Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus's Found with AntiVir

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus's Found with AntiVir

Unread postby iTouch1989 » December 1st, 2010, 3:59 am

Hey,

I kept having pop up from Antivir about infections found.

I ram MBAM, Spybot, Antivir and Spyware Terminator.

Spyware Terminator found nothing and Spybot found nothing as well. MBAM found
c:\Users\Jay\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\Jay\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Jay\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Jay\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
c:\Users\Jay\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.


AntiVir Found:
Starting the file scan:

Begin scan in 'C:\Users\Jay'
C:\Users\Jay\AppData\Local\Temp\SN.exe
[DETECTION] Is the TR/Agent.421888.K Trojan
Begin scan in 'C:\Windows'
Begin scan in 'C:\Users\'
C:\Users\Jay\AppData\Local\Temp\SN.exe
[DETECTION] Is the TR/Agent.421888.K Trojan
Begin scan in 'C:\Program Files'

Beginning disinfection:
C:\Users\Jay\AppData\Local\Temp\SN.exe
[DETECTION] Is the TR/Agent.421888.K Trojan
[WARNING] The file was ignored!



HjT Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:55:58, on 01/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\httpd.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\vmnetdhcp.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jay\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 6629 bytes

--------------------------

Uninstall List

Acronis Disk Director Home
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X
Avira AntiVir Personal - Free Antivirus
CCleaner
Core FTP LE 2.1
D3DX10
Defraggler
EPSON BX300F Series Printer Uninstall
Java(TM) 6 Update 22
LockHunter version 1.0 beta 3, 32 bit edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.12)
MSVCRT
Notepad++
PDF Settings CS5
Spybot - Search & Destroy
Spyware Terminator
Sticky Password 5.0.0.186
VIA Platform Device Manager
VMware Player
VMware Player
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinMerge 2.12.4
WinRAR archiver
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm
Advertisement
Register to Remove

Re: Virus's Found with AntiVir

Unread postby MWR 3 day Mod » December 5th, 2010, 1:36 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Virus's Found with AntiVir

Unread postby askey127 » December 5th, 2010, 7:59 am

Hi itouch1989,
Spyware Terminator has, to be gracious, a checkered past.
In addition, its home site is on blocklists and classified as using Misleading marketing tactics, or distributing fraudulent applications, according to hpHosts research.
In addition, Spyware Terminator includes Clam antivirus, which is active in your installation.
Your system should never have more than one running antivirus, or the conflicts can reduce your protection and make the system unstable.
I will suggest its removal as we begin here.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Spyware Terminator

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text from the code box below and paste it into the Custom Scans/Fixes box. Do not copy the word "Code:"
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the Gmer log contents and the two text file reports from OTL.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 5th, 2010, 10:45 am

Hey,

ClaimAV is not enabled and not even installed.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 14:34:57
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD800JB-00FMA0 rev.13.03G13
Running: bzscqr7o.exe; Driver: C:\Users\Jay\AppData\Local\Temp\uwldypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8F93988E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8F9390EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8F938DCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8F93A938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8F938ED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8F938FC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8F939BBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8F9393F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8F939526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8F938BFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8F939B04]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8F93970C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A98599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABCF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82AC47C8 4 Bytes [8E, 98, 93, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82AC4808 4 Bytes [EC, 90, 93, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 82AC4818 4 Bytes [CE, 8D, 93, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82AC4850 4 Bytes [38, A9, 93, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 38C 82AC489C 4 Bytes [D8, 8E, 93, 8F]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE21000, 0x352E10, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[1248] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskhost.exe[1248] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[2056] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2056] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2128] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[2128] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe[2384] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe[2384] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2412] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2412] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2468] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2468] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2988] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2988] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2988] wininet.dll!InternetErrorDlg 773B1778 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3168] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3168] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3168] USER32.dll!TrackPopupMenu 76AB4B3B 5 Bytes JMP 61A75CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[4500] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[4500] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sticky Password\stpass.exe[4976] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sticky Password\stpass.exe[4976] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5600] ntdll.dll!LdrLoadDll 7774F625 5 Bytes JMP 010B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5600] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5600] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Users\Jay\Desktop\bzscqr7o.exe[5676] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Users\Jay\Desktop\bzscqr7o.exe[5676] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5856] kernel32.dll!LoadLibraryExW 775DB6BF 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5856] USER32.dll!LoadStringW 76A95533 6 Bytes JMP 5F040F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys

Device \Driver\usbohci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbohci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbohci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbohci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-5 hcmon.sys
Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbhub \Device\00000070 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\00000071 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys
Device \Driver\usbhub \Device\00000072 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-10 hcmon.sys
Device \Driver\usbhub \Device\00000075 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-11 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-12 hcmon.sys
Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-14 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-15 hcmon.sys
Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbhub \Device\0000006c hcmon.sys
Device \Driver\usbohci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbhub \Device\0000006d hcmon.sys
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbhub \Device\0000006e hcmon.sys
Device \Driver\usbohci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbhub \Device\0000006f hcmon.sys
Device \Driver\usbohci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbohci \Device\USBFDO-6 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c@cc55ad525733 0xA8 0xEF 0x26 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c@90215585547d 0x92 0x71 0x2F 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c@cc55ad525733 0xA8 0xEF 0x26 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c@90215585547d 0x92 0x71 0x2F 0xF8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\AC687598-28BE-4336-9DFC-C4485FD577F7@IPAddress 127.0.0.1

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 05/12/2010 14:36:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jay\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 46.31 Gb Free Space | 62.14% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 93.92 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
PRC - [2010/11/24 21:24:34 | 002,216,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2010/11/24 21:24:34 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010/11/17 18:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/11/03 16:07:05 | 003,113,472 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files\Sticky Password\stpass.exe
PRC - [2010/10/27 06:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/07 04:01:40 | 035,444,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/14 01:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
MOD - [2010/11/09 18:40:58 | 001,824,088 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files\Sticky Password\spCapBtn.dll
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2007/03/26 18:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 21:24:34 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/27 22:48:42 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/26 19:28:04 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/24 21:24:34 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 10:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/23 09:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/02 08:54:04 | 001,056,256 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E A0 52 97 0D 8C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.11.21.3
FF - prefs.js..extensions.enabledItems: translatorfixed@dontfollowme.net:1.0.4.4.4
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/24 21:14:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 07:40:43 | 000,000,000 | ---D | M]

[2010/11/24 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Extensions
[2010/12/05 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions
[2010/11/24 21:23:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/12/02 00:51:16 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/11/26 09:40:18 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/24 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/11/24 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\translatorfixed@dontfollowme.net
[2010/12/05 09:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/24 21:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/24 21:24:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/01 07:46:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 14:35:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/12/03 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Dec Bassline
[2010/12/02 11:39:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\EVEREST Reports
[2010/12/02 11:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/12/02 10:07:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\WinPatrol
[2010/12/02 10:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2010/12/02 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/12/01 16:10:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\EPSON
[2010/12/01 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/12/01 15:59:37 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/12/01 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/01 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Virtual Machines
[2010/12/01 07:55:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jay\Desktop\HijackThis.exe
[2010/12/01 07:48:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/01 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\temp
[2010/12/01 07:39:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/01 07:39:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/01 07:39:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/01 07:38:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/01 07:37:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/01 07:37:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/01 07:37:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/01 05:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/01 05:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/01 04:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2010/12/01 04:32:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Avira
[2010/11/30 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/30 10:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/11/30 10:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/11/30 10:45:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft Help
[2010/11/30 10:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/30 10:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/11/30 10:44:32 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/11/30 06:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\MCP Notepad LITE
[2010/11/30 05:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\CoreFTP
[2010/11/30 05:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/11/29 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Adobe
[2010/11/29 08:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/29 08:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/11/29 08:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/28 23:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\FireShot
[2010/11/28 15:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/11/28 15:33:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\LockHunter
[2010/11/28 03:06:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft Corporation
[2010/11/27 23:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\My Received Files
[2010/11/27 02:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/27 02:25:17 | 000,211,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\Dts2APO.dll
[2010/11/27 02:25:17 | 000,181,248 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\ViaMicArrayAPO.dll
[2010/11/27 02:25:17 | 000,076,288 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQPropPageExt.dll
[2010/11/27 02:25:17 | 000,071,680 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQAPO.dll
[2010/11/27 02:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2010/11/27 02:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/27 02:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\My Shared Folder
[2010/11/26 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\VMware
[2010/11/26 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\VMware
[2010/11/26 21:47:35 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/11/26 21:47:30 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/11/26 21:47:29 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/11/26 21:47:20 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/11/26 21:47:08 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/11/26 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/11/26 21:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/11/26 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/26 21:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/26 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Lamantine
[2010/11/26 19:42:24 | 000,000,000 | --SD | C] -- C:\Users\Jay\Documents\Sticky Passwords
[2010/11/26 19:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sticky Password
[2010/11/26 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/11/26 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/11/26 17:42:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/26 12:03:39 | 000,000,000 | ---D | C] -- C:\xampp
[2010/11/26 11:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Ares
[2010/11/26 11:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2010/11/26 05:38:20 | 000,000,000 | ---D | C] -- C:\Boot
[2010/11/25 02:45:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/11/24 23:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\Tracing
[2010/11/24 23:05:35 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/24 22:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/24 22:47:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/24 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/24 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/24 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Windows Live
[2010/11/24 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/11/24 22:28:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/24 22:28:51 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/24 22:28:51 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/24 22:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/24 22:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/24 22:21:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\WinRAR
[2010/11/24 22:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/24 22:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/11/24 21:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Macromedia
[2010/11/24 21:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Adobe
[2010/11/24 21:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/24 21:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Spyware Terminator
[2010/11/24 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/11/24 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010/11/24 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/24 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Mozilla
[2010/11/24 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Mozilla
[2010/11/24 21:15:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Notepad++
[2010/11/24 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/11/24 21:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/24 21:15:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/24 21:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 21:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/24 21:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/11/24 21:14:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/11/24 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/24 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/11/24 21:12:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Google
[2010/11/24 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/24 20:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/24 20:31:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/11/24 19:17:33 | 000,000,000 | R--D | C] -- C:\Users\Jay\Searches
[2010/11/24 19:17:33 | 000,000,000 | -H-D | C] -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/24 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Identities
[2010/11/24 19:17:24 | 000,000,000 | R--D | C] -- C:\Users\Jay\Contacts
[2010/11/24 19:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\VirtualStore
[2010/11/24 19:17:18 | 000,000,000 | --SD | C] -- C:\Users\Jay\AppData\Roaming\Microsoft
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Videos
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Saved Games
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Pictures
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Music
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Links
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Favorites
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Downloads
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\My Documents
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Desktop
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\Temporary Internet Files
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Templates
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Start Menu
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\SendTo
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Recent
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\PrintHood
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\NetHood
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Videos
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Pictures
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Music
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\My Documents
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Local Settings
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\History
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Cookies
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Application Data
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\Application Data
[2010/11/24 19:17:18 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData
[2010/11/24 19:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft
[2010/11/24 19:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Media Center Programs
[2010/11/24 19:16:40 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/11/24 18:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/24 18:47:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/24 18:47:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/11 13:32:10 | 000,070,768 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys
[2010/11/11 13:32:08 | 000,854,128 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys
[2010/11/11 13:31:34 | 000,023,792 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmparport.sys
[2010/11/11 12:31:28 | 000,032,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys
[2010/11/11 12:04:36 | 000,252,528 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnc.dll
[2010/11/11 10:04:54 | 000,031,280 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys
[2010/11/11 10:04:52 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/11/11 10:04:52 | 000,051,248 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/11/11 10:04:52 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/11/11 10:04:52 | 000,018,736 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/11/11 10:04:52 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys

========== Files - Modified Within 30 Days ==========

[2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/12/05 14:21:55 | 000,296,448 | ---- | M] () -- C:\Users\Jay\Desktop\bzscqr7o.exe
[2010/12/05 14:18:10 | 000,067,630 | ---- | M] () -- C:\Users\Jay\Desktop\RAnonForums1.0.2.zip
[2010/12/05 08:10:36 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 08:10:36 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 08:07:56 | 000,630,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/05 08:07:56 | 000,111,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/05 08:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 08:02:48 | 2213,892,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/04 18:24:38 | 000,043,416 | ---- | M] () -- C:\Users\Jay\Desktop\highway_rules_mod.zip
[2010/12/04 17:45:56 | 000,139,043 | ---- | M] () -- C:\Users\Jay\Desktop\Ariel-Princess2.jpg
[2010/12/04 00:27:30 | 000,053,087 | ---- | M] () -- C:\Users\Jay\Desktop\spongebob_squarepants-4842.jpg
[2010/12/03 23:04:23 | 000,008,219 | ---- | M] () -- C:\Users\Jay\Desktop\2847460465_61a9127b63.jpg
[2010/12/03 16:45:38 | 000,008,004 | ---- | M] () -- C:\Users\Jay\Desktop\contact.html
[2010/12/03 16:06:54 | 000,000,701 | ---- | M] () -- C:\Users\Jay\Desktop\contacting.html
[2010/12/02 16:33:00 | 006,047,483 | ---- | M] () -- C:\Users\Jay\Desktop\Alexis Jordan - Happiness (Official) HD.mp3
[2010/12/01 11:50:21 | 000,000,866 | ---- | M] () -- C:\Users\Jay\Desktop\percentag_bar.zip
[2010/12/01 09:00:16 | 000,029,430 | ---- | M] () -- C:\Users\Jay\Desktop\images.zip
[2010/12/01 07:55:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jay\Desktop\HijackThis.exe
[2010/12/01 07:46:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/01 07:35:08 | 001,894,056 | ---- | M] () -- C:\Users\Jay\Desktop\christmas-banners.zip
[2010/12/01 04:45:43 | 000,140,665 | ---- | M] () -- C:\Users\Jay\Desktop\gdk_buttons.zip
[2010/12/01 04:30:56 | 003,764,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/30 06:43:02 | 000,279,239 | ---- | M] () -- C:\Users\Jay\Desktop\MCP Notepad LITE.zip
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/29 16:35:01 | 000,002,482 | ---- | M] () -- C:\Users\Jay\Desktop\thanks.png
[2010/11/28 19:00:39 | 000,361,158 | ---- | M] () -- C:\Users\Jay\Desktop\crystalsmileyspack.zip
[2010/11/28 18:58:56 | 000,803,929 | ---- | M] () -- C:\Users\Jay\Desktop\smiliespak.tgz
[2010/11/28 18:58:34 | 000,001,172 | ---- | M] () -- C:\Users\Jay\Desktop\smiley.pak.zip
[2010/11/28 03:56:54 | 000,000,294 | ---- | M] () -- C:\Users\Jay\Desktop\info.gif
[2010/11/28 03:36:07 | 000,000,817 | ---- | M] () -- C:\Users\Jay\Desktop\htdocs.lnk
[2010/11/27 22:48:42 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/27 02:24:21 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/11/27 02:05:58 | 000,203,372 | RHS- | M] () -- C:\grldr
[2010/11/27 02:05:58 | 000,000,012 | RHS- | M] () -- C:\win7.ld
[2010/11/26 21:46:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/26 12:08:29 | 000,001,448 | ---- | M] () -- C:\Users\Jay\Desktop\XAMPP Control Panel.lnk
[2010/11/26 11:16:16 | 000,000,181 | ---- | M] () -- C:\Users\Jay\Documents\1.aps
[2010/11/24 21:24:34 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/11/24 21:14:47 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/24 21:12:56 | 000,002,300 | ---- | M] () -- C:\Users\Jay\Desktop\Google Chrome.lnk
[2010/11/24 19:27:06 | 000,001,407 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/24 19:16:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/24 18:54:48 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/11/24 18:50:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys
[2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys
[2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/11/11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmparport.sys
[2010/11/11 13:31:12 | 000,760,432 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys
[2010/11/11 12:04:36 | 000,252,528 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnc.dll
[2010/11/11 10:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys
[2010/11/11 10:04:52 | 000,059,952 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/11/11 10:04:52 | 000,051,248 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/11/11 10:04:52 | 000,018,736 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/05 14:21:47 | 000,296,448 | ---- | C] () -- C:\Users\Jay\Desktop\bzscqr7o.exe
[2010/12/05 14:18:09 | 000,067,630 | ---- | C] () -- C:\Users\Jay\Desktop\RAnonForums1.0.2.zip
[2010/12/04 18:24:37 | 000,043,416 | ---- | C] () -- C:\Users\Jay\Desktop\highway_rules_mod.zip
[2010/12/04 17:45:55 | 000,139,043 | ---- | C] () -- C:\Users\Jay\Desktop\Ariel-Princess2.jpg
[2010/12/04 00:27:28 | 000,053,087 | ---- | C] () -- C:\Users\Jay\Desktop\spongebob_squarepants-4842.jpg
[2010/12/03 23:02:24 | 000,008,219 | ---- | C] () -- C:\Users\Jay\Desktop\2847460465_61a9127b63.jpg
[2010/12/03 15:56:58 | 000,000,701 | ---- | C] () -- C:\Users\Jay\Desktop\contacting.html
[2010/12/03 15:40:07 | 000,008,004 | ---- | C] () -- C:\Users\Jay\Desktop\contact.html
[2010/12/02 16:29:44 | 006,047,483 | ---- | C] () -- C:\Users\Jay\Desktop\Alexis Jordan - Happiness (Official) HD.mp3
[2010/12/01 11:50:21 | 000,000,866 | ---- | C] () -- C:\Users\Jay\Desktop\percentag_bar.zip
[2010/12/01 09:00:15 | 000,029,430 | ---- | C] () -- C:\Users\Jay\Desktop\images.zip
[2010/12/01 07:39:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/01 07:39:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/01 07:39:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/01 07:39:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/01 07:39:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/01 07:33:53 | 001,894,056 | ---- | C] () -- C:\Users\Jay\Desktop\christmas-banners.zip
[2010/12/01 04:45:41 | 000,140,665 | ---- | C] () -- C:\Users\Jay\Desktop\gdk_buttons.zip
[2010/11/30 06:42:55 | 000,279,239 | ---- | C] () -- C:\Users\Jay\Desktop\MCP Notepad LITE.zip
[2010/11/29 16:34:58 | 000,002,482 | ---- | C] () -- C:\Users\Jay\Desktop\thanks.png
[2010/11/28 19:00:30 | 000,361,158 | ---- | C] () -- C:\Users\Jay\Desktop\crystalsmileyspack.zip
[2010/11/28 18:58:39 | 000,803,929 | ---- | C] () -- C:\Users\Jay\Desktop\smiliespak.tgz
[2010/11/28 18:58:33 | 000,001,172 | ---- | C] () -- C:\Users\Jay\Desktop\smiley.pak.zip
[2010/11/28 03:56:54 | 000,000,294 | ---- | C] () -- C:\Users\Jay\Desktop\info.gif
[2010/11/28 03:35:56 | 000,000,817 | ---- | C] () -- C:\Users\Jay\Desktop\htdocs.lnk
[2010/11/27 02:24:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/27 02:05:58 | 000,203,372 | RHS- | C] () -- C:\grldr
[2010/11/27 02:05:58 | 000,000,012 | RHS- | C] () -- C:\win7.ld
[2010/11/26 21:46:59 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/11/26 12:08:27 | 000,001,448 | ---- | C] () -- C:\Users\Jay\Desktop\XAMPP Control Panel.lnk
[2010/11/26 11:16:15 | 000,000,181 | ---- | C] () -- C:\Users\Jay\Documents\1.aps
[2010/11/26 05:47:45 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/11/24 21:24:34 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/11/24 21:14:47 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/24 21:12:56 | 000,002,300 | ---- | C] () -- C:\Users\Jay\Desktop\Google Chrome.lnk
[2010/11/24 19:27:06 | 000,001,407 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/24 19:17:18 | 000,000,290 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/24 19:17:18 | 000,000,272 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/24 19:16:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/24 18:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/24 18:47:11 | 2213,892,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/12/05 12:01:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\CoreFTP
[2010/12/01 16:10:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\EPSON
[2010/11/28 23:08:38 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\FireShot
[2010/11/26 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Lamantine
[2010/11/28 15:33:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\LockHunter
[2010/11/28 05:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Notepad++
[2010/12/05 14:27:20 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Spyware Terminator
[2010/12/02 10:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\WinPatrol
[2009/07/14 04:53:46 | 000,005,820 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/26 21:46:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/01 07:48:16 | 000,021,706 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/27 02:05:58 | 000,203,372 | RHS- | M] () -- C:\grldr
[2010/12/05 08:02:48 | 2213,892,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 08:02:49 | 2951,860,224 | -HS- | M] () -- C:\pagefile.sys
[2010/11/27 02:05:58 | 000,000,012 | RHS- | M] () -- C:\win7.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/24 19:27:06 | 000,000,221 | -HS- | M] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/05 14:21:55 | 000,296,448 | ---- | M] () -- C:\Users\Jay\Desktop\bzscqr7o.exe
[2010/12/01 07:55:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jay\Desktop\HijackThis.exe
[2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-03 21:50:11

< End of report >

I cannot post the extra for OTL as its gone over the charecter limit.
You do not have the required permissions to view the files attached to this post.
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 5th, 2010, 2:32 pm

itouch1989,
This O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) is the Spyware terminator antivirus.
It is the Clam AV by another name, and it is running.
Of course, you can choose whether you would like to remove Spyware Terminator.
If you would prefer to leave it, that's OK, but I would not be able to help with your machine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 5th, 2010, 2:59 pm

Oh.

Okay, I have uninstalled Spyware Terminator.

Also my system seems to have slowed way down since running the tools.
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 5th, 2010, 3:34 pm

itouch1989,
------------------------------------------------------
Warning - Compromised Data
Because the infection (Bifrose) has had remote control access to all your Internet activities, you should assume that any data on your machine may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
Don't use the infected machine to make the changes.

That infection probably came from using the Ares P2P program. The free files are loaded with malware planted by criminals.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. It can tale a while to roll up the summary log, so be patient. Post the log in your next reply, and then Reenable your Antivir protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 5th, 2010, 4:40 pm

ComboFix 10-12-04.02 - Jay 05/12/2010 20:32:27.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2815.1985 [GMT 0:00]
Running from: c:\users\Jay\Desktop\zzz.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 20:36 . 2010-12-05 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 21:49 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E45C8DB7-15E1-44CD-A47E-1ACCD4010D37}\mpengine.dll
2010-12-02 11:38 . 2010-12-02 11:38 -------- d-----w- c:\program files\Lavalys
2010-12-02 10:06 . 2010-12-02 10:06 -------- d-----w- c:\programdata\InstallMate
2010-12-02 10:06 . 2010-12-02 10:06 -------- d-----w- c:\program files\BillP Studios
2010-12-01 16:03 . 2007-07-13 00:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2010-12-01 16:03 . 2010-12-01 16:03 -------- d-----w- c:\program files\epson
2010-12-01 15:59 . 2010-12-01 16:06 -------- d-----w- c:\windows\BDOSCAN8
2010-12-01 15:36 . 2010-12-01 15:36 -------- d-----w- c:\program files\ESET
2010-12-01 05:17 . 2010-12-03 14:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-01 05:17 . 2010-12-01 05:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-30 10:47 . 2010-11-30 10:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-11-30 10:45 . 2010-11-30 10:45 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-30 10:44 . 2010-11-30 10:51 -------- d-----w- c:\programdata\Microsoft Help
2010-11-30 10:44 . 2010-11-30 10:44 -------- d-----r- C:\MSOCache
2010-11-30 05:19 . 2010-11-30 05:19 -------- d-----w- c:\program files\CoreFTP
2010-11-29 08:31 . 2010-11-29 08:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-29 08:24 . 2010-11-29 08:24 -------- d-----w- c:\program files\Adobe Media Player
2010-11-29 08:22 . 2010-11-29 08:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-28 15:54 . 2010-12-05 11:56 -------- d-----w- c:\program files\WinMerge
2010-11-27 02:24 . 2010-11-27 02:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-11-26 21:47 . 2010-11-11 13:31 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-26 21:47 . 2010-11-11 13:31 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-26 21:47 . 2010-11-11 13:29 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-26 21:47 . 2010-11-11 13:31 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-26 21:47 . 2010-11-11 13:30 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-26 21:46 . 2010-11-26 21:46 -------- d-----w- c:\program files\Common Files\VMware
2010-11-26 21:46 . 2010-12-05 19:55 -------- d-----w- c:\programdata\VMware
2010-11-26 21:46 . 2010-11-26 21:46 -------- d-----w- c:\program files\VMware
2010-11-26 21:20 . 2010-11-29 08:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-26 19:42 . 2010-12-02 09:54 -------- d-----w- c:\program files\Sticky Password
2010-11-26 19:28 . 2010-11-26 19:28 170080 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-26 19:27 . 2010-11-26 19:27 -------- d-----w- c:\program files\Common Files\Acronis
2010-11-26 19:27 . 2010-11-26 19:27 -------- d-----w- c:\program files\Acronis
2010-11-26 17:42 . 2010-11-26 17:42 -------- d-----w- c:\windows\Sun
2010-11-26 12:03 . 2009-12-20 00:00 -------- d---a-w- C:\xampp
2010-11-26 11:16 . 2010-11-26 11:16 -------- d-----w- c:\program files\Ares
2010-11-26 05:38 . 2010-11-26 05:47 -------- d-----w- C:\Boot
2010-11-25 02:45 . 2010-11-24 19:17 -------- d-----w- c:\windows\Panther
2010-11-24 23:05 . 2010-11-24 23:05 -------- d-----w- c:\windows\en
2010-11-24 22:54 . 2010-11-30 10:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-24 22:47 . 2010-11-24 22:47 -------- d-----w- c:\windows\PCHEALTH
2010-11-24 22:43 . 2010-11-24 22:54 -------- d-----w- c:\program files\Windows Live
2010-11-24 22:41 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-24 22:41 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-24 22:41 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-24 22:40 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-11-24 22:38 . 2010-11-24 22:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-24 22:34 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-24 22:34 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-24 22:32 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-24 22:32 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-11-24 22:32 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-11-24 22:30 . 2010-11-24 22:30 -------- d-----w- c:\program files\Common Files\Windows Live
2010-11-24 22:28 . 2010-11-27 22:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 22:28 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 22:28 . 2010-11-24 22:28 -------- d-----w- c:\programdata\Avira
2010-11-24 22:28 . 2010-11-24 22:28 -------- d-----w- c:\program files\Avira
2010-11-24 22:09 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-11-24 22:09 . 2007-12-07 02:08 86528 ----a-w- c:\windows\system32\E_FLBEJE.DLL
2010-11-24 22:09 . 2007-12-07 02:01 78848 ----a-w- c:\windows\system32\E_FD4BEJE.DLL
2010-11-24 22:09 . 2010-11-24 22:10 -------- d-----w- c:\programdata\EPSON
2010-11-24 21:24 . 2010-11-24 21:24 -------- d-----w- c:\program files\Common Files\Java
2010-11-24 21:24 . 2010-11-24 21:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-24 21:24 . 2010-11-24 21:24 -------- d-----w- c:\program files\Java
2010-11-24 21:15 . 2010-11-24 21:15 -------- d-----w- c:\program files\Notepad++
2010-11-24 21:15 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 21:15 . 2010-12-01 09:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 21:15 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 21:15 . 2010-11-24 21:15 -------- d-----w- c:\programdata\Malwarebytes
2010-11-24 21:15 . 2010-11-24 21:15 -------- d-----w- c:\program files\LockHunter
2010-11-24 21:14 . 2010-11-24 21:14 -------- d-----w- c:\windows\system32\Macromed
2010-11-24 21:13 . 2010-11-24 21:13 -------- d-----w- c:\program files\Defraggler
2010-11-24 21:12 . 2010-11-24 21:12 -------- d-----w- c:\program files\CCleaner
2010-11-24 20:40 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-24 20:32 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-24 20:31 . 2010-11-30 10:47 -------- d-----w- c:\program files\Microsoft.NET
2010-11-24 20:31 . 2010-12-03 14:44 -------- d-sh--w- c:\windows\Installer
2010-11-24 20:31 . 2009-11-25 12:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-24 20:31 . 2009-11-25 12:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-24 20:31 . 2009-11-25 12:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-24 20:31 . 2009-11-25 12:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-24 20:31 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-24 20:31 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-11-24 20:31 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-11-24 20:31 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-24 20:12 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-24 20:12 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-11-24 20:12 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-11-24 20:12 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-11-24 20:12 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-11-24 20:12 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-11-24 20:12 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-11-24 20:12 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-24 20:12 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-24 20:10 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-11-24 20:10 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-24 20:06 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-24 20:06 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-24 20:05 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-24 20:05 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-24 20:05 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-24 20:05 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-24 20:05 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-11-24 20:05 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-11-24 20:03 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-11-24 20:02 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-11-24 20:02 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-11-24 20:02 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-11-24 20:02 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-11-24 20:02 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-24 20:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-24 20:01 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-11-24 20:01 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-11-24 20:01 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-24 20:01 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-24 20:01 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-24 20:01 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-24 20:01 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-24 20:00 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 20:00 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-11-24 20:00 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-24 20:00 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-11-24 19:45 . 2010-10-19 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 03:59 . 2010-10-27 03:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:51 . 2010-10-27 02:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:46 . 2009-07-13 22:09 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 02:28 . 2009-06-10 21:19 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 02:14 . 2010-10-27 02:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 02:13 . 2010-10-27 02:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 02:13 . 2010-10-27 02:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:50 . 2009-07-13 22:09 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-23 00:47 . 2010-09-23 00:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 00:32 . 2010-09-23 00:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 14:03 . 2010-09-21 14:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
.

------- Sigcheck -------

[-] 2009-10-15 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
[-] 2009-10-15 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 03:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 04:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 13:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-06-02 1056256]

.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\
FF - component: c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Extension: translator (fixed): translatorfixed@dontfollowme.net - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\translatorfixed@dontfollowme.net
FF - Extension: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Extension: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(732)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2010-12-05 20:38:31
ComboFix-quarantined-files.txt 2010-12-05 20:38
ComboFix2.txt 2010-12-01 07:48

Pre-Run: 52,010,004,480 bytes free
Post-Run: 51,824,734,208 bytes free

- - End Of File - - 29EAABE4AA5C47DF02BA960B4CEA840E
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 5th, 2010, 5:18 pm

itouch1989,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Users\Jay\AppData\Local\Ares
    C:\Program Files\Ares
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    winlogin32.exe
    server.exe
    server.exe
    tootoo[1].exe
    file[1].exe
    ffx.exe
    VRM2008.exe
    rtfmsv.exe
    
    :regfind
    Wget
    SKavx
    A5CDF7EC-751B-46aa-AD69-4005FE080DE9
    rtfmsv.exe
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 5th, 2010, 5:35 pm

All processes killed
========== PROCESSES ==========
No active process named :Files was found!
No active process named Ares was found!
No active process named Ares was found!
No active process named :Commands was found!
No active process named [EMPTYTEMP] was found!
No active process named [Reboot] was found!

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_212555

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

After the PC restarted OTL popped up and I clicked run.
I have no uninstalled Ares as well.

SystemLook 04.09.10 by jpshortstuff
Log created at 21:30 on 05/12/2010 by Jay
Administrator - Elevation successful

========== filefind ==========

Searching for "winlogin32.exe"
No files found.

Searching for "server.exe"
No files found.

Searching for "server.exe"
No files found.

Searching for "tootoo[1].exe"
No files found.

Searching for "file[1].exe"
No files found.

Searching for "ffx.exe"
No files found.

Searching for "VRM2008.exe"
No files found.

Searching for "rtfmsv.exe"
No files found.

========== regfind ==========

Searching for "Wget"
[HKEY_CURRENT_USER\Software\Wget]
[HKEY_USERS\S-1-5-21-4071370452-3543571090-478128244-1001\Software\Wget]

Searching for "SKavx"
No data found.

Searching for "A5CDF7EC-751B-46aa-AD69-4005FE080DE9"
No data found.

Searching for "rtfmsv.exe"
No data found.

-= EOF =-
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 5th, 2010, 7:38 pm

iTouch1989,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Reg
    [-HKEY_CURRENT_USER\Software\Wget]
    [-HKEY_USERS\S-1-5-21-4071370452-3543571090-478128244-1001\Software\Wget]
    
    :Commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 6th, 2010, 4:16 am

OTL logfile created on: 06/12/2010 08:09:41 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jay\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.11 Gb Free Space | 64.55% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 93.92 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
PRC - [2010/11/17 18:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/10/27 06:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/14 01:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2007/03/26 18:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/27 22:48:42 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/26 19:28:04 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 10:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/10/27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/10/27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/23 09:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/02 08:54:04 | 001,056,256 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E A0 52 97 0D 8C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.11.21.3
FF - prefs.js..extensions.enabledItems: translatorfixed@dontfollowme.net:1.0.4.4.4
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/24 21:14:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 07:40:43 | 000,000,000 | ---D | M]

[2010/11/24 21:16:25 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Extensions
[2010/12/05 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions
[2010/11/24 21:23:53 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/12/02 00:51:16 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/11/26 09:40:18 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/24 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/11/24 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\7e975x6l.default\extensions\translatorfixed@dontfollowme.net
[2010/12/05 09:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/24 21:24:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/24 21:24:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/01 07:46:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 21:25:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/05 20:37:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/05 20:30:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/05 18:47:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\MCP Notepad (Advanced)
[2010/12/05 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Medals_System_MOD_0.11.1
[2010/12/05 17:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\gdk_buttons
[2010/12/05 14:35:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/12/03 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Dec Bassline
[2010/12/02 11:39:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\EVEREST Reports
[2010/12/02 11:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/12/02 10:07:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\WinPatrol
[2010/12/02 10:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2010/12/02 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/12/01 16:10:14 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\EPSON
[2010/12/01 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/12/01 15:59:37 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/12/01 15:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/01 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Virtual Machines
[2010/12/01 07:55:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jay\Desktop\HijackThis.exe
[2010/12/01 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\temp
[2010/12/01 07:39:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/01 07:39:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/01 07:39:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/01 07:38:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/01 07:37:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/01 05:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/01 05:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/01 04:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Malwarebytes
[2010/12/01 04:32:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Avira
[2010/11/30 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/30 10:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/11/30 10:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/11/30 10:45:04 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft Help
[2010/11/30 10:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/30 10:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/11/30 10:44:32 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/11/30 06:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\MCP Notepad LITE
[2010/11/30 05:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\CoreFTP
[2010/11/30 05:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2010/11/29 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Adobe
[2010/11/29 08:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/29 08:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/11/29 08:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/28 23:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\FireShot
[2010/11/28 15:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/11/28 15:33:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\LockHunter
[2010/11/28 03:06:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft Corporation
[2010/11/27 23:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\My Received Files
[2010/11/27 02:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/27 02:25:17 | 000,211,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\Dts2APO.dll
[2010/11/27 02:25:17 | 000,181,248 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\ViaMicArrayAPO.dll
[2010/11/27 02:25:17 | 000,076,288 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQPropPageExt.dll
[2010/11/27 02:25:17 | 000,071,680 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQAPO.dll
[2010/11/27 02:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2010/11/27 02:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/27 02:10:15 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\My Shared Folder
[2010/11/26 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\VMware
[2010/11/26 22:41:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\VMware
[2010/11/26 21:47:35 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/11/26 21:47:30 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/11/26 21:47:29 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/11/26 21:47:20 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/11/26 21:47:08 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/11/26 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/11/26 21:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/11/26 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/26 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/26 21:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/26 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Lamantine
[2010/11/26 19:42:24 | 000,000,000 | --SD | C] -- C:\Users\Jay\Documents\Sticky Passwords
[2010/11/26 19:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sticky Password
[2010/11/26 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/11/26 19:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/11/26 17:42:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/26 12:03:39 | 000,000,000 | ---D | C] -- C:\xampp
[2010/11/26 11:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Ares
[2010/11/26 05:38:20 | 000,000,000 | ---D | C] -- C:\Boot
[2010/11/25 02:45:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/11/24 23:06:40 | 000,000,000 | ---D | C] -- C:\Users\Jay\Tracing
[2010/11/24 23:05:35 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/24 22:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/24 22:47:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/24 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/24 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/24 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Windows Live
[2010/11/24 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/11/24 22:28:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/24 22:28:51 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/24 22:28:51 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/24 22:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/24 22:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/24 22:21:27 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\WinRAR
[2010/11/24 22:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/24 22:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/11/24 21:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Macromedia
[2010/11/24 21:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Adobe
[2010/11/24 21:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/24 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/24 21:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/24 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Mozilla
[2010/11/24 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Mozilla
[2010/11/24 21:15:43 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Notepad++
[2010/11/24 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/11/24 21:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/24 21:15:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/24 21:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 21:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/24 21:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2010/11/24 21:14:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/11/24 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/24 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/11/24 21:12:55 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Google
[2010/11/24 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/24 20:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/24 20:31:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/11/24 19:17:33 | 000,000,000 | R--D | C] -- C:\Users\Jay\Searches
[2010/11/24 19:17:33 | 000,000,000 | -H-D | C] -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/24 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Identities
[2010/11/24 19:17:24 | 000,000,000 | R--D | C] -- C:\Users\Jay\Contacts
[2010/11/24 19:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\VirtualStore
[2010/11/24 19:17:18 | 000,000,000 | --SD | C] -- C:\Users\Jay\AppData\Roaming\Microsoft
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Videos
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Saved Games
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Pictures
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Music
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Links
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Favorites
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Downloads
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\My Documents
[2010/11/24 19:17:18 | 000,000,000 | R--D | C] -- C:\Users\Jay\Desktop
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\Temporary Internet Files
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Templates
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Start Menu
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\SendTo
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Recent
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\PrintHood
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\NetHood
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Videos
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Pictures
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Documents\My Music
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\My Documents
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Local Settings
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\History
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Cookies
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\Application Data
[2010/11/24 19:17:18 | 000,000,000 | -HSD | C] -- C:\Users\Jay\AppData\Local\Application Data
[2010/11/24 19:17:18 | 000,000,000 | -H-D | C] -- C:\Users\Jay\AppData
[2010/11/24 19:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Microsoft
[2010/11/24 19:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Media Center Programs
[2010/11/24 19:16:40 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/11/24 18:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/24 18:47:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/11/24 18:47:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/11 13:32:10 | 000,070,768 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys
[2010/11/11 13:32:08 | 000,854,128 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys
[2010/11/11 13:31:34 | 000,023,792 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmparport.sys
[2010/11/11 12:31:28 | 000,032,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys
[2010/11/11 12:04:36 | 000,252,528 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnc.dll
[2010/11/11 10:04:54 | 000,031,280 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys
[2010/11/11 10:04:52 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/11/11 10:04:52 | 000,051,248 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/11/11 10:04:52 | 000,036,400 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/11/11 10:04:52 | 000,018,736 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/11/11 10:04:52 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys

========== Files - Modified Within 30 Days ==========

[2010/12/06 08:09:40 | 000,630,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/06 08:09:40 | 000,111,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/06 08:07:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 08:07:50 | 2213,892,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 22:56:26 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 22:56:26 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 21:29:09 | 000,075,264 | ---- | M] () -- C:\Users\Jay\Desktop\SystemLook.exe
[2010/12/05 20:30:45 | 003,984,562 | R--- | M] () -- C:\Users\Jay\Desktop\zzz.exe
[2010/12/05 19:55:14 | 003,851,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/05 18:46:03 | 000,323,882 | ---- | M] () -- C:\Users\Jay\Desktop\MCP Notepad ADVANCED1.0.4.zip
[2010/12/05 18:21:22 | 000,564,453 | ---- | M] () -- C:\Users\Jay\Desktop\Medals_System_MOD_0.11.1.zip
[2010/12/05 17:58:17 | 000,000,132 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/05 14:50:12 | 000,008,004 | ---- | M] () -- C:\Users\Jay\Desktop\contact.html
[2010/12/05 14:35:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/12/05 14:21:55 | 000,296,448 | ---- | M] () -- C:\Users\Jay\Desktop\bzscqr7o.exe
[2010/12/05 14:18:10 | 000,067,630 | ---- | M] () -- C:\Users\Jay\Desktop\RAnonForums1.0.2.zip
[2010/12/04 18:24:38 | 000,043,416 | ---- | M] () -- C:\Users\Jay\Desktop\highway_rules_mod.zip
[2010/12/04 17:45:56 | 000,139,043 | ---- | M] () -- C:\Users\Jay\Desktop\Ariel-Princess2.jpg
[2010/12/04 00:27:30 | 000,053,087 | ---- | M] () -- C:\Users\Jay\Desktop\spongebob_squarepants-4842.jpg
[2010/12/03 23:04:23 | 000,008,219 | ---- | M] () -- C:\Users\Jay\Desktop\2847460465_61a9127b63.jpg
[2010/12/03 16:06:54 | 000,000,701 | ---- | M] () -- C:\Users\Jay\Desktop\contacting.html
[2010/12/02 16:33:00 | 006,047,483 | ---- | M] () -- C:\Users\Jay\Desktop\Alexis Jordan - Happiness (Official) HD.mp3
[2010/12/01 11:50:21 | 000,000,866 | ---- | M] () -- C:\Users\Jay\Desktop\percentag_bar.zip
[2010/12/01 09:00:16 | 000,029,430 | ---- | M] () -- C:\Users\Jay\Desktop\images.zip
[2010/12/01 07:55:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jay\Desktop\HijackThis.exe
[2010/12/01 07:46:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/01 07:35:08 | 001,894,056 | ---- | M] () -- C:\Users\Jay\Desktop\christmas-banners.zip
[2010/12/01 04:45:43 | 000,140,665 | ---- | M] () -- C:\Users\Jay\Desktop\gdk_buttons.zip
[2010/11/30 06:43:02 | 000,279,239 | ---- | M] () -- C:\Users\Jay\Desktop\MCP Notepad LITE.zip
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/29 16:35:01 | 000,002,482 | ---- | M] () -- C:\Users\Jay\Desktop\thanks.png
[2010/11/28 19:00:39 | 000,361,158 | ---- | M] () -- C:\Users\Jay\Desktop\crystalsmileyspack.zip
[2010/11/28 18:58:56 | 000,803,929 | ---- | M] () -- C:\Users\Jay\Desktop\smiliespak.tgz
[2010/11/28 18:58:34 | 000,001,172 | ---- | M] () -- C:\Users\Jay\Desktop\smiley.pak.zip
[2010/11/28 03:56:54 | 000,000,294 | ---- | M] () -- C:\Users\Jay\Desktop\info.gif
[2010/11/28 03:36:07 | 000,000,817 | ---- | M] () -- C:\Users\Jay\Desktop\htdocs.lnk
[2010/11/27 22:48:42 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/27 02:24:21 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/11/27 02:05:58 | 000,203,372 | RHS- | M] () -- C:\grldr
[2010/11/27 02:05:58 | 000,000,012 | RHS- | M] () -- C:\win7.ld
[2010/11/26 21:46:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/26 12:08:29 | 000,001,448 | ---- | M] () -- C:\Users\Jay\Desktop\XAMPP Control Panel.lnk
[2010/11/26 11:16:16 | 000,000,181 | ---- | M] () -- C:\Users\Jay\Documents\1.aps
[2010/11/24 21:14:47 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/24 21:12:56 | 000,002,300 | ---- | M] () -- C:\Users\Jay\Desktop\Google Chrome.lnk
[2010/11/24 19:27:06 | 000,001,407 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/24 19:16:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/24 18:54:48 | 000,042,049 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/11/24 18:50:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmci.sys
[2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmx86.sys
[2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/11/11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmparport.sys
[2010/11/11 13:31:12 | 000,760,432 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\hcmon.sys
[2010/11/11 12:04:36 | 000,252,528 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnc.dll
[2010/11/11 10:04:54 | 000,031,280 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmusb.sys
[2010/11/11 10:04:52 | 000,059,952 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/11/11 10:04:52 | 000,051,248 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/11/11 10:04:52 | 000,018,736 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/05 21:29:07 | 000,075,264 | ---- | C] () -- C:\Users\Jay\Desktop\SystemLook.exe
[2010/12/05 20:28:59 | 003,984,562 | R--- | C] () -- C:\Users\Jay\Desktop\zzz.exe
[2010/12/05 18:45:18 | 000,323,882 | ---- | C] () -- C:\Users\Jay\Desktop\MCP Notepad ADVANCED1.0.4.zip
[2010/12/05 18:20:57 | 000,564,453 | ---- | C] () -- C:\Users\Jay\Desktop\Medals_System_MOD_0.11.1.zip
[2010/12/05 17:57:29 | 000,000,132 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/05 14:21:47 | 000,296,448 | ---- | C] () -- C:\Users\Jay\Desktop\bzscqr7o.exe
[2010/12/05 14:18:09 | 000,067,630 | ---- | C] () -- C:\Users\Jay\Desktop\RAnonForums1.0.2.zip
[2010/12/04 18:24:37 | 000,043,416 | ---- | C] () -- C:\Users\Jay\Desktop\highway_rules_mod.zip
[2010/12/04 17:45:55 | 000,139,043 | ---- | C] () -- C:\Users\Jay\Desktop\Ariel-Princess2.jpg
[2010/12/04 00:27:28 | 000,053,087 | ---- | C] () -- C:\Users\Jay\Desktop\spongebob_squarepants-4842.jpg
[2010/12/03 23:02:24 | 000,008,219 | ---- | C] () -- C:\Users\Jay\Desktop\2847460465_61a9127b63.jpg
[2010/12/03 15:56:58 | 000,000,701 | ---- | C] () -- C:\Users\Jay\Desktop\contacting.html
[2010/12/03 15:40:07 | 000,008,004 | ---- | C] () -- C:\Users\Jay\Desktop\contact.html
[2010/12/02 16:29:44 | 006,047,483 | ---- | C] () -- C:\Users\Jay\Desktop\Alexis Jordan - Happiness (Official) HD.mp3
[2010/12/01 11:50:21 | 000,000,866 | ---- | C] () -- C:\Users\Jay\Desktop\percentag_bar.zip
[2010/12/01 09:00:15 | 000,029,430 | ---- | C] () -- C:\Users\Jay\Desktop\images.zip
[2010/12/01 07:39:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/01 07:39:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/01 07:39:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/01 07:39:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/01 07:39:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/01 07:33:53 | 001,894,056 | ---- | C] () -- C:\Users\Jay\Desktop\christmas-banners.zip
[2010/12/01 04:45:41 | 000,140,665 | ---- | C] () -- C:\Users\Jay\Desktop\gdk_buttons.zip
[2010/11/30 06:42:55 | 000,279,239 | ---- | C] () -- C:\Users\Jay\Desktop\MCP Notepad LITE.zip
[2010/11/29 16:34:58 | 000,002,482 | ---- | C] () -- C:\Users\Jay\Desktop\thanks.png
[2010/11/28 19:00:30 | 000,361,158 | ---- | C] () -- C:\Users\Jay\Desktop\crystalsmileyspack.zip
[2010/11/28 18:58:39 | 000,803,929 | ---- | C] () -- C:\Users\Jay\Desktop\smiliespak.tgz
[2010/11/28 18:58:33 | 000,001,172 | ---- | C] () -- C:\Users\Jay\Desktop\smiley.pak.zip
[2010/11/28 03:56:54 | 000,000,294 | ---- | C] () -- C:\Users\Jay\Desktop\info.gif
[2010/11/28 03:35:56 | 000,000,817 | ---- | C] () -- C:\Users\Jay\Desktop\htdocs.lnk
[2010/11/27 02:24:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/27 02:05:58 | 000,203,372 | RHS- | C] () -- C:\grldr
[2010/11/27 02:05:58 | 000,000,012 | RHS- | C] () -- C:\win7.ld
[2010/11/26 21:46:59 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/11/26 12:08:27 | 000,001,448 | ---- | C] () -- C:\Users\Jay\Desktop\XAMPP Control Panel.lnk
[2010/11/26 11:16:15 | 000,000,181 | ---- | C] () -- C:\Users\Jay\Documents\1.aps
[2010/11/26 05:47:45 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/11/24 21:14:47 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/24 21:12:56 | 000,002,300 | ---- | C] () -- C:\Users\Jay\Desktop\Google Chrome.lnk
[2010/11/24 19:27:06 | 000,001,407 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/24 19:17:18 | 000,000,290 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/24 19:17:18 | 000,000,272 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/24 19:16:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/11/24 18:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/24 18:47:11 | 2213,892,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/12/05 12:01:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\CoreFTP
[2010/12/01 16:10:14 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\EPSON
[2010/11/28 23:08:38 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\FireShot
[2010/11/26 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Lamantine
[2010/11/28 15:33:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\LockHunter
[2010/11/28 05:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Notepad++
[2010/12/02 10:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\WinPatrol
[2009/07/14 04:53:46 | 000,007,060 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


A friend of mine is doing security training on another board and he looked through the logs I have posted here and he said the there is a Windows Live program something that does slide shows of all the pictures on my PC that could be a resource hog. I have not done anything with this, I thought I would ask you about it.
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 6th, 2010, 8:37 am

iTouch1989,
Your machine appears to be free of malware.
You can delete OTL, SystemLook, Combofix (zzz.exe) from your desktop.
I would keep TFC and use it about once a week or so to remove excess junk files.

There are a number of things you can do to speed things up.
Most have to do with removing unnecessary programs from startup.
You can use Winpatrol to alter startups. It won't remove programs, just prevent them from starting automatically. You can disable and enable startups easily to optimize results.

You can Uninstall Windows Live Photo Gallery if you don't use it. Same goes for other features of Windows Live you don't use.

You should think about how or when you use VMware. It is running a lot of services and will use up a significant amount of RAM.
In that connection, be careful about how you close any virtual machine. If you don't shut down the other operating system(s), it will actually stay running and using resources.

When you are finished optimizing Startups and Removals, you can run TFC, and then you can use Start, Computer, right click C: drive, choose Properties,click the Tools tab and click Defragment now.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus's Found with AntiVir

Unread postby iTouch1989 » December 6th, 2010, 9:05 am

Thank you Askey127 for all your help and support.
iTouch1989
Active Member
 
Posts: 11
Joined: November 9th, 2010, 9:22 pm

Re: Virus's Found with AntiVir

Unread postby askey127 » December 6th, 2010, 9:47 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware