Link Redirecting Issue
-
Link Redirecting Issue
Like a lot of people I seem to have been struck down by some sort of bug which is redirecting me when I click links from Google searches.
Running Windows 7 Ultimate - I've previously gone through some quick removal guides but to no lasting avail, I use AVG Free 9.0 and Spybot S & D.
Here is my HijackThis log...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:42, on 16/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Dan\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) -
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 5570 bytes
-----
Last edited by thepaw; 17-08-2010 at 12:22 PM.
-
Welcome aboard 
Please, read HERE and post required logs.
-
Malwarebytes Logfile
Malwarebytes Logfile:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4434
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17/08/2010 12:00:00
mbam-log-2010-08-17 (12-00-00).txt
Scan type: Quick scan
Objects scanned: 128683
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Last edited by broni; 17-08-2010 at 09:01 PM.
-
GMER Log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-17 12:48:00
Windows 6.1.7600
Running: ud1j6p66.exe; Driver: C:\Users\Dan\AppData\Local\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E13898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E2C1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E8B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 77855380 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtWriteVirtualMemory 77855F00 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!KiUserExceptionDispatcher 77856448 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[804] ole32.dll!CoCreateInstance 777057FC 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[804] USER32.dll!GetCursorPos 7700C198 5 Bytes JMP 0061000A
.text C:\Windows\Explorer.exe[1264] ntdll.dll!NtProtectVirtualMemory 77855380 5 Bytes JMP 002B000A
.text C:\Windows\Explorer.exe[1264] ntdll.dll!NtWriteVirtualMemory 77855F00 5 Bytes JMP 002C000A
.text C:\Windows\Explorer.exe[1264] ntdll.dll!KiUserExceptionDispatcher 77856448 5 Bytes JMP 001A000A
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0016418761de
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x12 0x04 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xCC 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0xEB 0x06 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0016418761de (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x12 0x04 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xCC 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0xEB 0x06 0x0A ...
---- EOF - GMER 1.0.15 ----
Last edited by broni; 17-08-2010 at 09:02 PM.
-
MBR Check Scan
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name:
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 215):
0x82A02000 \SystemRoot\system32\ntkrnlpa.exe
0x82E12000 \SystemRoot\system32\halmacpi.dll
0x80BD4000 \SystemRoot\system32\kdcom.dll
0x8BA2D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BAA5000 \SystemRoot\system32\PSHED.dll
0x8BAB6000 \SystemRoot\system32\BOOTVID.dll
0x8BABE000 \SystemRoot\system32\CLFS.SYS
0x8BB00000 \SystemRoot\system32\CI.dll
0x8BC3C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCAD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCBB000 \SystemRoot\System32\Drivers\spyi.sys
0x8BDAE000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BDB7000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BBAB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BDDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BDE5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BC2A000 \SystemRoot\System32\drivers\partmgr.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BBF3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BE39000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BE84000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BE8B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BE99000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8BEC7000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BEDD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BEE6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BF09000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BF12000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BF46000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BF57000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C02D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C15C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C187000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C19A000 \SystemRoot\System32\Drivers\cng.sys
0x8C000000 \SystemRoot\System32\drivers\pcw.sys
0x8C00E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C228000 \SystemRoot\system32\drivers\ndis.sys
0x8C2DF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C31D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C407000 \SystemRoot\System32\drivers\tcpip.sys
0x8C550000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C581000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C58A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5C9000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5D1000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C342000 \SystemRoot\System32\Drivers\mup.sys
0x8C352000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C35A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8C363000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C395000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C3A6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C400000 \SystemRoot\System32\Drivers\Null.SYS
0x8C21F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C017000 \SystemRoot\System32\drivers\vga.sys
0x8BF61000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BF82000 \SystemRoot\System32\drivers\watchdog.sys
0x8C023000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C1F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BF8F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BF97000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BFA2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BFB0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BFC7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9102B000 \SystemRoot\System32\Drivers\avgtdix.sys
0x91065000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91097000 \SystemRoot\system32\drivers\afd.sys
0x910F1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x910F8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91117000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91128000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91136000 \SystemRoot\system32\DRIVERS\serial.sys
0x91150000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91163000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91173000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x911B4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x911BE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x911C8000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x911DF000 \SystemRoot\System32\drivers\discache.sys
0x90E0A000 \SystemRoot\system32\drivers\csc.sys
0x90E6E000 \SystemRoot\System32\Drivers\dfsc.sys
0x90E86000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90E94000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x90E9A000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90ECE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90EEF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91A06000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90F01000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90FB8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92007000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x92043000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x9215B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x92165000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x921BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x921CA000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9283F000 \SystemRoot\system32\drivers\tifm21.sys
0x9288C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x928A5000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0x928BD000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x928C8000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x928D4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x928DE000 \SystemRoot\system32\DRIVERS\parport.sys
0x928F6000 \SystemRoot\system32\drivers\tpm.sys
0x92902000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9291A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92927000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x92956000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92958000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92965000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9296B000 \SystemRoot\System32\Drivers\awf22tsu.SYS
0x929A4000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x929AF000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x929B2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x929C5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x929CC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x929D0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x929D9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x929E6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92818000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BFD2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92823000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BE17000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x921F6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9283B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9583F000 \SystemRoot\system32\DRIVERS\ks.sys
0x95873000 \SystemRoot\system32\DRIVERS\umbus.sys
0x95881000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x958C5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x958D1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x958E2000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x95932000 \SystemRoot\system32\drivers\portcls.sys
0x95961000 \SystemRoot\system32\drivers\drmk.sys
0x97030000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x97136000 \SystemRoot\system32\drivers\modem.sys
0x82130000 \SystemRoot\System32\win32k.sys
0x97143000 \SystemRoot\System32\drivers\Dxapi.sys
0x9714D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9715A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97165000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9716E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9717F000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x97191000 \SystemRoot\System32\Drivers\bthport.sys
0x97000000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9597A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x95987000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x97024000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82390000 \SystemRoot\System32\TSDDD.dll
0x823C0000 \SystemRoot\System32\cdd.dll
0x82000000 \SystemRoot\System32\ATMFD.DLL
0x959A2000 \SystemRoot\system32\drivers\luafv.sys
0x959BD000 \SystemRoot\system32\drivers\WudfPf.sys
0x959D7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99A1D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99A63000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99A73000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99A86000 \SystemRoot\system32\drivers\HTTP.sys
0x99B0B000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x99B14000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99B2D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99B3F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99B62000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99B9D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99BB8000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9B636000 \SystemRoot\system32\drivers\peauth.sys
0x9B6CD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B6D7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B762000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B76F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BA38000 \SystemRoot\System32\DRIVERS\srv.sys
0x77890000 \Windows\System32\ntdll.dll
0x47C60000 \Windows\System32\smss.exe
0x77AD0000 \Windows\System32\apisetschema.dll
0x00FA0000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77730000 \Windows\System32\ole32.dll
0x77A70000 \Windows\System32\gdi32.dll
0x76AE0000 \Windows\System32\shell32.dll
0x76940000 \Windows\System32\setupapi.dll
0x77A50000 \Windows\System32\sechost.dll
0x77A10000 \Windows\System32\ws2_32.dll
0x768A0000 \Windows\System32\advapi32.dll
0x76800000 \Windows\System32\usp10.dll
0x76770000 \Windows\System32\clbcatq.dll
0x76710000 \Windows\System32\difxapi.dll
0x77A00000 \Windows\System32\nsi.dll
0x76630000 \Windows\System32\kernel32.dll
0x76560000 \Windows\System32\user32.dll
0x779D0000 \Windows\System32\imagehlp.dll
0x76500000 \Windows\System32\shlwapi.dll
0x764E0000 \Windows\System32\imm32.dll
0x76430000 \Windows\System32\msvcrt.dll
0x76230000 \Windows\System32\iertutil.dll
0x761E0000 \Windows\System32\Wldap32.dll
0x760E0000 \Windows\System32\wininet.dll
0x75FA0000 \Windows\System32\urlmon.dll
0x75F10000 \Windows\System32\oleaut32.dll
0x75F00000 \Windows\System32\psapi.dll
0x75E50000 \Windows\System32\rpcrt4.dll
0x75E40000 \Windows\System32\lpk.dll
0x75DC0000 \Windows\System32\comdlg32.dll
0x75CF0000 \Windows\System32\msctf.dll
0x75CE0000 \Windows\System32\normaliz.dll
0x75CB0000 \Windows\System32\wintrust.dll
0x75C60000 \Windows\System32\KernelBase.dll
0x75B40000 \Windows\System32\crypt32.dll
0x75B20000 \Windows\System32\devobj.dll
0x75A90000 \Windows\System32\comctl32.dll
0x75A60000 \Windows\System32\cfgmgr32.dll
0x75A50000 \Windows\System32\msasn1.dll
Processes (total 57):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
396 csrss.exe
472 C:\Windows\System32\wininit.exe
480 csrss.exe
492 C:\Program Files\AVG\AVG9\avgchsvx.exe
500 C:\Program Files\AVG\AVG9\avgrsx.exe
544 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
588 C:\Windows\System32\winlogon.exe
768 C:\Program Files\AVG\AVG9\avgcsrvx.exe
784 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\Ati2evxx.exe
1152 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\Ati2evxx.exe
1628 C:\Windows\System32\hpservice.exe
1756 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\svchost.exe
1984 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\AEADISRV.EXE
412 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
712 C:\Program Files\AVG\AVG9\avgwdsvc.exe
820 C:\Program Files\Bonjour\mDNSResponder.exe
2008 C:\Windows\System32\svchost.exe
1540 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2424 C:\Program Files\AVG\AVG9\avgemc.exe
2484 C:\Program Files\AVG\AVG9\avgnsx.exe
2772 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2856 C:\Windows\System32\taskhost.exe
3016 C:\Windows\System32\svchost.exe
3240 C:\Windows\System32\dwm.exe
3272 C:\Windows\explorer.exe
3520 C:\Program Files\AVG\AVG9\avgtray.exe
3528 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3568 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3576 C:\Program Files\DAEMON Tools Lite\DTLite.exe
3676 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4016 C:\Windows\System32\SearchIndexer.exe
2280 C:\Program Files\Windows Media Player\wmpnetwk.exe
2644 C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
1560 C:\Windows\System32\svchost.exe
3724 C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
3612 C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
3548 C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
2216 C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
3788 C:\Windows\System32\svchost.exe
4884 C:\Users\Dan\Desktop\MBRCheck.exe
4832 C:\Windows\System32\conhost.exe
4712 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: FUJITSUMHV2100BH, Rev: 892C
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Last edited by broni; 17-08-2010 at 09:02 PM.
-
OTL Logfile
OTL logfile created on: 8/17/2010 12:12:20 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Dan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 42.97 Gb Free Space | 46.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAN-PC
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2010/07/27 09:52:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 22:26:12 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 22:26:10 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 22:26:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 22:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 22:26:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/15 22:26:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
========== Modules (SafeList) ==========
MOD - [2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2010/07/15 22:26:10 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/07/27 12:37:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/27 09:52:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 22:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/24 03:00:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AEAudio.sys -- (AEAudio)
DRV - [2010/07/15 22:26:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 22:26:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:36:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 23:29:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/01/29 11:40:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010/01/13 11:40:43 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/01/13 11:40:43 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/20 15:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/24 18:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/01/18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/14 10
56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/05/09 14:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 65 0F 32 38 3D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/02/17 00
16 | 000,001,374 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/17 11:52:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL (1).exe
[2010/08/17 11:16:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/08/15 21:43:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2010/08/15 21:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/15 21:43:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/15 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/15 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/15 21:34:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\TFC.exe
[2010/08/14 17:30:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/13 09:39:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/08/12 00:46:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Horizon
[2010/08/11 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\OMG
[2010/08/07 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Shank 2010 BDRip XviD-AVCDVD
[2010/08/06 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\MRI CD
[2010/08/02 21:22:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Updater
[2010/08/02 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\mum's photos
[2010/07/29 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/07/29 00:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
[2010/07/27 12:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/07/27 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/07/23 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\MA History
[2010/07/22 11:11:48 | 000,000,000 | ---D | C] -- C:\d996e69465bbe4e4899f
[2010/07/15 22:26:10 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/01 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Jobs
[2010/06/29 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 00:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 00:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 00:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/07 1431 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Documents
[2010/06/05 21:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010/06/05 2133 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010/06/05 2133 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Sports Interactive
[2010/06/03 21:10:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010/06/03 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010/06/03 21:08:56 | 000,000,000 | -H-D | C] -- C:\Users\Dan\InstallAnywhere
[2010/06/03 21:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Sports Interactive
[2010/05/24 03:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[4 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/17 12:12:21 | 002,097,152 | -HS- | M] () -- C:\Users\Dan\ntuser.dat
[2010/08/17 1101 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001UA.job
[2010/08/17 11:53:55 | 000,730,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/17 11:53:55 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/17 11:53:55 | 000,114,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/17 11:53:24 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/17 11:53:24 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/17 11:52:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL (1).exe
[2010/08/17 11:52:24 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2010/08/17 11:48:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/17 11:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/17 11:47:56 | 2717,458,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 11:37:46 | 195,969,007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/08/17 11:16:29 | 063,535,211 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/17 00:01:37 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001Core.job
[2010/08/15 21:44:54 | 000,293,376 | ---- | M] () -- C:\Users\Dan\Desktop\ud1j6p66.exe
[2010/08/15 21:43:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 21:41:30 | 000,040,748 | ---- | M] () -- C:\Users\Dan\Desktop\4716-malwarebytes-anti-malware.html
[2010/08/15 21:35:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\TFC.exe
[2010/08/15 21:19:55 | 000,058,516 | ---- | M] () -- C:\Users\Dan\Documents\36351_397990623439_50990843 9_4357240_7780994_n.jpg
[2010/08/13 12:55:11 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/13 09:38:38 | 002,220,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/13 03:05:01 | 000,000,172 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/12 22:43:32 | 000,127,575 | ---- | M] () -- C:\Users\Dan\Desktop\35952_487702296039_610761039_ 6868293_2795679_n.jpg
[2010/08/11 22:53:44 | 000,004,608 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 1539 | 000,002,389 | ---- | M] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2010/08/07 14:52:17 | 019,461,015 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/08/06 14:54:32 | 000,065,624 | ---- | M] () -- C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/02 22:31:00 | 001,005,995 | ---- | M] () -- C:\Users\Dan\Documents\copy.jpg
[2010/07/30 22:31:17 | 000,060,066 | ---- | M] () -- C:\Users\Dan\Documents\35774_10150206796490182_663 565181_13430867_2323525_n.jpg
[2010/07/30 21:58:22 | 000,058,460 | ---- | M] () -- C:\Users\Dan\Documents\30486_398506968439_50990843 9_4369592_5488874_n.jpg
[2010/07/30 21:58:14 | 000,049,566 | ---- | M] () -- C:\Users\Dan\Documents\31818_10150225051115002_813 410001_12901368_4718338_n.jpg
[2010/07/30 21:58:04 | 000,034,538 | ---- | M] () -- C:\Users\Dan\Documents\31666_449199985829_50354082 9_5913127_148458_n.jpg
[2010/07/29 18:22:13 | 000,002,559 | ---- | M] () -- C:\Users\Dan\Desktop\Rosetta Stone Version 3.lnk
[2010/07/29 15:37:55 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\DANIELAMPAW.doc
[2010/07/29 15:36:48 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\Digital Communications Volunteer Test.doc
[2010/07/24 12:32:21 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 23:58:27 | 000,001,411 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 22:26:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/15 22:26:10 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/15 22:26:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/29 2222 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\New CV.doc
[2010/06/29 00:45:37 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/02 19:36:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[4 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/17 11:52:24 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2010/08/16 23:47:13 | 418,174,149 | ---- | C] () -- C:\Users\Dan\Desktop\gisele.flv
[2010/08/15 22:11:58 | 195,969,007 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/15 21:44:53 | 000,293,376 | ---- | C] () -- C:\Users\Dan\Desktop\ud1j6p66.exe
[2010/08/15 21:43:16 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 21:41:30 | 000,040,748 | ---- | C] () -- C:\Users\Dan\Desktop\4716-malwarebytes-anti-malware.html
[2010/08/15 21:19:54 | 000,058,516 | ---- | C] () -- C:\Users\Dan\Documents\36351_397990623439_50990843 9_4357240_7780994_n.jpg
[2010/08/15 19:16:13 | 000,035,678 | ---- | C] () -- C:\Users\Dan\Documents\cool.jpg
[2010/08/13 12:55:11 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/13 03:05:01 | 000,000,172 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/12 22:43:32 | 000,127,575 | ---- | C] () -- C:\Users\Dan\Desktop\35952_487702296039_610761039_ 6868293_2795679_n.jpg
[2010/08/07 14:51:47 | 019,461,015 | ---- | C] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/08/02 22:31:00 | 001,005,995 | ---- | C] () -- C:\Users\Dan\Documents\copy.jpg
[2010/07/30 22:31:17 | 000,060,066 | ---- | C] () -- C:\Users\Dan\Documents\35774_10150206796490182_663 565181_13430867_2323525_n.jpg
[2010/07/30 21:58:22 | 000,058,460 | ---- | C] () -- C:\Users\Dan\Documents\30486_398506968439_50990843 9_4369592_5488874_n.jpg
[2010/07/30 21:58:14 | 000,049,566 | ---- | C] () -- C:\Users\Dan\Documents\31818_10150225051115002_813 410001_12901368_4718338_n.jpg
[2010/07/30 21:58:04 | 000,034,538 | ---- | C] () -- C:\Users\Dan\Documents\31666_449199985829_50354082 9_5913127_148458_n.jpg
[2010/07/29 18:22:13 | 000,002,559 | ---- | C] () -- C:\Users\Dan\Desktop\Rosetta Stone Version 3.lnk
[2010/07/29 15:37:55 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\DANIELAMPAW.doc
[2010/07/29 11:24:27 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\Digital Communications Volunteer Test.doc
[2010/07/23 23:59:52 | 000,002,389 | ---- | C] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2010/06/29 1424 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\New CV.doc
[2010/06/29 00:45:37 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/04 03:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\isnooker.INI
[2010/04/04 23:29:54 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/03/09 15:49:10 | 000,004,608 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 19:22:19 | 000,000,459 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cubescrob.txt
[2010/01/02 18:30:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 1408 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2010/04/21 00:50:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
[2010/04/29 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Facebook
[2010/03/17 17:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\foobar2000
[2010/06/05 2132 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Sports Interactive
[2010/08/17 11:10:28 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Spotify
[2010/02/02 11:18:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\system32
[2010/08/17 11:10:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2010/03/18 0913 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Xilisoft Corporation
[2009/07/14 05:53:46 | 000,022,734 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/10/03 10:43:20 | 000,009,067 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/21 00:16:13 | 000,001,925 | ---- | M] () -- C:\baseclasses.log
[2009/12/15 15:20:46 | 000,000,087 | ---- | M] () -- C:\bcmwl5.log
[2009/12/15 22:06:39 | 000,000,355 | -H-- | M] () -- C:\Boot.BAK
[2010/01/03 01:47:42 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/03 01:47:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/02/02 11:36:19 | 000,366,241 | RHS- | M] () -- C:\FJIVS
[2010/02/02 11:03:35 | 000,171,136 | ---- | M] () -- C:\grldr.bak
[2010/08/17 11:47:56 | 2717,458,432 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/21 23:05:18 | 000,000,519 | ---- | M] () -- C:\hpfr3420.xml
[2009/09/21 23:05:18 | 000,006,800 | ---- | M] () -- C:\hpfr3425.log
[2008/12/27 18:38:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/08 1815 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log
[2008/12/27 18:38:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 23:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/17 11:48:00 | 3623,280,640 | -HS- | M] () -- C:\pagefile.sys
[2009/12/15 1444 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010/02/02 11:36:19 | 000,000,020 | RHS- | M] () -- C:\winx.ld
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/06/22 19:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN .DLL
[2009/07/14 02:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71 .dll
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.d ll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint .dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
EXTRAS.txt
OTL Extras logfile created on: 8/17/2010 12:12:20 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Dan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 42.97 Gb Free Space | 46.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAN-PC
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"iSnooker" = iSnooker
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltraISO_is1" = UltraISO Premium V9.36
"Update Service" = Update Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"b7c0bad11b91039e" = Album Downloader
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2010 3:59:47 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3853
Error - 8/14/2010 3:59:47 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3853
Error - 8/14/2010 4:33:01 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/14/2010 4:33:01 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1763
Error - 8/14/2010 4:33:01 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1763
Error - 8/14/2010 4:33:02 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/14/2010 4:33:02 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2808
Error - 8/14/2010 4:33:02 PM | Computer Name = Dan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2808
Error - 8/14/2010 4:39:16 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 8/14/2010 7:39:24 PM | Computer Name = Dan-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ Media Center Events ]
Error - 1/6/2010 3:29:50 PM | Computer Name = Dan-PC | Source = MCUpdate | ID = 0
Description = 19:29:42 - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )
Error - 1/6/2010 4:34:12 PM | Computer Name = Dan-PC | Source = MCUpdate | ID = 0
Description = 20:34:09 - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )
Error - 1/6/2010 5:34:20 PM | Computer Name = Dan-PC | Source = MCUpdate | ID = 0
Description = 21:34:18 - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )
Error - 1/10/2010 8:31:47 AM | Computer Name = Dan-PC | Source = MCUpdate | ID = 0
Description = 12:31:46 - Failed to retrieve ClientUpdate (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)
[ System Events ]
Error - 8/12/2010 6:42:26 AM | Computer Name = Dan-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
Error - 8/12/2010 6:42:26 AM | Computer Name = Dan-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
Error - 8/12/2010 6:42:27 AM | Computer Name = Dan-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
Error - 8/12/2010 6:42:27 AM | Computer Name = Dan-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
Error - 8/12/2010 6:42:27 AM | Computer Name = Dan-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
Error - 8/12/2010 7:16:45 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/12/2010 8:10:47 PM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%776
Error - 8/13/2010 4:36:41 AM | Computer Name = Dan-PC | Source = DCOM | ID = 10010
Description =
Error - 8/13/2010 4:38:43 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 8/13/2010 4:45:50 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
< End of report >
Last edited by broni; 17-08-2010 at 09:03 PM.
-
Please, don't wrap any logs in "code". It's harder for me to read them.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Apologies on the code wrapping front! Here's my combo-fix log:
ComboFix 10-08-17.02 - Dan 18/08/2010 0:37.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3455.2627 [GMT 1:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Dan\AppData\Roaming\system32
c:\users\Dan\AppData\Roaming\system32\logs.dat
c:\users\Dan\AppData\Roaming\system32\plugin.dat
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack 
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.
2010-08-17 23:47 . 2010-08-17 23:47 -------- d-----w- c:\users\Dan\AppData\Local\temp
2010-08-15 20:43 . 2010-08-15 20:43 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2010-08-15 20:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 20:43 . 2010-08-15 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 20:43 . 2010-08-15 20:43 -------- d-----w- c:\programdata\Malwarebytes
2010-08-15 20:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 08:39 . 2010-08-13 21:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-29 17:17 . 2010-07-29 17:17 -------- d-----w- c:\program files\Rosetta Stone
2010-07-28 23:51 . 2010-07-28 23:51 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2010-07-27 11:37 . 2010-07-27 11:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-27 11:37 . 2010-07-29 17:29 -------- d-----w- c:\programdata\Rosetta Stone
2010-07-22 10:11 . 2010-07-22 10:14 -------- d-----w- C:\d996e69465bbe4e4899f
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-17 23:21 . 2010-01-02 20:10 -------- d-----w- c:\users\Dan\AppData\Roaming\uTorrent
2010-08-17 23:21 . 2010-01-02 22:43 -------- d-----w- c:\users\Dan\AppData\Roaming\vlc
2010-08-17 17:02 . 2010-01-02 17:51 -------- d-----w- c:\users\Dan\AppData\Roaming\Spotify
2010-08-16 21:49 . 2010-01-02 20:46 -------- d-----w- c:\users\Dan\AppData\Roaming\Skype
2010-08-16 21:49 . 2010-01-02 20:47 -------- d-----w- c:\users\Dan\AppData\Roaming\skypePM
2010-08-15 11:18 . 2010-02-23 13:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-09 20:49 . 2010-02-16 19:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-06 13:54 . 2010-01-02 17:08 65624 ----a-w- c:\users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 14:14 . 2010-03-11 15:31 -------- d-----w- c:\programdata\Apple
2010-07-29 17:17 . 2010-02-17 11:37 -------- d-----w- c:\programdata\FLEXnet
2010-07-29 06:30 . 2010-08-11 11:15 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 11:15 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 22:57 . 2010-04-21 00:41 -------- d-----w- c:\program files\Championship Manager 01-02
2010-07-15 21:26 . 2010-01-02 18:07 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 21:26 . 2010-07-15 21:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 21:26 . 2010-01-02 18:07 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 06:25 . 2010-08-11 11:15 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 23:51 . 2010-03-11 15:37 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer
2010-06-28 23:45 . 2010-06-28 23:44 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-28 23:45 . 2010-03-11 15:35 -------- d-----w- c:\program files\iTunes
2010-06-28 23:44 . 2010-06-28 23:44 -------- d-----w- c:\program files\iPod
2010-06-28 23:44 . 2010-03-11 15:31 -------- d-----w- c:\program files\Common Files\Apple
2010-06-28 23:42 . 2010-06-28 23:42 -------- d-----w- c:\program files\QuickTime
2010-06-28 23:40 . 2010-06-28 23:40 -------- d-----w- c:\program files\Bonjour
2010-06-28 23:37 . 2010-06-28 23:37 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 02:02 . 2010-01-04 15:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 02:47 . 2010-08-11 11:15 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 11:15 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 11:15 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 11:15 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 11:15 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 11:15 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 11:15 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 11:15 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 11:15 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 11:15 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 18:36 . 2010-01-02 18:07 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-11 17:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 17:11 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^ Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-02 17:08 135664 ----atw- c:\users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 18:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-03 18:55 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-01-13 13224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-04 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-27 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtip ci21.sys [2007-05-09 97280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe [2010-01-02 17:08]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe [2010-01-02 17:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-MSWUpdate - c:\users\Dan\AppData\Roaming\lsass.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-18 00:50:40
ComboFix-quarantined-files.txt 2010-08-17 23:50
Pre-Run: 44,476,125,184 bytes free
Post-Run: 44,420,157,440 bytes free
- - End Of File - - 6F505C5C956DA21E7195CF333F17572B
-
It looks good 
How is redirection?
Please, re-run OTL "Quick scan" and post its log.
-
Issues seem to be all gone - that was simple enough! Any other issues with my machine that I could sort out at his moment?
---
OTL logfile created on: 8/18/2010 10:15:34 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Dan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 41.31 Gb Free Space | 44.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAN-PC
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2010/07/27 09:52:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 22:26:12 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 22:26:10 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 22:26:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 22:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 22:26:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/15 22:26:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
========== Modules (SafeList) ==========
MOD - [2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/07/27 12:37:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/27 09:52:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 22:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/24 03:00:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Dan\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AEAudio.sys -- (AEAudio)
DRV - [2010/07/15 22:26:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 22:26:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:36:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 23:29:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 21:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 21:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/01/29 11:40:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010/01/13 11:40:43 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/01/13 11:40:43 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/20 15:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/12/01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/24 18:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/01/18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/14 1056 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/05/09 14:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 65 0F 32 38 3D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/08/18 00:47:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/08/18 00:50:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/18 00:50:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/18 00:50:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\temp
[2010/08/18 00:29:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/18 00:29:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/18 00:29:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/18 00:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/18 00:27:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/18 00:23:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/17 11:52:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL (1).exe
[2010/08/17 11:16:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/08/15 21:43:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2010/08/15 21:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/15 21:43:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/15 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/15 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/15 21:34:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\TFC.exe
[2010/08/14 17:30:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/13 09:39:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/08/12 00:46:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Horizon
[2010/08/11 13:30:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\OMG
[2010/08/07 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Shank 2010 BDRip XviD-AVCDVD
[2010/08/06 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\MRI CD
[2010/08/02 21:22:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Updater
[2010/08/02 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\mum's photos
[2010/07/29 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010/07/29 00:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
[2010/07/27 12:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/07/27 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/07/23 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\MA History
[2010/07/22 11:11:48 | 000,000,000 | ---D | C] -- C:\d996e69465bbe4e4899f
[2010/07/15 22:26:10 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/01 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Jobs
[2010/06/29 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 00:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 00:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 00:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/07 1431 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Documents
[2010/06/05 21:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010/06/05 2133 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010/06/05 2133 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Sports Interactive
[2010/06/03 21:10:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010/06/03 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010/06/03 21:08:56 | 000,000,000 | -H-D | C] -- C:\Users\Dan\InstallAnywhere
[2010/06/03 21:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Sports Interactive
[2010/05/24 03:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[4 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/18 10:17:34 | 002,097,152 | -HS- | M] () -- C:\Users\Dan\ntuser.dat
[2010/08/18 10:05:07 | 063,551,383 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/18 09:59:26 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001UA.job
[2010/08/18 09:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/18 00:47:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/18 00:47:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/18 00:46:56 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 00:46:56 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 00:43:24 | 000,730,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/18 00:43:24 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/18 00:43:24 | 000,114,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/18 00:36:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 00:36:15 | 2717,458,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/18 00:27:51 | 001,630,300 | -H-- | M] () -- C:\Users\Dan\AppData\Local\IconCache.db
[2010/08/18 00:22:17 | 003,818,754 | R--- | M] () -- C:\Users\Dan\Desktop\ComboFix.exe
[2010/08/17 2300 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3420468402-1678821631-1700905247-1001Core.job
[2010/08/17 19:18:47 | 088,461,918 | ---- | M] () -- C:\Users\Dan\Desktop\CONCEPT 2.psd
[2010/08/17 19:11:04 | 003,512,277 | ---- | M] () -- C:\Users\Dan\Desktop\cloud1.jpg
[2010/08/17 19:08:24 | 003,674,859 | ---- | M] () -- C:\Users\Dan\Desktop\final1.jpg
[2010/08/17 19:07:06 | 003,695,589 | ---- | M] () -- C:\Users\Dan\Desktop\cloudy2.jpg
[2010/08/17 19:05:52 | 003,693,523 | ---- | M] () -- C:\Users\Dan\Desktop\cloudy1.jpg
[2010/08/17 18:55:48 | 003,091,012 | ---- | M] () -- C:\Users\Dan\Desktop\dan2.jpg
[2010/08/17 18:48:26 | 008,387,869 | ---- | M] () -- C:\Users\Dan\Desktop\dan.png
[2010/08/17 17:47:09 | 008,171,202 | ---- | M] () -- C:\Users\Dan\Desktop\CONCEPT 2 copy.png
[2010/08/17 17:43:49 | 003,154,288 | ---- | M] () -- C:\Users\Dan\Desktop\CONCEPT 2 copy.jpg
[2010/08/17 17:34:46 | 003,893,048 | ---- | M] () -- C:\Users\Dan\Desktop\concept.psd
[2010/08/17 17:15:36 | 000,316,171 | ---- | M] () -- C:\Users\Dan\Desktop\me 6 001.jpg
[2010/08/17 17:13:50 | 000,869,273 | ---- | M] () -- C:\Users\Dan\Desktop\me5 001.jpg
[2010/08/17 17:11:20 | 000,199,926 | ---- | M] () -- C:\Users\Dan\Desktop\me 4 001.jpg
[2010/08/17 17:09:22 | 000,264,448 | ---- | M] () -- C:\Users\Dan\Desktop\me 3 001.jpg
[2010/08/17 17:07:52 | 000,483,203 | ---- | M] () -- C:\Users\Dan\Desktop\me2 001.jpg
[2010/08/17 17:05:26 | 000,244,374 | ---- | M] () -- C:\Users\Dan\Desktop\me 1 001.jpg
[2010/08/17 12:25:36 | 284,310,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/17 11:52:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL (1).exe
[2010/08/17 11:52:24 | 000,080,384 | ---- | M] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2010/08/17 11:16:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2010/08/15 21:44:54 | 000,293,376 | ---- | M] () -- C:\Users\Dan\Desktop\ud1j6p66.exe
[2010/08/15 21:43:16 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 21:41:30 | 000,040,748 | ---- | M] () -- C:\Users\Dan\Desktop\4716-malwarebytes-anti-malware.html
[2010/08/15 21:35:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\TFC.exe
[2010/08/15 21:19:55 | 000,058,516 | ---- | M] () -- C:\Users\Dan\Documents\36351_397990623439_50990843 9_4357240_7780994_n.jpg
[2010/08/13 12:55:11 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/13 09:38:38 | 002,220,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/13 03:05:01 | 000,000,172 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/12 22:43:32 | 000,127,575 | ---- | M] () -- C:\Users\Dan\Desktop\35952_487702296039_610761039_ 6868293_2795679_n.jpg
[2010/08/11 22:53:44 | 000,004,608 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 1539 | 000,002,389 | ---- | M] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2010/08/07 14:52:17 | 019,461,015 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/08/06 14:54:32 | 000,065,624 | ---- | M] () -- C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/02 22:31:00 | 001,005,995 | ---- | M] () -- C:\Users\Dan\Documents\copy.jpg
[2010/07/30 22:31:17 | 000,060,066 | ---- | M] () -- C:\Users\Dan\Documents\35774_10150206796490182_663 565181_13430867_2323525_n.jpg
[2010/07/30 21:58:22 | 000,058,460 | ---- | M] () -- C:\Users\Dan\Documents\30486_398506968439_50990843 9_4369592_5488874_n.jpg
[2010/07/30 21:58:14 | 000,049,566 | ---- | M] () -- C:\Users\Dan\Documents\31818_10150225051115002_813 410001_12901368_4718338_n.jpg
[2010/07/30 21:58:04 | 000,034,538 | ---- | M] () -- C:\Users\Dan\Documents\31666_449199985829_50354082 9_5913127_148458_n.jpg
[2010/07/29 18:22:13 | 000,002,559 | ---- | M] () -- C:\Users\Dan\Desktop\Rosetta Stone Version 3.lnk
[2010/07/29 15:37:55 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\DANIELAMPAW.doc
[2010/07/29 15:36:48 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\Digital Communications Volunteer Test.doc
[2010/07/24 12:32:21 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 23:58:27 | 000,001,411 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 22:26:11 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/15 22:26:10 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/15 22:26:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/29 2222 | 000,035,840 | ---- | M] () -- C:\Users\Dan\Documents\New CV.doc
[2010/06/29 00:45:37 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/02 19:36:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[4 C:\Users\Dan\Documents\*.tmp files -> C:\Users\Dan\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/18 00:29:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/18 00:29:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/18 00:29:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/18 00:29:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/18 00:29:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/18 00:22:11 | 003,818,754 | R--- | C] () -- C:\Users\Dan\Desktop\ComboFix.exe
[2010/08/17 19:10:56 | 003,512,277 | ---- | C] () -- C:\Users\Dan\Desktop\cloud1.jpg
[2010/08/17 19:08:21 | 003,674,859 | ---- | C] () -- C:\Users\Dan\Desktop\final1.jpg
[2010/08/17 19:06:58 | 003,695,589 | ---- | C] () -- C:\Users\Dan\Desktop\cloudy2.jpg
[2010/08/17 19:05:44 | 003,693,523 | ---- | C] () -- C:\Users\Dan\Desktop\cloudy1.jpg
[2010/08/17 18:55:44 | 003,091,012 | ---- | C] () -- C:\Users\Dan\Desktop\dan2.jpg
[2010/08/17 18:47:32 | 008,387,869 | ---- | C] () -- C:\Users\Dan\Desktop\dan.png
[2010/08/17 17:46:09 | 008,171,202 | ---- | C] () -- C:\Users\Dan\Desktop\CONCEPT 2 copy.png
[2010/08/17 17:43:40 | 003,154,288 | ---- | C] () -- C:\Users\Dan\Desktop\CONCEPT 2 copy.jpg
[2010/08/17 17:42:58 | 088,461,918 | ---- | C] () -- C:\Users\Dan\Desktop\CONCEPT 2.psd
[2010/08/17 17:34:45 | 003,893,048 | ---- | C] () -- C:\Users\Dan\Desktop\concept.psd
[2010/08/17 17:15:36 | 000,316,171 | ---- | C] () -- C:\Users\Dan\Desktop\me 6 001.jpg
[2010/08/17 17:13:50 | 000,869,273 | ---- | C] () -- C:\Users\Dan\Desktop\me5 001.jpg
[2010/08/17 17:11:20 | 000,199,926 | ---- | C] () -- C:\Users\Dan\Desktop\me 4 001.jpg
[2010/08/17 17:09:22 | 000,264,448 | ---- | C] () -- C:\Users\Dan\Desktop\me 3 001.jpg
[2010/08/17 17:07:52 | 000,483,203 | ---- | C] () -- C:\Users\Dan\Desktop\me2 001.jpg
[2010/08/17 17:05:26 | 000,244,374 | ---- | C] () -- C:\Users\Dan\Desktop\me 1 001.jpg
[2010/08/17 11:52:24 | 000,080,384 | ---- | C] () -- C:\Users\Dan\Desktop\MBRCheck.exe
[2010/08/16 23:47:13 | 418,174,149 | ---- | C] () -- C:\Users\Dan\Desktop\gisele.flv
[2010/08/15 22:11:58 | 284,310,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/15 21:44:53 | 000,293,376 | ---- | C] () -- C:\Users\Dan\Desktop\ud1j6p66.exe
[2010/08/15 21:43:16 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 21:41:30 | 000,040,748 | ---- | C] () -- C:\Users\Dan\Desktop\4716-malwarebytes-anti-malware.html
[2010/08/15 21:19:54 | 000,058,516 | ---- | C] () -- C:\Users\Dan\Documents\36351_397990623439_50990843 9_4357240_7780994_n.jpg
[2010/08/15 19:16:13 | 000,035,678 | ---- | C] () -- C:\Users\Dan\Documents\cool.jpg
[2010/08/13 12:55:11 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/13 03:05:01 | 000,000,172 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/12 22:43:32 | 000,127,575 | ---- | C] () -- C:\Users\Dan\Desktop\35952_487702296039_610761039_ 6868293_2795679_n.jpg
[2010/08/07 14:51:47 | 019,461,015 | ---- | C] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/08/02 22:31:00 | 001,005,995 | ---- | C] () -- C:\Users\Dan\Documents\copy.jpg
[2010/07/30 22:31:17 | 000,060,066 | ---- | C] () -- C:\Users\Dan\Documents\35774_10150206796490182_663 565181_13430867_2323525_n.jpg
[2010/07/30 21:58:22 | 000,058,460 | ---- | C] () -- C:\Users\Dan\Documents\30486_398506968439_50990843 9_4369592_5488874_n.jpg
[2010/07/30 21:58:14 | 000,049,566 | ---- | C] () -- C:\Users\Dan\Documents\31818_10150225051115002_813 410001_12901368_4718338_n.jpg
[2010/07/30 21:58:04 | 000,034,538 | ---- | C] () -- C:\Users\Dan\Documents\31666_449199985829_50354082 9_5913127_148458_n.jpg
[2010/07/29 18:22:13 | 000,002,559 | ---- | C] () -- C:\Users\Dan\Desktop\Rosetta Stone Version 3.lnk
[2010/07/29 15:37:55 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\DANIELAMPAW.doc
[2010/07/29 11:24:27 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\Digital Communications Volunteer Test.doc
[2010/07/23 23:59:52 | 000,002,389 | ---- | C] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2010/06/29 1424 | 000,035,840 | ---- | C] () -- C:\Users\Dan\Documents\New CV.doc
[2010/06/29 00:45:37 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/04 03:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\isnooker.INI
[2010/03/09 15:49:10 | 000,004,608 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 19:22:19 | 000,000,459 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cubescrob.txt
[2010/01/02 18:30:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 1408 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2010/04/21 00:50:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
[2010/04/29 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Facebook
[2010/03/17 17:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\foobar2000
[2010/06/05 2132 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Sports Interactive
[2010/08/17 18:02:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Spotify
[2010/08/18 0048 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2010/03/18 0913 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Xilisoft Corporation
[2009/07/14 05:53:46 | 000,023,478 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Newbie
