System32\aticalrt32.dll
[2011/05/27 19:17:47 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\WTablet
[2011/05/27 19:17:41 | 000,000,000 | R--D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Wacom Tablet
[2011/05/27 19:17:41 | 000,000,000 | ---D | C] -- J:\Program Files\TabletPlugins
[2011/05/27 19:17:40 | 000,010,752 | ---- | C] (Wacom Technology) -- J:\WINDOWS\System32\drivers\wacmoumonitor.sys
[2011/05/27 19:17:33 | 000,011,312 | ---- | C] (Wacom Technology) -- J:\WINDOWS\System32\drivers\wacommousefilter.sys
[2011/05/27 19:17:19 | 000,014,120 | ---- | C] (Wacom Technology) -- J:\WINDOWS\System32\drivers\wacomvhid.sys
[2011/05/27 19:17:17 | 000,644,976 | ---- | C] (Wacom Technology, Corp.) -- J:\WINDOWS\System32\Wacom_Tablet.dll
[2011/05/27 19:17:17 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- J:\WINDOWS\System32\Wintab32.dll
[2011/05/27 17:01:11 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\Corel
[2011/05/27 17:00:40 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\Protexis
[2011/05/27 17:00:39 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Corel
[2011/05/27 17:00:10 | 000,000,000 | ---D | C] -- J:\Program Files\Corel
[2011/05/27 16:49:36 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Alias
[2011/05/27 16:48:08 | 000,000,000 | ---D | C] -- J:\Autodesk
[2011/05/27 04:15:31 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\Unity
[2011/05/27 04:09:00 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Local Settings\Application Data\Unity
[2011/05/15 01:53:57 | 000,000,000 | -HSD | C] -- J:\$RECYCLE.BIN
[2011/05/14 14:17:07 | 000,000,000 | -H-D | C] -- J:\$AVG
[2011/05/02 19:35:28 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\Logitech
[2011/04/29 07:34:19 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/04/29 07:28:21 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\Leadertech
[2011/04/29 07:27:20 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Logitech
[2011/04/29 07:27:16 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\LWS
[2011/04/29 07:27:00 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/29 07:26:59 | 000,000,000 | ---D | C] -- J:\Program Files\Logitech
[2011/04/29 07:26:59 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\LogiShrd
[2011/04/29 07:19:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\mstee.sys
[2011/04/29 07:19:41 | 000,010,880 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ndisip.sys
[2011/04/29 07:19:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\streamip.sys
[2011/04/29 07:19:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\ipsink.ax
[2011/04/29 07:19:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ipsink.ax
[2011/04/29 07:19:38 | 000,011,136 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\slip.sys
[2011/04/29 07:19:35 | 000,019,328 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/04/29 07:19:33 | 000,085,376 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/04/29 07:19:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/04/29 07:19:20 | 000,090,624 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\kswdmcap.ax
[2011/04/29 07:19:20 | 000,090,624 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/04/29 07:19:20 | 000,078,464 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/04/29 07:19:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\kstvtune.ax
[2011/04/29 07:19:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/04/29 07:19:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\vfwwdm32.dll
[2011/04/29 07:19:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/04/29 07:19:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\ksxbar.ax
[2011/04/29 07:19:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/04/29 07:19:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\vidcap.ax
[2011/04/29 07:19:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\vidcap.ax
[2011/04/29 07:19:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dshowext.ax
[2011/04/29 07:19:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\dshowext.ax
[2011/04/29 07:17:21 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\My Documents\Zign Track
[2011/04/29 07:16:41 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Zign Track Pro Demo
[2011/04/29 07:16:40 | 000,000,000 | ---D | C] -- J:\Program Files\Zign Creations
[2011/04/29 04:42:46 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\SynthEyes
[2011/04/29 04:42:41 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Andersson Technologies LLC
[2011/04/29 04:42:38 | 000,000,000 | ---D | C] -- J:\Program Files\Andersson Technologies LLC
[2011/04/23 22:02:22 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\reFX
[2011/04/23 22:02:21 | 000,000,000 | ---D | C] -- J:\Program Files\Slayer2
[2011/04/16 20:26:06 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\My Documents\SimCity 4
[2011/04/16 20:25:53 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\Maxis
[2011/04/16 19:59:23 | 000,000,000 | ---D | C] -- J:\Program Files\Maxis
[2011/04/14 21:28:42 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- J:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/04/06 04:11:36 | 000,000,000 | ---D | C] -- J:\cs5updateinstalleer
[2011/04/05 20:56:18 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/05 20:32:58 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\Adobe Mini Bridge CS5
[2011/04/05 20:32:57 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/05 16:10:13 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/05 16:06:25 | 000,000,000 | ---D | C] -- J:\Program Files\Adobe Media Player
[2011/04/05 16:03:36 | 000,000,000 | ---D | C] -- J:\Program Files\Common Files\Adobe AIR
[2011/04/05 00:59:56 | 000,297,168 | ---- | C] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgtdix.sys
[2011/04/01 00:11:10 | 004,333,280 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\drivers\lvuvc.sys
[2011/04/01 00:10:46 | 000,539,232 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\LVUI2RC.dll
[2011/04/01 00:10:24 | 000,543,328 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\LVUI2.dll
[2011/04/01 00:09:48 | 000,291,424 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\drivers\lvrs.sys
[2011/04/01 00:08:56 | 000,195,168 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\lvci13251014.dll
[2011/04/01 00:08:36 | 000,301,664 | ---- | C] (Logitech Inc.) -- J:\WINDOWS\System32\lvcodec2.dll
[2011/03/22 23:56:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\capicom.dll
[2011/03/18 11:33:16 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- J:\WINDOWS\System32\HPDiscoPM9311.dll
[2011/03/18 11:33:15 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/03/18 11:33:07 | 000,000,000 | ---D | C] -- J:\Program Files\HP
[2011/03/18 11:33:07 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\HP
[2011/03/18 11:32:34 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Local Settings\Application Data\HP
[2011/03/16 16:03:20 | 000,032,592 | ---- | C] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/03/13 10:32:52 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Matt\Desktop\ZBrush Hard Surface Techniques
[2011/03/01 14:25:18 | 000,034,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/26 20:58:40 | 000,018,120 | ---- | C] ( ) -- J:\WINDOWS\System32\drivers\Artec48.sys
[5 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\Documents and Settings\Matt\*.tmp files -> J:\Documents and Settings\Matt\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/30 06:10:47 | 000,586,240 | ---- | M] (AVAST Software) -- J:\Documents and Settings\Matt\Desktop\aswMBR.exe
[2011/05/30 06:10:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/05/30 06:08:10 | 000,003,878 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\steps.rtf
[2011/05/30 06:07:06 | 000,071,398 | ---- | M] (jpshortstuff) -- J:\Documents and Settings\Matt\Desktop\GooredFix.exe
[2011/05/30 05:35:15 | 000,008,117 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\Document.rtf
[2011/05/30 03:01:25 | 000,606,738 | R--- | M] (Swearware) -- J:\Documents and Settings\Matt\Desktop\dds.scr
[2011/05/30 02:56:29 | 000,032,281 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\plans.rtf
[2011/05/30 02:37:43 | 000,002,422 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2011/05/30 02:37:36 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2011/05/30 02:18:39 | 000,001,678 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/29 20:34:52 | 000,000,784 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 19:20:01 | 000,396,623 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\wikimalware.jpg
[2011/05/29 18:39:54 | 116,439,227 | ---- | M] () -- J:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\gmer.exe
[2011/05/29 04:08:37 | 000,000,724 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/29 02:40:46 | 000,000,690 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/28 22:59:27 | 000,434,580 | R--- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts
[2011/05/28 22:36:05 | 000,434,580 | R--- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts.20110528-225927.backup
[2011/05/28 22:27:21 | 000,000,951 | ---- | M] () -- J:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/28 22:27:21 | 000,000,933 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\Spybot - Search & Destroy.lnk
[2011/05/28 22:14:27 | 000,000,036 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\housecall.guid.cache
[2011/05/28 22:07:54 | 000,350,720 | ---- | M] (wpcubed GmbH) -- J:\WINDOWS\System32\aticalrt32.dll
[2011/05/27 17:36:07 | 000,688,128 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\Sketch Pad 1.sketchpad
[2011/05/27 17:01:12 | 000,000,952 | -HS- | M] () -- J:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/27 16:49:36 | 000,001,857 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2011.lnk
[2011/05/26 04:48:24 | 000,000,848 | ---- | M] () -- J:\Documents and Settings\Matt\.recently-used.xbel
[2011/05/26 04:21:31 | 000,000,132 | ---- | M] () -- J:\Documents and Settings\Matt\Application Data\Adobe PNG Format CS5 Prefs
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- J:\Documents and Settings\Matt\Desktop\TDSSKiller.exe
[2011/05/15 19:38:16 | 000,000,100 | ---- | M] () -- J:\Documents and Settings\Matt\Desktop\fix.reg
[2011/05/12 12:37:35 | 000,000,000 | ---- | M] () -- J:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/01 13:16:02 | 000,006,144 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 07:57:06 | 013,289,472 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__ZBrush_Digital_Sculpting_Human_Anatomy.pdf
[2011/04/30 07:54:26 | 036,691,616 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__The_Animator__039_s_Survival_Kit__Expanded_Edition__A_Manual_of_Methods__Principles_and_Formulas_for_Classical__Computer__Games__Stop_Motion_and_Inter.pdf
[2011/04/30 07:45:03 | 038,270,283 | R--- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__Producing_Independent_2D_Character_Animation__Making__amp__Selling_A_Short_Film__Visual_Effects_and_Animation_Series___Focal_Press_Visual_Effects_and_.pdf
[2011/04/28 19:07:26 | 000,001,456 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/04/16 19:59:40 | 000,000,483 | ---- | M] () -- J:\WINDOWS\eReg.dat
[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- J:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/04/11 11:16:01 | 000,000,340 | ---- | M] () -- J:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MPC9001-Matt.job
[2011/04/07 16:11:02 | 003,470,128 | ---- | M] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/07 04:22:26 | 000,000,132 | ---- | M] () -- J:\Documents and Settings\Matt\Application Data\Adobe GIF Format CS5 Prefs
[2011/04/05 21:02:21 | 000,028,776 | -H-- | M] () -- J:\WINDOWS\System32\mlfcache.dat
[2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgtdix.sys
[2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\drivers\lvuvc.sys
[2011/04/01 00:10:46 | 000,539,232 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\LVUI2RC.dll
[2011/04/01 00:10:24 | 000,543,328 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\LVUI2.dll
[2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\drivers\lvrs.sys
[2011/04/01 00:08:56 | 000,195,168 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\lvci13251014.dll
[2011/04/01 00:08:36 | 000,301,664 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\System32\lvcodec2.dll
[2011/04/01 00:07:02 | 010,877,272 | ---- | M] () -- J:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | M] () -- J:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | M] () -- J:\WINDOWS\System32\DevManagerCore.dll
[2011/03/31 23:56:42 | 000,266,828 | ---- | M] () -- J:\WINDOWS\System32\drivers\LVAFT.cfg
[2011/03/31 23:56:20 | 000,039,318 | ---- | M] () -- J:\WINDOWS\System32\Repository.reg
[2011/03/31 23:56:00 | 000,027,872 | ---- | M] () -- J:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | M] () -- J:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/22 23:56:28 | 000,515,416 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\capicom.dll
[2011/03/22 23:51:28 | 000,227,172 | ---- | M] () -- J:\WINDOWS\System32\drivers\LVFeL100.cfg
[2011/03/22 23:51:28 | 000,146,680 | ---- | M] () -- J:\WINDOWS\System32\drivers\LVFeL101.cfg
[2011/03/22 23:51:28 | 000,085,302 | ---- | M] () -- J:\WINDOWS\System32\drivers\LVFeL102.cfg
[2011/03/22 23:51:26 | 000,069,592 | ---- | M] () -- J:\WINDOWS\System32\drivers\LVFaL100.cfg
[2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\System32\drivers\avgmfx86.sys
[5 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\Documents and Settings\Matt\*.tmp files -> J:\Documents and Settings\Matt\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 06:08:10 | 000,003,878 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\steps.rtf
[2011/05/30 05:35:15 | 000,008,117 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\Document.rtf
[2011/05/30 03:12:10 | 000,302,592 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\gmer.exe
[2011/05/30 02:18:39 | 000,001,678 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/29 20:34:52 | 000,000,784 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 19:20:01 | 000,396,623 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\wikimalware.jpg
[2011/05/29 18:39:54 | 116,439,227 | ---- | C] () -- J:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/29 04:08:37 | 000,000,730 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/29 04:08:37 | 000,000,724 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/29 02:40:46 | 000,000,690 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/28 22:27:21 | 000,000,951 | ---- | C] () -- J:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/28 22:27:21 | 000,000,933 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\Spybot - Search & Destroy.lnk
[2011/05/28 22:14:27 | 000,000,036 | ---- | C] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\housecall.guid.cache
[2011/05/27 17:01:19 | 000,688,128 | ---- | C] () -- J:\Documents and Settings\Matt\My Documents\Sketch Pad 1.sketchpad
[2011/05/27 17:01:12 | 000,000,952 | -HS- | C] () -- J:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/27 17:00:23 | 000,001,806 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Corel Painter Sketch Pad.lnk
[2011/05/27 16:49:36 | 000,001,857 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\Autodesk SketchBookExpress 2011.lnk
[2011/05/26 04:48:24 | 000,000,848 | ---- | C] () -- J:\Documents and Settings\Matt\.recently-used.xbel
[2011/05/26 04:21:31 | 000,000,132 | ---- | C] () -- J:\Documents and Settings\Matt\Application Data\Adobe PNG Format CS5 Prefs
[2011/05/15 19:38:16 | 000,000,100 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\fix.reg
[2011/04/30 07:54:48 | 013,289,472 | ---- | C] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__ZBrush_Digital_Sculpting_Human_Anatomy.pdf
[2011/04/30 07:46:59 | 036,691,616 | ---- | C] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__The_Animator__039_s_Survival_Kit__Expanded_Edition__A_Manual_of_Methods__Principles_and_Formulas_for_Classical__Computer__Games__Stop_Motion_and_Inter.pdf
[2011/04/30 07:45:29 | 038,270,283 | R--- | C] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__Producing_Independent_2D_Character_Animation__Making__amp__Selling_A_Short_Film__Visual_Effects_and_Animation_Series___Focal_Press_Visual_Effects_and_.pdf
[2011/04/29 07:28:02 | 000,000,000 | ---- | C] () -- J:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/16 19:59:40 | 000,000,483 | ---- | C] () -- J:\WINDOWS\eReg.dat
[2011/04/11 11:16:01 | 000,000,340 | ---- | C] () -- J:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MPC9001-Matt.job
[2011/04/07 04:23:14 | 000,001,456 | ---- | C] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/04/07 04:22:26 | 000,000,132 | ---- | C] () -- J:\Documents and Settings\Matt\Application Data\Adobe GIF Format CS5 Prefs
[2011/04/05 21:02:21 | 000,028,776 | -H-- | C] () -- J:\WINDOWS\System32\mlfcache.dat
[2011/04/05 16:09:25 | 000,000,854 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/04/05 16:08:35 | 000,000,816 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/04/05 16:08:05 | 000,000,909 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/04/05 16:04:49 | 000,001,000 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/04/05 16:04:35 | 000,001,144 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/04/05 16:03:39 | 000,000,728 | ---- | C] () -- J:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011/04/01 00:07:02 | 010,877,272 | ---- | C] () -- J:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 00:07:02 | 000,102,744 | ---- | C] () -- J:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 00:06:56 | 000,331,608 | ---- | C] () -- J:\WINDOWS\System32\DevManagerCore.dll
[2011/03/31 23:56:42 | 000,266,828 | ---- | C] () -- J:\WINDOWS\System32\drivers\LVAFT.cfg
[2011/03/31 23:56:20 | 000,039,318 | ---- | C] () -- J:\WINDOWS\System32\Repository.reg
[2011/03/31 23:56:00 | 000,027,872 | ---- | C] () -- J:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- J:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/03/22 23:51:28 | 000,227,172 | ---- | C] () -- J:\WINDOWS\System32\drivers\LVFeL100.cfg
[2011/03/22 23:51:28 | 000,146,680 | ---- | C] () -- J:\WINDOWS\System32\drivers\LVFeL101.cfg
[2011/03/22 23:51:28 | 000,085,302 | ---- | C] () -- J:\WINDOWS\System32\drivers\LVFeL102.cfg
[2011/03/22 23:51:26 | 000,069,592 | ---- | C] () -- J:\WINDOWS\System32\drivers\LVFaL100.cfg
[2011/03/12 09:29:17 | 000,032,281 | ---- | C] () -- J:\Documents and Settings\Matt\Desktop\plans.rtf
[2011/02/18 02:34:44 | 000,014,051 | ---- | C] () -- J:\WINDOWS\System32\RaCoInst.dat
[2011/02/05 21:12:27 | 000,000,000 | ---- | C] () -- J:\WINDOWS\ativpsrm.bin
[2011/02/05 21:12:14 | 000,887,724 | ---- | C] () -- J:\WINDOWS\System32\ativva6x.dat
[2011/02/05 21:12:13 | 000,226,857 | ---- | C] () -- J:\WINDOWS\System32\atiicdxx.dat
[2011/02/05 21:12:13 | 000,000,003 | ---- | C] () -- J:\WINDOWS\System32\ativva5x.dat
[2010/07/27 00:40:27 | 000,009,799 | ---- | C] () -- J:\WINDOWS\System32\RdCi1009.dll
[2010/07/27 00:40:27 | 000,004,088 | ---- | C] () -- J:\WINDOWS\System32\Rd3t1009.DAT
[2010/03/02 07:06:52 | 000,000,000 | ---- | C] () -- J:\WINDOWS\mixer.INI
[2010/02/22 00:11:09 | 000,151,552 | ---- | C] () -- J:\WINDOWS\System32\nvRegDev.dll
[2010/02/17 15:49:58 | 000,111,928 | ---- | C] () -- J:\WINDOWS\System32\PnkBstrB.exe
[2010/02/17 15:49:54 | 002,373,712 | ---- | C] () -- J:\WINDOWS\System32\pbsvc.exe
[2010/02/17 15:49:54 | 000,075,064 | ---- | C] () -- J:\WINDOWS\System32\PnkBstrA.exe
[2010/01/13 01:19:27 | 000,000,008 | ---- | C] () -- J:\WINDOWS\System32\nvModes.dat
[2009/12/14 16:26:56 | 000,006,144 | ---- | C] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 19:37:46 | 000,030,720 | ---- | C] () -- J:\WINDOWS\6816White12.dat
[2009/12/02 19:37:46 | 000,000,024 | ---- | C] () -- J:\WINDOWS\6816Error.dat
[2009/12/02 19:37:42 | 000,030,720 | ---- | C] () -- J:\WINDOWS\6816Dark12.dat
[2009/12/02 19:37:38 | 000,000,006 | ---- | C] () -- J:\WINDOWS\6816Exposure.dat
[2009/12/02 19:37:38 | 000,000,003 | ---- | C] () -- J:\WINDOWS\6816Offset.dat
[2009/12/02 19:37:38 | 000,000,003 | ---- | C] () -- J:\WINDOWS\6816Gain.dat
[2009/11/30 17:12:24 | 000,067,863 | ---- | C] () -- J:\WINDOWS\System32\x264vfw-uninstall.exe
[2009/11/30 17:12:17 | 000,819,200 | ---- | C] () -- J:\WINDOWS\System32\xvidcore.dll
[2009/11/30 17:12:17 | 000,180,224 | ---- | C] () -- J:\WINDOWS\System32\xvidvfw.dll
[2009/11/26 20:58:40 | 000,167,936 | ---- | C] () -- J:\WINDOWS\Ausba4.dll
[2009/11/26 20:58:40 | 000,167,936 | ---- | C] () -- J:\WINDOWS\A4.dll
[2009/11/26 20:58:40 | 000,045,056 | ---- | C] () -- J:\WINDOWS\Getkey.dll
[2009/11/26 20:58:40 | 000,011,479 | ---- | C] () -- J:\WINDOWS\Dusb4ar.ini
[2009/11/26 20:58:40 | 000,002,676 | ---- | C] () -- J:\WINDOWS\Ausba4.ini
[2009/11/26 20:58:40 | 000,000,855 | ---- | C] () -- J:\WINDOWS\ScnPanel.ini
[2009/11/26 20:58:37 | 000,001,607 | ---- | C] () -- J:\WINDOWS\ePlus48U142.ini
[2009/10/25 16:14:05 | 000,004,096 | ---- | C] () -- J:\WINDOWS\d3dx.dat
[2009/10/08 20:28:50 | 000,000,000 | ---- | C] () -- J:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/10/08 20:18:59 | 000,005,632 | ---- | C] () -- J:\WINDOWS\System32\drivers\StarOpen.sys
[2009/08/31 19:13:01 | 001,183,160 | ---- | C] () -- J:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/29 22:52:01 | 000,004,212 | -H-- | C] () -- J:\WINDOWS\System32\zllictbl.dat
[2009/08/29 20:42:45 | 000,000,000 | ---- | C] () -- J:\WINDOWS\nsreg.dat
[2009/08/29 20:27:19 | 000,001,746 | ---- | C] () -- J:\WINDOWS\Language_trs.ini
[2009/08/29 20:26:23 | 000,005,810 | R--- | C] () -- J:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/29 20:26:15 | 000,023,629 | ---- | C] () -- J:\WINDOWS\Ascd_tmp.ini
[2009/08/29 20:26:15 | 000,010,296 | ---- | C] () -- J:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/29 17:13:31 | 000,002,048 | --S- | C] () -- J:\WINDOWS\bootstat.dat
[2009/08/29 17:08:54 | 000,021,640 | ---- | C] () -- J:\WINDOWS\System32\emptyregdb.dat
[2009/08/29 11:57:48 | 000,004,161 | ---- | C] () -- J:\WINDOWS\ODBCINST.INI
[2009/08/29 11:56:47 | 003,470,128 | ---- | C] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/16 23:57:00 | 001,597,690 | ---- | C] () -- J:\WINDOWS\System32\nvdata.bin
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- J:\WINDOWS\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- J:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/29 01:35:54 | 002,378,752 | ---- | C] () -- J:\WINDOWS\System32\x264vfw.dll
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- J:\WINDOWS\System32\xlive.dll.cat
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- J:\WINDOWS\System32\SSCProt.dll
[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- J:\WINDOWS\System32\InsDrvZD64.DLL
[2005/01/02 14:49:22 | 000,036,864 | ---- | C] () -- J:\WINDOWS\System32\EelMoogVCF.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- J:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- J:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,432,356 | ---- | C] () -- J:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- J:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- J:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,081,920 | ---- | C] () -- J:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 000,067,312 | ---- | C] () -- J:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- J:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- J:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- J:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- J:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- J:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- J:\WINDOWS\System32\noise.dat
[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- J:\WINDOWS\System32\InsDrvZD.dll
[2003/03/14 11:24:00 | 000,024,576 | ---- | C] () -- J:\WINDOWS\System32\ZyDelReg.exe

========== LOP Check ==========

[2010/11/16 01:48:12 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\Ableton
[2011/05/27 16:49:36 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\Alias
[2009/08/31 19:18:27 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\Autodesk
[2011/05/29 02:42:05 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/29 02:41:17 | 000,000,000 | -H-D | M] -- J:\Documents and Settings\All Users\Application Data\Common Files
[2010/04/13 01:58:23 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\FormatsCustomizer
[2011/05/29 02:43:03 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/08 08:21:11 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/09/12 14:30:53 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\SimCity Societies
[2011/01/22 16:48:30 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2011/02/28 18:17:23 | 000,000,000 | ---D | M] -- J:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/02 13:20:52 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\.minecraft
[2010/11/16 01:48:11 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Ableton
[2009/09/10 22:01:14 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\ArtificialStudios
[2011/05/27 16:53:18 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Autodesk
[2011/05/29 02:42:58 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\AVG10
[2011/04/05 20:56:18 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/27 03:11:32 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Foxit
[2011/01/10 01:00:29 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\gtk-2.0
[2011/04/29 07:28:21 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Leadertech
[2009/10/08 20:29:22 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Samsung
[2011/04/05 20:32:57 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/29 04:42:48 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\SynthEyes
[2010/10/19 05:00:08 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\SynthMaker
[2011/01/22 16:48:30 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\SYSTEMAX Software Development
[2011/02/28 18:16:45 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\TomTom
[2011/05/27 04:15:31 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\Unity
[2009/12/09 04:07:14 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Matt\Application Data\XnView

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/30 01:48:34 | 000,262,162 | ---- | M] () -- J:\bilejar.tga
[2009/08/29 11:55:49 | 000,000,210 | -HS- | M] () -- J:\boot.ini
[2010/03/18 21:09:14 | 000,262,162 | ---- | M] () -- J:\ceda_ninjas.tga
[2006/07/07 10:06:40 | 000,061,440 | ---- | M] (None) -- J:\GlueIT 1.06.exe
[2010/03/04 00:26:52 | 000,323,676 | ---- | M] () -- J:\locke.tga
[2010/03/04 00:36:15 | 000,262,162 | ---- | M] () -- J:\locke2.tga
[2010/11/10 00:56:03 | 018,194,432 | ---- | M] () -- J:\minislopes_pongland_CS3.fla
[2010/02/02 05:16:35 | 000,262,162 | ---- | M] () -- J:\murderface.tga
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- J:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- J:\ntldr
[2011/05/30 02:37:30 | 1912,602,624 | -HS- | M] () -- J:\pagefile.sys
[2010/08/13 10:37:28 | 000,000,342 | ---- | M] () -- J:\Shortcut to 3d.lnk
[2010/04/15 23:23:46 | 000,131,090 | ---- | M] () -- J:\wrong base.tga
[2010/05/07 01:21:57 | 000,131,090 | ---- | M] () -- J:\youlikethis_st.tga

< %USERPROFILE%\*.* >
[2011/05/26 04:48:24 | 000,000,848 | ---- | M] () -- J:\Documents and Settings\Matt\.recently-used.xbel
[2011/05/30 02:36:45 | 008,650,752 | -H-- | M] () -- J:\Documents and Settings\Matt\NTUSER.DAT
[2011/05/30 06:13:37 | 000,001,024 | -H-- | M] () -- J:\Documents and Settings\Matt\NTUSER.DAT.LOG
[2011/05/30 02:36:40 | 000,000,178 | -HS- | M] () -- J:\Documents and Settings\Matt\ntuser.ini
[1 J:\Documents and Settings\Matt\*.tmp files -> J:\Documents and Settings\Matt\*.tmp -> ]

< %USERPROFILE%\Application Data\*.* >
[2011/04/07 04:22:26 | 000,000,132 | ---- | M] () -- J:\Documents and Settings\Matt\Application Data\Adobe GIF Format CS5 Prefs
[2011/05/26 04:21:31 | 000,000,132 | ---- | M] () -- J:\Documents and Settings\Matt\Application Data\Adobe PNG Format CS5 Prefs
[2009/08/29 11:57:25 | 000,000,062 | -HS- | M] () -- J:\Documents and Settings\Matt\Application Data\desktop.ini
[2009/12/09 03:18:39 | 000,000,025 | -H-- | M] () -- J:\Documents and Settings\Matt\Application Data\uninst.log

< %USERPROFILE%\Local Settings\Application Data\*.* >
[2011/04/28 19:07:26 | 000,001,456 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/05/01 13:16:02 | 000,006,144 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 16:24:24 | 000,042,592 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/05/28 22:14:27 | 000,000,036 | ---- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\housecall.guid.cache
[2011/05/27 15:40:53 | 002,106,144 | -H-- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2009/12/09 03:18:39 | 000,000,025 | -H-- | M] () -- J:\Documents and Settings\Matt\Local Settings\Application Data\uninst.log

< %AllUsersProfile%\*.* >

< %AllUsersProfile%\Application Data\*.* >
[2009/08/29 11:57:25 | 000,000,062 | -HS- | M] () -- J:\Documents and Settings\All Users\Application Data\desktop.ini
[2011/05/27 17:01:12 | 000,000,952 | -HS- | M] () -- J:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/09 07:29:53 | 000,000,000 | ---- | M] () -- J:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/12/09 03:18:39 | 000,000,025 | -H-- | M] () -- J:\Documents and Settings\All Users\Application Data\temp25.log

< %USERPROFILE%\My Documents\*.* >
[2010/06/06 22:02:16 | 000,369,876 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\arrestcard.PDF
[2010/07/31 21:07:27 | 000,001,589 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\blimmleforth_poo.txt
[2009/08/29 17:17:50 | 000,000,075 | -HS- | M] () -- J:\Documents and Settings\Matt\My Documents\desktop.ini
[2011/04/30 07:45:03 | 038,270,283 | R--- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__Producing_Independent_2D_Character_Animation__Making__amp__Selling_A_Short_Film__Visual_Effects_and_Animation_Series___Focal_Press_Visual_Effects_and_.pdf
[2011/04/30 07:54:26 | 036,691,616 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__The_Animator__039_s_Survival_Kit__Expanded_Edition__A_Manual_of_Methods__Principles_and_Formulas_for_Classical__Computer__Games__Stop_Motion_and_Inter.pdf
[2011/04/30 07:57:06 | 013,289,472 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\ebooksclub.org__ZBrush_Digital_Sculpting_Human_Anatomy.pdf
[2009/12/26 19:23:08 | 000,000,066 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\GFWLIVESetupLog.txt
[2009/12/26 19:23:08 | 000,026,272 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\GFWLIVESetupLogVerbose.txt
[2010/09/16 00:52:28 | 000,021,485 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\report 20100916.html
[2011/05/27 17:36:07 | 000,688,128 | ---- | M] () -- J:\Documents and Settings\Matt\My Documents\Sketch Pad 1.sketchpad

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- J:\WINDOWS\system32\drivers\AVGIDSDriver.sys
[2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\system32\drivers\avgmfx86.sys
[2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\system32\drivers\avgrkx86.sys
[2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\WINDOWS\system32\drivers\avgtdix.sys
[2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\system32\drivers\lvrs.sys
[2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) -- J:\WINDOWS\system32\drivers\lvuvc.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll


< MD5 for: EXPLORER.EXE >
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- J:\WINDOWS\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- J:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- J:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- J:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- J:\WINDOWS\system32\dllcache\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- J:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- J:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- J:\WINDOWS\system32\winlogon.exe

< End of report >

OTL Extras logfile created on: 5/30/2011 6:12:13 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = J:\Documents and Settings\Matt\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.05% Memory free
3.63 Gb Paging File | 2.86 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): J:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Program Files
Drive C: | 931.51 Gb Total Space | 895.01 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
Drive J: | 465.75 Gb Total Space | 351.79 Gb Free Space | 75.53% Space Free | Partition Type: NTFS

Computer Name: MPC9001 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- J:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "J:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- J:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "J:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"J:\WINDOWS\system32\wmpshell32.exe" = J:\WINDOWS\system32\wmpshell32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"J:\WINDOWS\system32\sessmgr.exe" = J:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"J:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = J:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"J:\Program Files\Autodesk\Backburner\monitor.exe" = J:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"J:\Program Files\Autodesk\Backburner\manager.exe" = J:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"J:\Program Files\Autodesk\Backburner\server.exe" = J:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"J:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = J:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)
"J:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = J:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- ()
"J:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = J:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)
"J:\Program Files\Steam\Steam.exe" = J:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"J:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = J:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"J:\Program Files\Steam\SteamApps\common\zero gear\ZeroGear.bat" = J:\Program Files\Steam\SteamApps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear -- ()
"J:\WINDOWS\system32\PnkBstrA.exe" = J:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"J:\WINDOWS\system32\PnkBstrB.exe" = J:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"J:\Program Files\PlanB\bin\pbclient.exe" = J:\Program Files\PlanB\bin\pbclient.exe:*:Enabled:pbclient.exe -- ()
"J:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe" = J:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
"J:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = J:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"J:\WINDOWS\system32\ZoneLabs\vsmon.exe" = J:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"J:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = J:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"J:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = J:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"J:\WINDOWS\system32\wmpshell32.exe" = J:\WINDOWS\system32\wmpshell32.exe:*:Enabled:Windows Update Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel Painter Sketch Pad
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00D6C191-50A2-4D9C-9285-1817D8420FB6}" = IPM
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17D2D36F-BBD5-82A8-C717-E1C8A0E7A571}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39592F46-9FCF-E9A5-A740-6753BCE006D7}" = CCC Help English
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58FCA730-74A6-49C0-95A7-696D78E689A3}" = e+ 48U
"{5BD093B2-58E6-467D-99E4-E88A5FFC412C}" = Painter Sketch Pad
"{5C99D36F-DF24-417D-8FBC-E87AA3876079}" = SynthEyes Demo
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F6D9F1-98C4-473F-A540-ECDCEB6D3D76}" = Registration
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7DA6FCB8-47B7-3F8D-EA82-6941067109D9}" = Catalyst Control Center InstallProxy
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D3E92B-EA43-2B34-0C60-CD7E3DFCBC12}" = ATI Catalyst Install Manager
"{95A43C1B-AE7B-375B-CD9C-E0B1AF80008F}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}" = Autodesk SketchBookExpress 2011
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE831DA7-B6A3-F903-B993-4EA12ED2AC88}" = ccc-core-static
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E7562F88-BDCC-44D3-9C6B-313FC43052B7}" = IconHandler 32 bit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel SketchPad - ICA
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0100437-007E-405A-8CD6-E1E38E68CE76}" = Corel Painter 8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0.1" = Adobe Illustrator 9.0.1
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"AVG" = AVG 2011
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comical_is1" = Comical 0.8
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"GCFScape_is1" = GCFScape 1.7.5
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IL Download Manager" = IL Download Manager
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Masonry Designer - Acme Brick" = Masonry Designer - Acme Brick
"MeshLab" = MeshLab 1.2.3b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.14
"Mirror Morph Plugin" = Mirror Morph Plugin Pre-Alpha
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PlanB" = PlanB
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"reFX Slayer 2.6.1_is1" = reFX Slayer 2.6.1
"Sakura" = Sakura
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sawer" = Sawer
"shaderFX_is1" = shaderFX 3.50
"StarCraft II" = StarCraft II
"Steam App 18820" = Zero Gear
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Super Eel" = Super Eel 2.0
"Tattoo" = Tattoo
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Toxic Biohazard" = Toxic Biohazard
"UDK-b3b4539c-489c-4217-b419-f5560d34a7aa" = Unreal Development Kit: 2009-11
"VLC media player" = VLC media player 1.0.3
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WIC" = Windows Imaging Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XnView_is1" = XnView 1.97
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zign Track Pro Demo_is1" = Zign Track Pro Demo
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-573735546-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2010 6:36:27 PM | Computer Name = MPC9001 | Source = Application Error | ID = 1000
Description = Faulting application zbrush.exe, version 3.5.3.0, faulting module
zbrush.exe, version 3.5.3.0, fault address 0x017a1b98.

Error - 2/17/2010 1:26:14 PM | Computer Name = MPC9001 | Source = Google Update | ID = 20
Description =

Error - 2/17/2010 2:26:05 PM | Computer Name = MPC9001 | Source = Google Update | ID = 20
Description =

Error - 2/17/2010 2:58:15 PM | Computer Name = MPC9001 | Source = Application Hang | ID = 1002
Description = Hanging application Launcher.exe, version 3.6.10.26, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/17/2010 2:58:37 PM | Computer Name = MPC9001 | Source = Application Hang | ID = 1002
Description = Hanging application Launcher.exe, version 3.6.10.26, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 8:22:42 PM | Computer Name = MPC9001 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/25/2010 6:26:15 PM | Computer Name = MPC9001 | Source = Google Update | ID = 20
Description =

Error - 2/25/2010 11:42:55 PM | Computer Name = MPC9001 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/2/2010 5:31:14 AM | Computer Name = MPC9001 | Source = Google Update | ID = 20
Description =

Error - 3/5/2010 7:47:37 AM | Computer Name = MPC9001 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 5/28/2011 4:02:09 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/28/2011 4:07:08 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/28/2011 11:11:22 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7034
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/28/2011 11:11:34 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/29/2011 7:34:16 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/29/2011 9:31:35 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/29/2011 10:46:11 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/29/2011 10:46:18 PM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
uagp35 ViaIde

Error - 5/30/2011 2:46:39 AM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/30/2011 3:38:18 AM | Computer Name = MPC9001 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058


< End of report >

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 06:23:16
-----------------------------
06:23:16.062 OS Version: Windows 5.1.2600 Service Pack 2
06:23:16.062 Number of processors: 4 586 0x202
06:23:16.062 ComputerName: MPC9001 UserName: Matt
06:23:17.468 Initialize success
06:23:30.000 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:23:30.000 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
06:23:30.000 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
06:23:30.000 Disk 1 Vendor: WDC_WD10EADS-00P6B0 01.00A01 Size: 953869MB BusType: 3
06:23:32.015 Disk 1 MBR read successfully
06:23:32.015 Disk 1 MBR scan
06:23:32.015 Disk 1 unknown MBR code
06:23:34.015 Disk 1 scanning sectors +1953520065
06:23:34.031 Disk 1 scanning J:\WINDOWS\system32\drivers
06:24:03.546 Service scanning
06:24:04.406 Disk 1 trace - called modules:
06:24:04.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
06:24:04.406 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a53eab8]
06:24:04.406 3 CLASSPNP.SYS[b810905b] -> nt!IofCallDriver -> \Device\0000007c[0x8a5609e8]
06:24:04.406 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a56bd98]
06:24:25.250 Unsigned kernel modules:
06:24:25.250 0xb8430000 J:\WINDOWS\System32\Drivers\StarOpen.SYS
06:24:29.156 0xa7d48000 J:\WINDOWS\system32\DRIVERS\secdrv.sys
06:24:29.375 0xb8400000 J:\DOCUME~1\Matt\LOCALS~1\Temp\mbr.sys
06:24:29.390 0xa6780000 J:\DOCUME~1\Matt\LOCALS~1\Temp\fxtdypoc.sys
06:24:29.578 Scan finished successfully
06:24:39.546 Disk 1 MBR has been saved successfully to "J:\Documents and Settings\Matt\Desktop\MBR.dat"
06:24:39.562 The log file has been saved successfully to "J:\Documents and Settings\Matt\Desktop\aswMBR.txt"

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 05:55 AM

Hello,



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

J:\WINDOWS\system32\aticalrt32.dll

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/



Regards,
Georgi

cXfZ4wS.png


#5 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 06:03 AM

Here are the results:

AhnLab-V3 2011.05.30.01 2011.05.30 -
AntiVir 7.11.8.167 2011.05.30 -
Antiy-AVL 2.0.3.7 2011.05.30 -
Avast 4.8.1351.0 2011.05.30 -
Avast5 5.0.677.0 2011.05.30 -
AVG 10.0.0.1190 2011.05.30 -
BitDefender 7.2 2011.05.30 Gen:Variant.Kazy.22600
CAT-QuickHeal 11.00 2011.05.30 -
ClamAV 0.97.0.0 2011.05.30 -
Commtouch 5.3.2.6 2011.05.29 -
Comodo 8891 2011.05.30 -
DrWeb 5.0.2.03300 2011.05.30 -
eSafe 7.0.17.0 2011.05.26 -
eTrust-Vet 36.1.8356 2011.05.30 -
F-Prot 4.6.2.117 2011.05.28 -
F-Secure 9.0.16440.0 2011.05.30 Gen:Variant.Kazy.22600
Fortinet 4.2.257.0 2011.05.30 -
GData 22 2011.05.30 Gen:Variant.Kazy.22600
Ikarus T3.1.1.104.0 2011.05.30 Gen.Variant.Kazy
Jiangmin 13.0.900 2011.05.29 -
K7AntiVirus 9.104.4734 2011.05.28 -
Kaspersky 9.0.0.837 2011.05.30 -
McAfee 5.400.0.1158 2011.05.30 -
McAfee-GW-Edition 2010.1D 2011.05.29 -
Microsoft 1.6903 2011.05.30 -
NOD32 6164 2011.05.30 -
Norman 6.07.07 2011.05.30 -
nProtect 2011-05-30.02 2011.05.30 Gen:Variant.Kazy.22600
Panda 10.0.3.5 2011.05.29 Suspicious file
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.30 -
Rising 23.60.00.03 2011.05.30 Trojan.Win32.Generic.12886245
Sophos 4.65.0 2011.05.30 -
SUPERAntiSpyware 4.40.0.1006 2011.05.29 -
Symantec 20111.1.0.186 2011.05.30 -
TheHacker 6.7.0.1.212 2011.05.28 -
TrendMicro 9.200.0.1012 2011.05.30 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.30 -
VBA32 3.12.16.0 2011.05.30 -
VIPRE 9432 2011.05.30 -
ViRobot 2011.5.30.4485 2011.05.30 -
VirusBuster 13.6.376.0 2011.05.29 -

MD5 : 7049f913209cf7e78d8e49968681ade8
SHA1 : 7c3e73232abc172ee45cf35fad671f6c488f5981
SHA256: ff33bfb45ce5617d83d821775594e4abadf717f7cf2b523428a047ece99d9d79
ssdeep: 6144:wMsgaehFPLAV6gNaLRoOhiC5+eocUICRni5QUvpp99:ZaiLh3G+Tkni5QURT9
File size : 350720 bytes
First seen: 2011-05-29 01:54:37
Last seen : 2011-05-30 10:52:18
TrID:
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: wpcubed GmbH
copyright....: 2004-2006 © WPCubed GmbH _ Julian Ziersch
product......: WPViewPDF
description..: WPViewPDF
original name: WPViewPDF
internal name: WPViewPDF DLL
file version.: 1.4.3.0
comments.....: www.pdfcontrol.com / www.wptools.de
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x92D2
timedatestamp....: 0x41093570 (Thu Jul 29 17:35:44 2004)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA000, 0x9C00, 5.87, 89f8918e5d8ee2bda7fcf3b4306a2ae1
.data, 0xB000, 0x23000, 0x22400, 7.49, 2fd9d9207cd8709d7273d7ddcf55f06e
.rdata, 0x2E000, 0x28000, 0x27600, 7.50, 8718fd2f8df2ca66a2e026aae14d116b
.bss, 0x56000, 0x30000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.edata, 0x86000, 0x1000, 0x200, 3.33, aad73678652f37239957a7416ed299f0
.idata, 0x87000, 0x1000, 0x800, 4.87, 09e2ff765dd8b1c1b0a3cc0ca6bd895a
.rsrc, 0x88000, 0x1000, 0x600, 2.73, 79f921fc4b18eea174d513752e086ad8
.reloc, 0x89000, 0xFDE, 0x1000, 6.78, 52db628b369a6461c986e53d307d7d2d

[[ 10 import(s) ]]
ADVAPI32.dll: CryptDestroyHash, GetMultipleTrusteeW, RegQueryValueExW, AccessCheckByTypeResultListAndAuditAlarmA
KERNEL32.dll: GetProcAddress, GlobalReAlloc, LoadLibraryA, GetModuleHandleA, VirtualAlloc, VirtualFree, SetFilePointer, ExitProcess, FindFirstFileA
ole32.dll: CoBuildVersion, CoGetMalloc, IsValidPtrIn, IsAccelerator, IIDFromString, CoTaskMemFree
SETUPAPI.dll: SetupSetDirectoryIdExA, SetupGetBackupInformationA, SetupDiSelectDevice, SetupDiGetClassImageListExW, SetupDiEnumDriverInfoA, SetupAddToSourceListW
USER32.dll: OpenIcon, RegisterDeviceNotificationW, UnionRect, UnregisterDeviceNotification, UpdateLayeredWindow, OemKeyScan, MapVirtualKeyExA, IsCharUpperA, GetClassInfoW, FindWindowA, EnumPropsW, EnumDisplaySettingsW, EnumDisplayDevicesA, CharPrevA, RegisterClassExA, EqualRect
OLEPRO32.DLL: -, -, -, -, -
OLEACC.dll: GetStateTextA, GetRoleTextA
security.dll: InitializeSecurityContextA, InitSecurityInterfaceA
COMCTL32.dll: InitializeFlatSB, ImageList_DragShowNolock
MSVCRT.dll: __getmainargs, __set_app_type, exit, strpbrk, __p__commode

[[ 9 export(s) ]]
FileDirectoryDateTimeSet, GetDiscUsedSpace, GetFastReadTOC, GetNodeObject, GrabDVD, ISO9660JolietFileTreeGetNamesEx, TrackAtOnceFromPipe, UpStart, VersionGet
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 40960
Comments: www.pdfcontrol.com / www.wptools.de
CompanyName: wpcubed GmbH
EntryPoint: 0x92d2
FileDescription: WPViewPDF
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 342 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.4.3.0
FileVersionNumber: 1.4.3.0
ImageVersion: 1.0
InitializedDataSize: 364544
InternalName: WPViewPDF DLL
LanguageCode: German
LegalCopyright: 2004-2006 © WPCubed GmbH & Julian Ziersch
LegalTrademarks:
LinkerVersion: 2.38
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: WPViewPDF
PEType: PE32
ProductName: WPViewPDF
ProductVersion: 1.x
ProductVersionNumber: 1.4.3.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:07:29 19:35:44+02:00
UninitializedDataSize: 196608
Symantec reputation:Suspicious.Insight

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 07:01 AM

Hello mo536,



We need to disable Spybot S&D's "TeaTimer"



TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy




Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe. Follow the prompts leaving the values at default.





We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    File not found (No name found) -- 
    O2 - BHO: (no name) - {2624BF0D-FA01-4928-AF11-16885C34CE49} - J:\WINDOWS\system32\aticalrt32.dll (wpcubed GmbH)
    O2 - BHO: (no name) - {4C497E1A-FA01-4928-AF11-16885C34CE49} - J:\WINDOWS\system32\aticalrt32.dll (wpcubed GmbH)
    O2 - BHO: (d0b95852) - {85AA134A-81C5-BE05-73A6-4918362C8829} - File not found
    O20 - AppInit_DLLs: (J:\WINDOWS\system32\nlsdl32.dll) - File not found
    :files
    j:\documents and settings\matt\lthiqdzhkg.tmp
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000000
    :commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.





Download, and install free 7-zip

Navigate to C:\_OTL <= Important do not open the folder when you select it!!! :exclame:

Right click on it and select "7-zip", then "Add to archive.."

Posted Image

Go to "encryption" and type infected as a password. (don't forget to re-enter the password) :exclame:

Leave all other settings to default, and click OK.

New file with .zip extension will be created in very same folder.

Next upload the archive here

Finally delete the created archive !!! :exclame:



How are the things now ? Are there any problems left ?



Regards,
Georgi

cXfZ4wS.png


#7 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 07:28 AM

Okay, I followed the instructions and uploaded the zip.

Unfortunately, I'm still getting the redirects in Firefox.

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 07:34 AM

Hello mo536,



I need to see the OTL log .

Please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.

Copy/paste the content of the log back here in your next post.




Next please


  • Download TDSSKiller and save it to your Desktop. <-- Make sure you downloaded the latest version 2.5.3.0
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an malicious object is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • Select Skip to the sptd.sys.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Regards,
Georgi

cXfZ4wS.png


#9 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 07:48 AM

Here's the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2624BF0D-FA01-4928-AF11-16885C34CE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2624BF0D-FA01-4928-AF11-16885C34CE49}\ deleted successfully.
J:\WINDOWS\system32\aticalrt32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C497E1A-FA01-4928-AF11-16885C34CE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C497E1A-FA01-4928-AF11-16885C34CE49}\ deleted successfully.
File J:\WINDOWS\system32\aticalrt32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85AA134A-81C5-BE05-73A6-4918362C8829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85AA134A-81C5-BE05-73A6-4918362C8829}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:J:\WINDOWS\system32\nlsdl32.dll deleted successfully.
========== FILES ==========
j:\documents and settings\matt\lthiqdzhkg.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_081501

I downloaded and ran TDSKiller, but it didn't find anything.
Edit: Oops, here's the log from it...
2011/05/30 08:45:27.0875 2528 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 08:45:29.0890 2528 ================================================================================
2011/05/30 08:45:29.0890 2528 SystemInfo:
2011/05/30 08:45:29.0890 2528
2011/05/30 08:45:29.0890 2528 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 08:45:29.0890 2528 Product type: Workstation
2011/05/30 08:45:29.0890 2528 ComputerName: MPC9001
2011/05/30 08:45:29.0890 2528 UserName: Matt
2011/05/30 08:45:29.0890 2528 Windows directory: J:\WINDOWS
2011/05/30 08:45:29.0890 2528 System windows directory: J:\WINDOWS
2011/05/30 08:45:29.0890 2528 Processor architecture: Intel x86
2011/05/30 08:45:29.0890 2528 Number of processors: 4
2011/05/30 08:45:29.0890 2528 Page size: 0x1000
2011/05/30 08:45:29.0890 2528 Boot type: Normal boot
2011/05/30 08:45:29.0890 2528 ================================================================================
2011/05/30 08:45:31.0640 2528 Initialize success
2011/05/30 08:45:51.0093 2880 ================================================================================
2011/05/30 08:45:51.0093 2880 Scan started
2011/05/30 08:45:51.0093 2880 Mode: Manual;
2011/05/30 08:45:51.0093 2880 ================================================================================
2011/05/30 08:45:52.0484 2880 ACPI (a10c7534f7223f4a73a948967d00e69b) J:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 08:45:52.0515 2880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) J:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 08:45:52.0593 2880 AE1000 (861fda9771c4eb75f17aec4cd171c9b6) J:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/05/30 08:45:52.0640 2880 aec (841f385c6cfaf66b58fbd898722bb4f0) J:\WINDOWS\system32\drivers\aec.sys
2011/05/30 08:45:52.0687 2880 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) J:\WINDOWS\System32\drivers\afd.sys
2011/05/30 08:45:52.0812 2880 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) J:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/30 08:45:52.0875 2880 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) J:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/30 08:45:52.0906 2880 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) J:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/05/30 08:45:52.0953 2880 AmdPPM (033448d435e65c4bd72e70521fd05c76) J:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/05/30 08:45:52.0984 2880 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) J:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 08:45:53.0046 2880 AsyncMac (02000abf34af4c218c35d257024807d6) J:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 08:45:53.0062 2880 atapi (cdfe4411a69c224bd1d11b2da92dac51) J:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 08:45:53.0312 2880 ati2mtag (6936f713dc69ade85c50788990e34c16) J:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/30 08:45:53.0390 2880 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) J:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 08:45:53.0421 2880 audstub (d9f724aa26c010a217c97606b160ed68) J:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 08:45:53.0468 2880 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) J:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/30 08:45:53.0515 2880 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) J:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/30 08:45:53.0562 2880 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) J:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/30 08:45:53.0593 2880 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) J:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/30 08:45:53.0640 2880 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) J:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/30 08:45:53.0656 2880 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) J:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/30 08:45:53.0687 2880 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) J:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/30 08:45:53.0734 2880 Avgtdix (aaf0ebcad95f2164cffb544e00392498) J:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/30 08:45:53.0781 2880 Beep (da1f27d85e0d1525f6621372e7b685e9) J:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 08:45:53.0843 2880 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) J:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/05/30 08:45:53.0906 2880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) J:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 08:45:53.0937 2880 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) J:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/30 08:45:54.0000 2880 Cdaudio (c1b486a7658353d33a10cc15211a873b) J:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 08:45:54.0046 2880 Cdfs (cd7d5152df32b47f4e36f710b35aae02) J:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 08:45:54.0093 2880 Cdrom (af9c19b3100fe010496b1a27181fbf72) J:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 08:45:54.0218 2880 Disk (00ca44e4534865f8a3b64f7c0984bff0) J:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 08:45:54.0265 2880 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) J:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 08:45:54.0312 2880 dmio (f5e7b358a732d09f4bcf2824b88b9e28) J:\WINDOWS\system32\drivers\dmio.sys
2011/05/30 08:45:54.0343 2880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) J:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 08:45:54.0375 2880 DMusic (a6f881284ac1150e37d9ae47ff601267) J:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 08:45:54.0421 2880 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) J:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 08:45:54.0453 2880 Fastfat (3117f595e9615e04f05a54fc15a03b20) J:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 08:45:54.0484 2880 Fdc (ced2e8396a8838e59d8fd529c680e02c) J:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 08:45:54.0515 2880 FETNDIS (e9648254056bce81a85380c0c3647dc4) J:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/05/30 08:45:54.0546 2880 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) J:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 08:45:54.0562 2880 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) J:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 08:45:54.0609 2880 FltMgr (157754f0df355a9e0a6f54721914f9c6) J:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/30 08:45:54.0625 2880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) J:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 08:45:54.0640 2880 Ftdisk (6ac26732762483366c3969c9e4d2259d) J:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 08:45:54.0671 2880 Gpc (c0f1d4a21de5a415df8170616703debf) J:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 08:45:54.0718 2880 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) J:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/30 08:45:54.0750 2880 hidusb (1de6783b918f540149aa69943bdfeba8) J:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 08:45:54.0796 2880 HTTP (c19b522a9ae0bbc3293397f3055e80a1) J:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 08:45:54.0875 2880 i8042prt (5502b58eef7486ee6f93f3f164dcb808) J:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 08:45:54.0890 2880 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) J:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 08:45:55.0031 2880 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) J:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/30 08:45:55.0093 2880 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) J:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/30 08:45:55.0125 2880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 08:45:55.0156 2880 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) J:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 08:45:55.0187 2880 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) J:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 08:45:55.0203 2880 IPSec (64537aa5c003a6afeee1df819062d0d1) J:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 08:45:55.0250 2880 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) J:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 08:45:55.0265 2880 isapnp (e504f706ccb699c2596e9a3da1596e87) J:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 08:45:55.0281 2880 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) J:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 08:45:55.0312 2880 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) J:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 08:45:55.0343 2880 kmixer (d93cad07c5683db066b0b2d2d3790ead) J:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 08:45:55.0375 2880 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) J:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 08:45:55.0437 2880 LVRS (b6e1ccd6572984adcae68439afd07011) J:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/30 08:45:55.0578 2880 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) J:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/30 08:45:55.0718 2880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) J:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 08:45:55.0734 2880 Modem (6fc6f9d7acc36dca9b914565a3aeda05) J:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 08:45:55.0765 2880 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) J:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/30 08:45:55.0828 2880 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) J:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/30 08:45:55.0921 2880 Mouclass (34e1f0031153e491910e12551400192c) J:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 08:45:55.0937 2880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) J:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 08:45:55.0968 2880 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) J:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 08:45:56.0000 2880 MRxDAV (46edcc8f2db2f322c24f48785cb46366) J:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 08:45:56.0031 2880 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 08:45:56.0062 2880 Msfs (561b3a4333ca2dbdba28b5b956822519) J:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 08:45:56.0093 2880 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) J:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 08:45:56.0109 2880 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) J:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 08:45:56.0125 2880 MSPQM (1988a33ff19242576c3d0ef9ce785da7) J:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 08:45:56.0156 2880 mssmbios (469541f8bfd2b32659d5d463a6714bce) J:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 08:45:56.0203 2880 MSTEE (bf13612142995096ab084f2db7f40f77) J:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/30 08:45:56.0234 2880 Mtlmnt5 (c53775780148884ac87c455489a0c070) J:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/05/30 08:45:56.0281 2880 Mtlstrm (54886a652bf5685192141df304e923fd) J:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/05/30 08:45:56.0343 2880 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) J:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/05/30 08:45:56.0359 2880 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) J:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 08:45:56.0390 2880 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) J:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/30 08:45:56.0406 2880 NDIS (558635d3af1c7546d26067d5d9b6959e) J:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 08:45:56.0437 2880 NdisIP (520ce427a8b298f54112857bcf6bde15) J:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/30 08:45:56.0484 2880 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) J:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 08:45:56.0515 2880 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) J:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 08:45:56.0546 2880 NdisWan (0b90e255a9490166ab368cd55a529893) J:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 08:45:56.0562 2880 NDProxy (59fc3fb44d2669bc144fd87826bb571f) J:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 08:45:56.0578 2880 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) J:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 08:45:56.0609 2880 NetBT (0c80e410cd2f47134407ee7dd19cc86b) J:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 08:45:56.0656 2880 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) J:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 08:45:56.0671 2880 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) J:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 08:45:56.0703 2880 Ntfs (b78be402c3f63dd55521f73876951cdd) J:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 08:45:56.0765 2880 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) J:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/05/30 08:45:56.0781 2880 Null (73c1e1f395918bc2c6dd67af7591a3ad) J:\WINDOWS\system32\drivers\Null.sys
2011/05/30 08:45:56.0968 2880 nv (4f15e1e56703f59c0ac00022162e5308) J:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/30 08:45:57.0203 2880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 08:45:57.0218 2880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 08:45:57.0234 2880 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) J:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 08:45:57.0281 2880 Parport (29744eb4ce659dfe3b4122deb45bc478) J:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/30 08:45:57.0296 2880 PartMgr (3334430c29dc338092f79c38ef7b4cd0) J:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 08:45:57.0328 2880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) J:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 08:45:57.0343 2880 PCI (8086d9979234b603ad5bc2f5d890b234) J:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 08:45:57.0375 2880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) J:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 08:45:57.0390 2880 Pcmcia (82a087207decec8456fbe8537947d579) J:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 08:45:57.0515 2880 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) J:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 08:45:57.0562 2880 Processor (0d97d88720a4087ec93af7dbb303b30a) J:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/30 08:45:57.0578 2880 PSched (48671f327553dcf1d27f6197f622a668) J:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 08:45:57.0593 2880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) J:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 08:45:57.0703 2880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) J:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 08:45:57.0718 2880 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 08:45:57.0734 2880 RasPppoe (7306eeed8895454cbed4669be9f79faa) J:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 08:45:57.0750 2880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) J:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 08:45:57.0781 2880 Rdbss (29d66245adba878fff574cd66abd2884) J:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 08:45:57.0812 2880 RDID1009 (5eb5bf181e42be9cbf07d6332707fe73) J:\WINDOWS\system32\Drivers\rdwm1009.sys
2011/05/30 08:45:57.0843 2880 RDPCDD (4912d5b403614ce99c28420f75353332) J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 08:45:57.0906 2880 RDPWD (d4f5643d7714ef499ae9527fdcd50894) J:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 08:45:57.0921 2880 RecAgent (e9aaa0092d74a9d371659c4c38882e12) J:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/05/30 08:45:57.0953 2880 redbook (b31b4588e4086d8d84adbf9845c2402b) J:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 08:45:58.0031 2880 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) J:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 08:45:58.0046 2880 SASKUTIL (61db0d0756a99506207fd724e3692b25) J:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 08:45:58.0078 2880 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) J:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 08:45:58.0093 2880 serenum (a2d868aeeff612e70e213c451a70cafb) J:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/30 08:45:58.0109 2880 Serial (cd9404d115a00d249f70a371b46d5a26) J:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/30 08:45:58.0140 2880 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) J:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 08:45:58.0203 2880 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) J:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/30 08:45:58.0234 2880 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) J:\WINDOWS\system32\DRIVERS\slnt7554.sys
2011/05/30 08:45:58.0265 2880 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) J:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/05/30 08:45:58.0281 2880 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) J:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/05/30 08:45:58.0328 2880 splitter (8e186b8f23295d1e42c573b82b80d548) J:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 08:45:58.0359 2880 sr (e41b6d037d6cd08461470af04500dc24) J:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 08:45:58.0437 2880 Srv (20b7e396720353e4117d64d9dcb926ca) J:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 08:45:58.0468 2880 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) J:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/05/30 08:45:58.0500 2880 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) J:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/05/30 08:45:58.0531 2880 sscdmdm (71d348d53597379dfe1de255d70af13c) J:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/05/30 08:45:58.0562 2880 StarOpen (306521935042fc0a6988d528643619b3) J:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/30 08:45:58.0593 2880 streamip (284c57df5dc7abca656bc2b96a667afb) J:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/30 08:45:58.0609 2880 swenum (03c1bae4766e2450219d20b993d6e046) J:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 08:45:58.0656 2880 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) J:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 08:45:58.0734 2880 sysaudio (650ad082d46bac0e64c9c0e0928492fd) J:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 08:45:58.0781 2880 Tcpip (9f4b36614a0fc234525ba224957de55c) J:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 08:45:58.0843 2880 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) J:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 08:45:58.0875 2880 TDTCP (ed0580af02502d00ad8c4c066b156be9) J:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 08:45:58.0906 2880 TermDD (a540a99c281d933f3d69d55e48727f47) J:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 08:45:58.0968 2880 uagp35 (49c805d42d75eddc9b6a7130999c9054) J:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/05/30 08:45:59.0000 2880 Udfs (12f70256f140cd7d52c58c7048fde657) J:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 08:45:59.0062 2880 Update (aff2e5045961bbc0a602bb6f95eb1345) J:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 08:45:59.0109 2880 usbaudio (45a0d14b26c35497ad93bce7e15c9941) J:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/30 08:45:59.0140 2880 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) J:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 08:45:59.0171 2880 usbehci (15e993ba2f6946b2bfbbfcd30398621e) J:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 08:45:59.0203 2880 usbhub (c72f40947f92cea56a8fb532edf025f1) J:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 08:45:59.0234 2880 usbohci (bdfe799a8531bad8a5a985821fe78760) J:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/30 08:45:59.0281 2880 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) J:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 08:45:59.0343 2880 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 08:45:59.0375 2880 usbuhci (f8fd1400092e23c8f2f31406ef06167b) J:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 08:45:59.0406 2880 usbvideo (8968ff3973a883c49e8b564200f565b9) J:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/30 08:45:59.0437 2880 VgaSave (8a60edd72b4ea5aea8202daf0e427925) J:\WINDOWS\System32\drivers\vga.sys
2011/05/30 08:45:59.0453 2880 ViaIde (59cb1338ad3654417bea49636457f65d) J:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/30 08:45:59.0484 2880 VolSnap (ee4660083deba849ff6c485d944b379b) J:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 08:45:59.0500 2880 vsdatant (050c38ebb22512122e54b47dc278bccd) J:\WINDOWS\system32\vsdatant.sys
2011/05/30 08:45:59.0609 2880 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) J:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/05/30 08:45:59.0640 2880 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) J:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/05/30 08:45:59.0671 2880 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) J:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/05/30 08:45:59.0703 2880 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) J:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 08:45:59.0750 2880 wdmaud (2797f33ebf50466020c430ee4f037933) J:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 08:45:59.0812 2880 WSTCODEC (d5842484f05e12121c511aa93f6439ec) J:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/30 08:45:59.0843 2880 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) J:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/05/30 08:45:59.0921 2880 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 08:46:00.0046 2880 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/05/30 08:46:00.0125 2880 ================================================================================
2011/05/30 08:46:00.0125 2880 Scan finished
2011/05/30 08:46:00.0125 2880 ================================================================================
2011/05/30 08:46:00.0140 4052 Detected object count: 0
2011/05/30 08:46:00.0140 4052 Actual detected object count: 0
2011/05/30 08:46:38.0687 3912 ================================================================================
2011/05/30 08:46:38.0687 3912 Scan started
2011/05/30 08:46:38.0687 3912 Mode: Manual;
2011/05/30 08:46:38.0687 3912 ================================================================================
2011/05/30 08:46:39.0468 3912 ACPI (a10c7534f7223f4a73a948967d00e69b) J:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 08:46:39.0500 3912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) J:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 08:46:39.0562 3912 AE1000 (861fda9771c4eb75f17aec4cd171c9b6) J:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/05/30 08:46:39.0609 3912 aec (841f385c6cfaf66b58fbd898722bb4f0) J:\WINDOWS\system32\drivers\aec.sys
2011/05/30 08:46:39.0656 3912 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) J:\WINDOWS\System32\drivers\afd.sys
2011/05/30 08:46:39.0765 3912 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) J:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/30 08:46:39.0796 3912 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) J:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/30 08:46:39.0843 3912 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) J:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/05/30 08:46:39.0875 3912 AmdPPM (033448d435e65c4bd72e70521fd05c76) J:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/05/30 08:46:39.0921 3912 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) J:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 08:46:39.0984 3912 AsyncMac (02000abf34af4c218c35d257024807d6) J:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 08:46:40.0000 3912 atapi (cdfe4411a69c224bd1d11b2da92dac51) J:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 08:46:40.0250 3912 ati2mtag (6936f713dc69ade85c50788990e34c16) J:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/30 08:46:40.0296 3912 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) J:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 08:46:40.0343 3912 audstub (d9f724aa26c010a217c97606b160ed68) J:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 08:46:40.0390 3912 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) J:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/30 08:46:40.0421 3912 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) J:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/30 08:46:40.0437 3912 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) J:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/30 08:46:40.0468 3912 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) J:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/30 08:46:40.0500 3912 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) J:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/30 08:46:40.0531 3912 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) J:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/30 08:46:40.0546 3912 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) J:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/30 08:46:40.0578 3912 Avgtdix (aaf0ebcad95f2164cffb544e00392498) J:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/30 08:46:40.0625 3912 Beep (da1f27d85e0d1525f6621372e7b685e9) J:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 08:46:40.0671 3912 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) J:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/05/30 08:46:40.0718 3912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) J:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 08:46:40.0750 3912 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) J:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/30 08:46:40.0796 3912 Cdaudio (c1b486a7658353d33a10cc15211a873b) J:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 08:46:40.0859 3912 Cdfs (cd7d5152df32b47f4e36f710b35aae02) J:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 08:46:40.0906 3912 Cdrom (af9c19b3100fe010496b1a27181fbf72) J:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 08:46:41.0031 3912 Disk (00ca44e4534865f8a3b64f7c0984bff0) J:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 08:46:41.0078 3912 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) J:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 08:46:41.0109 3912 dmio (f5e7b358a732d09f4bcf2824b88b9e28) J:\WINDOWS\system32\drivers\dmio.sys
2011/05/30 08:46:41.0140 3912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) J:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 08:46:41.0171 3912 DMusic (a6f881284ac1150e37d9ae47ff601267) J:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 08:46:41.0218 3912 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) J:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 08:46:41.0250 3912 Fastfat (3117f595e9615e04f05a54fc15a03b20) J:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 08:46:41.0281 3912 Fdc (ced2e8396a8838e59d8fd529c680e02c) J:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 08:46:41.0312 3912 FETNDIS (e9648254056bce81a85380c0c3647dc4) J:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/05/30 08:46:41.0343 3912 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) J:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 08:46:41.0359 3912 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) J:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 08:46:41.0390 3912 FltMgr (157754f0df355a9e0a6f54721914f9c6) J:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/30 08:46:41.0406 3912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) J:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 08:46:41.0421 3912 Ftdisk (6ac26732762483366c3969c9e4d2259d) J:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 08:46:41.0453 3912 Gpc (c0f1d4a21de5a415df8170616703debf) J:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 08:46:41.0500 3912 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) J:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/30 08:46:41.0531 3912 hidusb (1de6783b918f540149aa69943bdfeba8) J:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 08:46:41.0578 3912 HTTP (c19b522a9ae0bbc3293397f3055e80a1) J:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 08:46:41.0671 3912 i8042prt (5502b58eef7486ee6f93f3f164dcb808) J:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 08:46:41.0687 3912 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) J:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 08:46:41.0828 3912 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) J:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/30 08:46:41.0890 3912 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) J:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/30 08:46:41.0921 3912 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) J:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 08:46:41.0937 3912 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) J:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 08:46:41.0968 3912 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) J:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 08:46:41.0984 3912 IPSec (64537aa5c003a6afeee1df819062d0d1) J:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 08:46:42.0015 3912 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) J:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 08:46:42.0031 3912 isapnp (e504f706ccb699c2596e9a3da1596e87) J:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 08:46:42.0046 3912 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) J:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 08:46:42.0078 3912 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) J:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 08:46:42.0109 3912 kmixer (d93cad07c5683db066b0b2d2d3790ead) J:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 08:46:42.0140 3912 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) J:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 08:46:42.0203 3912 LVRS (b6e1ccd6572984adcae68439afd07011) J:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/30 08:46:42.0328 3912 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) J:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/30 08:46:42.0375 3912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) J:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 08:46:42.0406 3912 Modem (6fc6f9d7acc36dca9b914565a3aeda05) J:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 08:46:42.0453 3912 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) J:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/30 08:46:42.0500 3912 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) J:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/30 08:46:42.0531 3912 Mouclass (34e1f0031153e491910e12551400192c) J:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 08:46:42.0562 3912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) J:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 08:46:42.0578 3912 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) J:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 08:46:42.0609 3912 MRxDAV (46edcc8f2db2f322c24f48785cb46366) J:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 08:46:42.0640 3912 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) J:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 08:46:42.0656 3912 Msfs (561b3a4333ca2dbdba28b5b956822519) J:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 08:46:42.0687 3912 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) J:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 08:46:42.0703 3912 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) J:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 08:46:42.0718 3912 MSPQM (1988a33ff19242576c3d0ef9ce785da7) J:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 08:46:42.0796 3912 mssmbios (469541f8bfd2b32659d5d463a6714bce) J:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 08:46:43.0000 3912 MSTEE (bf13612142995096ab084f2db7f40f77) J:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/30 08:46:43.0031 3912 Mtlmnt5 (c53775780148884ac87c455489a0c070) J:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/05/30 08:46:43.0078 3912 Mtlstrm (54886a652bf5685192141df304e923fd) J:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/05/30 08:46:43.0109 3912 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) J:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/05/30 08:46:43.0125 3912 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) J:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 08:46:43.0156 3912 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) J:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/30 08:46:43.0171 3912 NDIS (558635d3af1c7546d26067d5d9b6959e) J:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 08:46:43.0203 3912 NdisIP (520ce427a8b298f54112857bcf6bde15) J:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/30 08:46:43.0250 3912 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) J:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 08:46:43.0281 3912 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) J:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 08:46:43.0312 3912 NdisWan (0b90e255a9490166ab368cd55a529893) J:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 08:46:43.0328 3912 NDProxy (59fc3fb44d2669bc144fd87826bb571f) J:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 08:46:43.0343 3912 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) J:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 08:46:43.0375 3912 NetBT (0c80e410cd2f47134407ee7dd19cc86b) J:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 08:46:43.0421 3912 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) J:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 08:46:43.0437 3912 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) J:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 08:46:43.0468 3912 Ntfs (b78be402c3f63dd55521f73876951cdd) J:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 08:46:43.0515 3912 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) J:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/05/30 08:46:43.0546 3912 Null (73c1e1f395918bc2c6dd67af7591a3ad) J:\WINDOWS\system32\drivers\Null.sys
2011/05/30 08:46:43.0734 3912 nv (4f15e1e56703f59c0ac00022162e5308) J:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/30 08:46:43.0828 3912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) J:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 08:46:43.0843 3912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) J:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 08:46:43.0859 3912 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) J:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 08:46:43.0906 3912 Parport (29744eb4ce659dfe3b4122deb45bc478) J:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/30 08:46:43.0921 3912 PartMgr (3334430c29dc338092f79c38ef7b4cd0) J:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 08:46:43.0953 3912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) J:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 08:46:43.0968 3912 PCI (8086d9979234b603ad5bc2f5d890b234) J:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 08:46:44.0000 3912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) J:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 08:46:44.0015 3912 Pcmcia (82a087207decec8456fbe8537947d579) J:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 08:46:44.0140 3912 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) J:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 08:46:44.0156 3912 Processor (0d97d88720a4087ec93af7dbb303b30a) J:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/30 08:46:44.0187 3912 PSched (48671f327553dcf1d27f6197f622a668) J:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 08:46:44.0203 3912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) J:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 08:46:44.0281 3912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) J:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 08:46:44.0296 3912 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) J:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 08:46:44.0312 3912 RasPppoe (7306eeed8895454cbed4669be9f79faa) J:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 08:46:44.0328 3912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) J:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 08:46:44.0343 3912 Rdbss (29d66245adba878fff574cd66abd2884) J:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 08:46:44.0375 3912 RDID1009 (5eb5bf181e42be9cbf07d6332707fe73) J:\WINDOWS\system32\Drivers\rdwm1009.sys
2011/05/30 08:46:44.0390 3912 RDPCDD (4912d5b403614ce99c28420f75353332) J:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 08:46:44.0437 3912 RDPWD (d4f5643d7714ef499ae9527fdcd50894) J:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 08:46:44.0453 3912 RecAgent (e9aaa0092d74a9d371659c4c38882e12) J:\WINDOWS\system32\DRIVERS\RecAgent.sys
2011/05/30 08:46:44.0484 3912 redbook (b31b4588e4086d8d84adbf9845c2402b) J:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 08:46:44.0546 3912 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) J:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 08:46:44.0562 3912 SASKUTIL (61db0d0756a99506207fd724e3692b25) J:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 08:46:44.0593 3912 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) J:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 08:46:44.0625 3912 serenum (a2d868aeeff612e70e213c451a70cafb) J:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/30 08:46:44.0640 3912 Serial (cd9404d115a00d249f70a371b46d5a26) J:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/30 08:46:44.0671 3912 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) J:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 08:46:44.0734 3912 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) J:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/30 08:46:44.0750 3912 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) J:\WINDOWS\system32\DRIVERS\slnt7554.sys
2011/05/30 08:46:44.0781 3912 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) J:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/05/30 08:46:44.0812 3912 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) J:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/05/30 08:46:44.0859 3912 splitter (8e186b8f23295d1e42c573b82b80d548) J:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 08:46:44.0890 3912 sr (e41b6d037d6cd08461470af04500dc24) J:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 08:46:44.0937 3912 Srv (20b7e396720353e4117d64d9dcb926ca) J:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 08:46:44.0984 3912 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) J:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/05/30 08:46:45.0015 3912 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) J:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/05/30 08:46:45.0062 3912 sscdmdm (71d348d53597379dfe1de255d70af13c) J:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/05/30 08:46:45.0078 3912 StarOpen (306521935042fc0a6988d528643619b3) J:\WINDOWS\system32\drivers\StarOpen.sys
2011/05/30 08:46:45.0109 3912 streamip (284c57df5dc7abca656bc2b96a667afb) J:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/30 08:46:45.0140 3912 swenum (03c1bae4766e2450219d20b993d6e046) J:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 08:46:45.0171 3912 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) J:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 08:46:45.0265 3912 sysaudio (650ad082d46bac0e64c9c0e0928492fd) J:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 08:46:45.0312 3912 Tcpip (9f4b36614a0fc234525ba224957de55c) J:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 08:46:45.0343 3912 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) J:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 08:46:45.0359 3912 TDTCP (ed0580af02502d00ad8c4c066b156be9) J:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 08:46:45.0390 3912 TermDD (a540a99c281d933f3d69d55e48727f47) J:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 08:46:45.0437 3912 uagp35 (49c805d42d75eddc9b6a7130999c9054) J:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/05/30 08:46:45.0468 3912 Udfs (12f70256f140cd7d52c58c7048fde657) J:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 08:46:45.0515 3912 Update (aff2e5045961bbc0a602bb6f95eb1345) J:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 08:46:45.0562 3912 usbaudio (45a0d14b26c35497ad93bce7e15c9941) J:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/30 08:46:45.0593 3912 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) J:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 08:46:45.0625 3912 usbehci (15e993ba2f6946b2bfbbfcd30398621e) J:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 08:46:45.0640 3912 usbhub (c72f40947f92cea56a8fb532edf025f1) J:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 08:46:45.0687 3912 usbohci (bdfe799a8531bad8a5a985821fe78760) J:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/30 08:46:45.0734 3912 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) J:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 08:46:45.0750 3912 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) J:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 08:46:45.0781 3912 usbuhci (f8fd1400092e23c8f2f31406ef06167b) J:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 08:46:45.0812 3912 usbvideo (8968ff3973a883c49e8b564200f565b9) J:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/30 08:46:45.0843 3912 VgaSave (8a60edd72b4ea5aea8202daf0e427925) J:\WINDOWS\System32\drivers\vga.sys
2011/05/30 08:46:45.0859 3912 ViaIde (59cb1338ad3654417bea49636457f65d) J:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/30 08:46:45.0890 3912 VolSnap (ee4660083deba849ff6c485d944b379b) J:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 08:46:45.0921 3912 vsdatant (050c38ebb22512122e54b47dc278bccd) J:\WINDOWS\system32\vsdatant.sys
2011/05/30 08:46:45.0968 3912 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) J:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/05/30 08:46:46.0000 3912 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) J:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/05/30 08:46:46.0031 3912 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) J:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/05/30 08:46:46.0062 3912 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) J:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 08:46:46.0109 3912 wdmaud (2797f33ebf50466020c430ee4f037933) J:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 08:46:46.0171 3912 WSTCODEC (d5842484f05e12121c511aa93f6439ec) J:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/30 08:46:46.0203 3912 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) J:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/05/30 08:46:46.0265 3912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 08:46:46.0390 3912 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/05/30 08:46:46.0468 3912 ================================================================================
2011/05/30 08:46:46.0468 3912 Scan finished
2011/05/30 08:46:46.0468 3912 ================================================================================
2011/05/30 08:46:46.0484 2640 Detected object count: 0
2011/05/30 08:46:46.0484 2640 Actual detected object count: 0

Edited by mo536, 30 May 2011 - 07:49 AM.


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 08:02 AM

Hi mo536,



:step1:



Run Scan with Malwarebytes



I see you have Malwarebytes' Anti-Malware installed on your computer.
Please start the application by double-click on it's icon.
Once the program has loaded go to the UPDATE tab and check for updates.
When the update is complete, select the Scanner tab
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to a convenient location and post the results in your next reply.



:step2:



Please click here to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done click on report
  • in the three drop down boxes choose autoscan - do not group and important events
  • click on save and save to desktop
  • copy and paste this report in your next post



Note: This tool will self uninstall when you close it so please save the log before closing it.



Regards,
Georgi

cXfZ4wS.png


#11 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 09:43 AM

Okay, here's the Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6722

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/30/2011 9:08:26 AM
mbam-log-2011-05-30 (09-08-26).txt

Scan type: Quick scan
Objects scanned: 164263
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
j:\documents and settings\Matt\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

and here's Kaspersky's: (It didn't find anything)

Autoscan: completed 3 minutes ago (events: 2, objects: 473456, time: 01:17:29)
5/30/2011 9:19:24 AM Task started
5/30/2011 10:36:53 AM Task completed

Still getting the same redirects in Firefox though.

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 10:16 AM

Hi,



We we are "on the right track. Let's take a deeper look here:



Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply



Regards,
Georgi

cXfZ4wS.png


#13 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 10:59 AM

Okay, I was able to close all my security software except for AVG. I followed the instructions for disabling it temporarily via its Advanced Settings menu, but ComboFix brought up a message saying it wouldn't run until AVG was uninstalled. AVG 2011 doesn't appear to have an option to exit the program, and when I try to uninstall it through Add/Remove Programs, I get the following error:
Posted Image
So I was unable to run ComboFix.

Is there another way to disable AVG? Like through msconfig and restarting or something?

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:15 PM

Posted 30 May 2011 - 11:30 AM

Hello,


I apologize - I forgot that you use AVG.

You will need to uninstall AVG before continuing with the below.
Due to recent changes in how AVG target the tool's internal files, AVG must be uninstalled before running ComboFix.


Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AVG

Additional instructions can be found here if needed.



IMPORTANT NOTE !!!


Then please, download AVG Remover and save it to your desktop.

Double click on it and follow the prompts. Reboot your computer.



Next please rerun combofix and post its log.



Regards,
Georgi

Edited by B-boy/StyLe/, 30 May 2011 - 11:32 AM.

cXfZ4wS.png


#15 mo536

mo536
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 May 2011 - 12:02 PM

Oh, okay cool. That let it run.

The ComboFix log is attached.

Attached File  ComboFix.txt   14.38KB   5 downloads

Edited by mo536, 30 May 2011 - 12:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users