Help Google redirect in firefox and IE malware [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Help Google redirect in firefox and IE malware [Solved]

#1 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 05 April 2010 - 11:03 AM

My google results from firefox are being hijacked to other places.
The re-directions usually do not get very far as I've had this infection before so my hosts file is now pre-loaded with entries that just point to localhost.

It affects firefox and IE and something I did below managed to remove it from chrome.
I have run

malwarebytes - standard mode and safe mode
microsoft security tools
tddserv removal
vundo removal
superantispyware
kaspersky online scanner (older version)
ad-aware
pc-tools online scanner
nod32 online scanner
GooredFix
prevx scan
hitmanpro 3.5

ccleaner and removed all temps and registry entries that it found
but the problem is still there.

Please help!
thanks

BTW- for others that have this problem and cannot get to anywhere from the google search links displayed, you can bypass whatever the malware is doing by dragging the link from the results page to a new tab or to the top of the tab. This does get around the problem but the infection is still there of course.

#2 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 05 April 2010 - 01:15 PM

Hello outta-google and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
    • Sections
    • IAT/EAT
    • Drives/Partition other than System drive (typically C:\)
    • Show all (important)

  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Please also post your last Malwarebytes log.

#3 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 05 April 2010 - 11:17 PM

I'm having trouble getting the output from gmer. I completed but then when I tried to save the log file, it locked up. I had to reboot. I'm posting the other items I have and will post gmer.log when I can get it.
==========================================================================================================
OTL logfile created on: 4/5/2010 6:48:35 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Colin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 5.71 Gb Free Space | 11.69% Space Free | Partition Type: NTFS
Drive D: | 100.21 Gb Total Space | 5.68 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COLIN-QUAD-CORE
Current User Name: Colin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Colin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TaggedFrog\TaggedFrog.exe (LunarFrog.com)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\GIGABYTE\GEST\gest.exe ()
PRC - C:\Program Files\GIGABYTE\GEST\GSvr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\Snagit\SnagPriv.exe (TechSmith Corporation)
PRC - D:\Program Files\Snagit\TscHelp.exe (TechSmith Corporation)
PRC - D:\Program Files\Snagit\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Colin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\GEST\GSvr.exe ()
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (JRAID) -- C:\WINDOWS\system32\Drivers\jraid.tsk ()
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WsAudioDevice_383) -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (PIAFCTM) -- C:\WINDOWS\system32\drivers\PIAFCTM.sys (NetworkActiv Software)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Windows ® 2000 DDK provider)
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder Audio Edition\SysInfo.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Ahead Software AG)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 84 A9 C3 77 D4 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.0
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {959615e6-98ef-4c26-9ce0-27b7ed3defa4}:1.2
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/02/16 20:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 14:10:32 | 000,000,000 | ---D | M]

[2008/07/28 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions
[2010/04/04 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions
[2009/09/05 09:22:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 09:32:25 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/04/03 20:44:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/29 00:08:32 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/04/04 21:26:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/09 07:49:31 | 000,000,000 | ---D | M] (Passive Cache) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{959615e6-98ef-4c26-9ce0-27b7ed3defa4}
[2009/08/05 19:47:37 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/04/03 19:43:44 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2008/10/12 08:09:44 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/08/10 17:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\ChoiceGuard@Microsoft
[2009/08/06 07:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\fastdial@telega.phpnet.us
[2008/11/21 08:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\errowjpz.default\extensions\moveplayer@movenetworks.com
[2010/04/04 21:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/31 01:45:53 | 000,625,977 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\Snagit\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\Snagit\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Colin\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Meebo Notifier] C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TaggedFrog] C:\Program Files\TaggedFrog\TaggedFrog.exe (LunarFrog.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = D:\Program Files\Snagit\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} http://203.97.234.193/PlayerPT.cab (PlayerPT Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...938/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/28 12:41:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\Shell\AutoRun\command - "" = N:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\Shell\Setup FlipShare\command - "" = N:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\phone\command - "" = N:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/29 05:22:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - File not found
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WebrootSpySweeperService - File not found
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F130EB38-9720-4E50-A9FB-23F58F934B4F} - Vector Graphics Rendering (VML)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60249255767441408)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/05 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\geekstogo instruction_files
[2010/04/05 18:32:21 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/04/04 18:58:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/04/04 12:29:42 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/04/04 12:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/04 11:26:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Colin\Recent
[2010/04/04 00:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/04 00:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\SUPERAntiSpyware.com
[2010/04/04 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/03 21:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\ccleaner registry backups of changes
[2010/04/03 20:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/03 20:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/03 20:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/03 20:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/04/03 20:28:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/03 20:28:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/03 20:28:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/01 16:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2010/03/31 22:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/31 13:03:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registry Drill
[2010/03/31 13:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Desk Utilities
[2010/03/30 23:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/03/29 21:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\GooredFix Backups
[2010/03/29 21:16:37 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/03/29 19:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/03/29 19:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/03/28 11:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/28 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\virusmalwarescans
[2010/03/23 08:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/03/21 14:43:31 | 000,000,000 | ---D | C] -- C:\flvrecorder
[2010/03/21 13:53:18 | 000,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/03/21 13:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\My Recordings
[2010/03/21 13:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\mdnslib
[2010/03/21 13:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Applian Director
[2010/03/21 13:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\FLVService
[2010/03/21 13:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\Ask and Record Toolbar
[2010/03/21 13:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2010/03/21 13:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2010/03/20 10:56:54 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2010/03/20 10:55:00 | 000,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2010/03/20 10:50:18 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2010/03/20 10:50:11 | 000,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2010/03/20 10:50:10 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2010/03/20 10:50:09 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/03/20 10:50:09 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/03/20 10:50:09 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/03/20 10:50:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/03/20 10:50:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/03/20 10:50:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2010/03/19 12:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/18 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/03/18 09:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Cool Record Edit Pro
[2010/03/18 08:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Free Sound Recorder
[2010/03/18 08:52:39 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2010/03/18 08:52:38 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2010/03/18 08:52:38 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/03/18 08:52:38 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2010/03/18 08:52:38 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2010/03/18 08:52:38 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/03/18 08:52:38 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/03/18 08:52:38 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/03/18 08:52:38 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/03/18 08:52:38 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2010/03/18 08:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2010/03/17 23:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\QuickScan
[2010/03/15 15:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\YAMB
[2010/03/15 12:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\My_MP4Box_GUI
[2010/03/14 14:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/03/14 14:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/03/13 09:33:07 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/03/13 09:33:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/03/13 09:33:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/03/13 09:33:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/03/13 09:33:06 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/03/13 09:33:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/03/13 09:33:06 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/03/13 09:33:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/03/13 09:33:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/03/13 09:33:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/03/13 09:33:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/03/13 09:33:05 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/03/13 09:33:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/03/13 09:33:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/03/13 09:33:05 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/03/13 09:33:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/03/13 09:33:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/03/13 09:33:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/03/13 09:33:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/03/13 09:33:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/03/13 09:33:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/03/13 09:33:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/03/13 09:33:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/03/13 09:33:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/03/13 09:33:04 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/03/13 09:33:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/03/13 09:33:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/03/13 09:33:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/03/13 09:33:03 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/03/13 09:33:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/03/13 09:33:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/03/13 09:33:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/03/13 09:33:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/03/13 09:33:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/03/13 09:33:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/03/13 09:33:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/03/13 09:33:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/03/13 09:33:02 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/03/13 09:33:02 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/03/13 09:33:02 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/03/13 09:33:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/03/13 09:33:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/03/13 09:33:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/03/13 09:33:01 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/03/13 09:33:00 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/03/13 09:32:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/03/13 09:32:59 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/03/13 09:32:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/03/13 09:32:58 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/03/13 09:32:58 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/03/13 09:32:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/03/13 09:32:58 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/03/13 09:32:58 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/03/13 09:32:57 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/03/13 09:32:56 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/03/13 09:32:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/03/13 09:32:56 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/03/13 09:32:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/03/13 09:32:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/03/13 09:32:46 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/03/13 09:32:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/03/13 09:32:45 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/03/13 09:32:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/03/13 09:32:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/03/13 09:32:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/03/13 09:32:45 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/03/13 09:32:44 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/03/13 09:32:43 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/03/13 09:32:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/03/13 09:32:21 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/03/13 09:32:21 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/03/13 09:32:20 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/03/13 09:32:19 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/03/13 09:32:19 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/03/13 09:32:19 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/03/13 09:32:19 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/03/13 09:32:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/03/13 09:32:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/03/13 09:10:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/13 09:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/13 09:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/13 09:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/13 09:09:45 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wavdest.ax
[2010/03/13 09:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/11 22:50:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Colin\IECompatCache
[2010/03/08 10:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/25 23:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/25 21:51:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/25 21:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2009/12/17 08:24:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/17 08:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/17 08:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/15 00:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/12/15 00:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/15 00:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/12/15 00:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2009/07/02 21:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2009/05/11 07:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/09 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/05 21:51:20 | 000,120,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2008/10/08 21:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/05 18:43:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DDE4C4D2-861F-463E-94CF-81B486F25D76}.job
[2010/04/05 18:37:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/05 18:34:51 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\gmer.zip
[2010/04/05 18:34:18 | 000,065,947 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\geekstogo instruction.htm
[2010/04/05 18:32:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/04/05 17:57:36 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-861567501-839522115-1003UA.job
[2010/04/05 14:54:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-861567501-839522115-1003Core.job
[2010/04/05 11:00:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/05 08:34:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 07:31:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/05 07:23:07 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/05 07:19:53 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/05 07:19:08 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/04/05 07:19:03 | 000,179,921 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/05 07:17:48 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\xxgpnwxb.job
[2010/04/05 07:17:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 07:17:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 07:12:45 | 022,806,528 | -H-- | M] () -- C:\Documents and Settings\Colin\NTUSER.DAT
[2010/04/05 07:12:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Colin\ntuser.ini
[2010/04/04 12:21:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/04 12:20:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/04 11:21:25 | 000,002,705 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Restore System.mm
[2010/04/04 08:38:16 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Trillian.lnk
[2010/04/04 00:07:39 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/03 22:39:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 22:39:44 | 000,144,384 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 20:44:35 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\CCleaner.lnk
[2010/04/03 20:29:03 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/04/03 14:10:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/02 07:54:54 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Google Chrome.lnk
[2010/04/01 08:38:14 | 000,149,959 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\google april fools-2.jpg
[2010/04/01 08:37:05 | 000,160,408 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\google april fools.jpg
[2010/03/31 22:04:34 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/03/31 21:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 17:08:31 | 000,041,980 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\dhcp client list.jpg
[2010/03/31 13:09:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/30 22:31:13 | 001,732,376 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\3-30-2010-headlines.jpg
[2010/03/30 22:30:57 | 001,085,781 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\3-30-2010-headlines.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 21:16:37 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/03/29 21:16:37 | 000,000,398 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2010/03/29 20:32:02 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/03/28 23:26:51 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\GMR-rtkit-45b823n5.exe
[2010/03/27 21:36:38 | 000,223,589 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\bookmarks test.mm
[2010/03/27 20:50:07 | 000,000,005 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/03/27 20:50:06 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/03/27 14:51:30 | 000,042,726 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\To Do - Goals.mm
[2010/03/26 23:41:23 | 000,009,989 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\China ACC.mm
[2010/03/25 19:32:27 | 001,470,572 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\File Finder.mm
[2010/03/22 07:12:31 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/03/21 23:32:43 | 000,064,512 | RHS- | M] () -- C:\WINDOWS\System32\tsbyuvx.dll
[2010/03/21 14:43:26 | 000,000,156 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/03/21 14:11:12 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/03/21 14:11:12 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/03/20 20:46:55 | 000,000,827 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 10:55:00 | 000,106,557 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2010/03/20 10:52:05 | 000,576,496 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 10:52:05 | 000,481,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/20 10:52:05 | 000,084,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 13:04:21 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\DivX Movies.lnk
[2010/03/19 13:04:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/03/19 13:03:58 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/03/18 18:20:35 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/03/18 08:52:40 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Cool Record Edit Pro.lnk
[2010/03/18 08:52:40 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Free Sound Recorder.lnk
[2010/03/17 22:28:09 | 015,100,555 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\vlc-record-2010-03-17-22h27m53s-Maneeshka VID00201.MP4-.mp4
[2010/03/16 16:16:27 | 000,029,415 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\tessa snail.jpg
[2010/03/15 15:38:08 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Yamb.lnk
[2010/03/14 23:57:20 | 000,115,695 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\TESSAPROJECT.JPG
[2010/03/13 09:22:42 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iClone v4.0 PRO.lnk
[2010/03/13 09:21:52 | 000,000,076 | RHS- | M] () -- C:\WINDOWS\ICSET40.BIN
[2010/03/13 09:11:18 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.0 PRO.lnk
[2010/03/13 09:11:02 | 000,000,076 | RHS- | M] () -- C:\WINDOWS\CT6PRET.BIN
[2010/03/09 04:28:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/09 04:28:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/09 04:28:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/09 02:16:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/08 10:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/08 08:48:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2010/03/06 19:01:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\PRNC Voting 03-2010.xls
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/05 18:34:49 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\gmer.zip
[2010/04/05 18:34:06 | 000,065,947 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\geekstogo instruction.htm
[2010/04/04 12:27:10 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/04 12:21:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/04 00:07:39 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/03 20:44:46 | 000,002,705 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Restore System.mm
[2010/04/03 20:44:35 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\CCleaner.lnk
[2010/04/03 20:29:03 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2010/04/01 08:38:14 | 000,149,959 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\google april fools-2.jpg
[2010/04/01 08:37:04 | 000,160,408 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\google april fools.jpg
[2010/03/31 22:04:34 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/03/31 17:08:31 | 000,041,980 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\dhcp client list.jpg
[2010/03/30 22:31:13 | 001,732,376 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\3-30-2010-headlines.jpg
[2010/03/30 22:30:55 | 001,085,781 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\3-30-2010-headlines.pdf
[2010/03/29 21:16:37 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2010/03/29 19:55:52 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/29 19:55:29 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/03/28 23:26:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\GMR-rtkit-45b823n5.exe
[2010/03/26 18:39:30 | 000,009,989 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\China ACC.mm
[2010/03/21 23:32:44 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\xxgpnwxb.job
[2010/03/21 23:32:43 | 000,064,512 | RHS- | C] () -- C:\WINDOWS\System32\tsbyuvx.dll
[2010/03/21 14:43:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/03/21 13:53:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/03/19 17:26:34 | 001,578,423 | R--- | C] () -- C:\Documents and Settings\Colin\Desktop\Ceci Singing-Ikaw1.wma
[2010/03/19 13:04:21 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\DivX Movies.lnk
[2010/03/19 13:04:08 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/03/19 13:03:58 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/03/18 18:20:35 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/03/18 18:20:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/03/18 08:52:40 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Cool Record Edit Pro.lnk
[2010/03/18 08:52:40 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Free Sound Recorder.lnk
[2010/03/18 08:52:39 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2010/03/17 22:28:09 | 015,100,555 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\vlc-record-2010-03-17-22h27m53s-Maneeshka VID00201.MP4-.mp4
[2010/03/16 16:16:26 | 000,029,415 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\tessa snail.jpg
[2010/03/14 23:54:18 | 000,115,695 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\TESSAPROJECT.JPG
[2010/03/13 09:22:42 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iClone v4.0 PRO.lnk
[2010/03/13 09:21:52 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\ICSET40.BIN
[2010/03/13 09:11:18 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.0 PRO.lnk
[2010/03/13 09:11:02 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT6PRET.BIN
[2010/03/11 22:50:29 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DDE4C4D2-861F-463E-94CF-81B486F25D76}.job
[2010/03/06 19:01:39 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\PRNC Voting 03-2010.xls
[2010/01/31 09:34:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ZENOTE_Blur.INI
[2009/12/22 22:20:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\housecall.guid.cache
[2009/09/03 08:33:14 | 000,000,422 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/08/30 23:23:29 | 000,002,041 | -H-- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\GDIPFONT571ROMV32.DAT
[2009/08/15 15:57:19 | 000,008,950 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2009/08/12 03:06:10 | 001,054,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/18 13:51:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/18 13:51:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/18 13:07:42 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/18 13:07:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/06 21:33:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/05 11:44:15 | 000,003,409 | RHS- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\GDIPFONT982CACHEV32.DAT
[2009/06/20 16:11:28 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/05 15:34:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2009/05/02 16:46:41 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/14 23:42:13 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Colin\default.pls
[2009/02/13 17:34:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 16:41:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/25 16:41:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2008/11/29 22:46:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2008/11/13 23:41:40 | 000,000,166 | ---- | C] () -- C:\WINDOWS\Gbridge.INI
[2008/11/01 14:00:05 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\Colin\ab
[2008/10/22 21:33:19 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/10/03 17:20:01 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/10/03 17:20:01 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/10/03 17:19:50 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/10/03 17:19:50 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/10/03 17:19:48 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/09/13 16:08:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Colin\vs
[2008/09/07 14:55:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/31 03:17:09 | 000,144,384 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/28 13:07:47 | 000,065,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jraid.sys
[2008/07/28 12:49:05 | 000,061,440 | -H-- | C] () -- C:\Documents and Settings\Colin\ntuser.dat.LOG
[2008/07/28 12:49:05 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Colin\ntuser.ini
[2008/07/28 12:49:04 | 022,806,528 | -H-- | C] () -- C:\Documents and Settings\Colin\NTUSER.DAT
[2008/03/19 10:34:00 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005/04/01 14:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/04/01 14:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/04/01 14:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/04/01 14:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/04/01 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/04/01 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[1999/01/21 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/11/26 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/16 13:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/10/04 21:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/06 18:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/25 19:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/12/17 08:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/14 19:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/07/28 22:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/03/19 13:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2008/09/30 19:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2009/07/06 22:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
[2008/12/22 16:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/23 08:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/03/13 18:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/14 14:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/09/02 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FXhome
[2009/12/22 21:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/03/29 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/25 21:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/11/29 22:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2009/12/06 13:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/24 21:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LunarFrog
[2008/12/27 12:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/06/20 16:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix
[2009/01/03 13:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/04 12:22:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/06 16:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/07/21 21:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/31 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/03/30 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/03/19 14:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/13 09:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/01/06 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simese
[2009/11/03 00:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/07/31 03:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/12/07 08:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/04/04 21:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/03 20:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/04 00:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/08 01:09:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/05/09 10:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/04/04 23:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 06:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2008/11/19 23:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/06/20 16:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xara
[2009/01/28 22:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/02/16 20:11:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/07/04 14:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2010/02/04 08:53:47 | 002,954,656 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2009/01/28 22:30:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
[2010/03/19 13:02:49 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2010/03/19 13:03:52 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010/03/19 13:03:58 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
[2010/03/19 13:03:59 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2009/07/17 11:06:55 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2009/07/17 11:08:03 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010/03/19 13:03:59 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2010/03/19 13:04:21 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010/03/19 13:03:59 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2010/03/19 13:04:00 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2010/03/19 13:04:01 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2010/03/19 13:04:01 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010/03/19 13:03:52 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2010/03/19 13:03:52 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010/03/19 13:04:08 | 000,057,676 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
[2010/03/19 13:02:54 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010/03/19 12:58:38 | 000,986,904 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010/03/19 13:03:57 | 000,054,629 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2010/03/19 13:04:04 | 000,084,035 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
[2010/03/19 13:04:09 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010/03/19 13:04:20 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2010/03/31 12:26:59 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/03/31 12:27:01 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/03/31 12:27:03 | 001,597,952 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/03/31 12:27:05 | 000,855,864 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/03/31 12:27:06 | 000,849,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/02/10 19:53:31 | 003,803,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010/02/16 20:14:58 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/03/31 12:27:16 | 000,885,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2010/04/04 00:07:04 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2008/05/18 12:06:10 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Simese\Data\ext\bgrun\bgrun.exe
[2008/05/18 12:06:16 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Simese\Data\ext\wget\wget.exe
[2008/01/13 19:05:56 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Simese\Data\ext\wget\wget_win32.exe

< %APPDATA%\*. >
[2009/08/01 11:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\.BitTornado
[2009/11/26 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Adobe
[2009/12/01 08:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\AdobeUM
[2008/10/24 10:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Affilorama
[2009/09/24 10:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Ahead
[2010/01/09 15:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Any Video Converter
[2010/03/21 21:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Any Video Converter Professional
[2009/01/28 22:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Apple Computer
[2009/02/14 19:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\AVS4YOU
[2009/10/12 11:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Broad Intelligence
[2009/12/16 00:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\CheckPoint
[2008/07/28 22:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Comodo
[2010/03/18 09:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Cool Record Edit Pro
[2010/03/19 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\DivX
[2010/03/14 21:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\dvdcss
[2008/09/30 19:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\eFax Messenger
[2009/05/25 09:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Eltima Software
[2010/02/20 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Facebook
[2009/02/09 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\FireShot
[2008/08/01 23:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\FLV Extract
[2010/03/18 08:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Free Sound Recorder
[2008/11/15 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Gbridge
[2009/05/09 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Google
[2010/01/04 08:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\GrabPro
[2009/11/18 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Helios
[2009/08/25 21:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Help
[2008/07/28 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Identities
[2008/07/28 13:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\InstallShield
[2010/02/25 21:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Intuit
[2008/11/29 22:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Ipswitch
[2008/09/30 21:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\j2 Global
[2008/12/25 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Leadertech
[2008/07/31 00:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Macromedia
[2009/06/20 16:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\MAGIX
[2009/01/03 13:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Malwarebytes
[2009/05/10 22:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Meebo
[2010/01/27 08:22:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Colin\Application Data\Microsoft
[2008/09/07 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Microsoft Web Folders
[2010/02/20 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\mjusbsp
[2009/01/03 14:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Morpheus Software
[2008/11/27 14:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Move Networks
[2008/07/28 22:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla
[2009/03/06 16:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\NCH Swift Sound
[2010/02/21 12:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Notepad++
[2010/02/19 22:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Openworld Learning
[2010/01/20 08:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Orbit
[2009/01/23 16:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\POP Peeper
[2009/09/08 09:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Publish Providers
[2010/03/22 13:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\QuickScan
[2009/09/29 08:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Real
[2009/02/13 17:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Simple Star
[2010/04/05 18:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Skype
[2010/04/05 16:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\skypePM
[2010/02/11 00:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\SmartDraw
[2009/01/25 21:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Sony
[2008/07/31 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Sony Setup
[2008/07/31 22:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Sun
[2010/04/04 00:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\SUPERAntiSpyware.com
[2009/01/03 10:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Thinstall
[2009/11/26 12:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\U3
[2010/04/03 14:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\vlc
[2010/01/03 23:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\WinPatrol
[2009/08/19 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Yamb

< %APPDATA%\*.exe /s >
[2009/04/02 07:52:43 | 013,171,200 | ---- | M] (Netopsystems AG ) -- C:\Documents and Settings\Colin\Application Data\Adobe\Acrobat\6.0\Updater\AdbeRdr70_enu.exe
[2008/10/24 10:37:22 | 003,287,748 | ---- | M] (Affilorama Ltd. ) -- C:\Documents and Settings\Colin\Application Data\Affilorama\TrafficTravisv3\temp\traffic_travis.exe
[2010/02/20 11:30:12 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Colin\Application Data\Facebook\uninstall.exe
[2010/03/31 22:04:34 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Colin\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2008/10/10 23:21:13 | 000,174,246 | R--- | M] () -- C:\Documents and Settings\Colin\Application Data\Microsoft\Installer\{78EFA95D-3310-4035-815B-A46BA4D0C6FA}\_47C7345AB23FBAD3F0639E.exe
[2008/10/10 23:21:13 | 000,174,246 | R--- | M] () -- C:\Documents and Settings\Colin\Application Data\Microsoft\Installer\{78EFA95D-3310-4035-815B-A46BA4D0C6FA}\_6FEFF9B68218417F98F549.exe
[2009/12/24 09:52:34 | 000,050,520 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\cdloader2.exe
[2009/12/24 09:55:00 | 012,482,904 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\magicJack.exe
[2009/12/24 09:58:40 | 000,416,328 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\magicJackLoader.exe
[2009/12/24 09:52:36 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\magicJackSplash.exe
[2009/08/01 09:12:58 | 000,728,600 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ar00000\install.exe
[2009/08/01 09:11:34 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ar00000\magicJackSplash.exe
[2009/08/01 09:13:26 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ar00000\mjsetup.exe
[2009/12/24 09:52:36 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\in00000\magicJackSplash.exe
[2009/12/24 09:53:58 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\in00000\mjsetup.exe
[2009/12/24 09:58:44 | 006,515,976 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\in00000\setup.exe
[2009/12/24 09:52:36 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\st00000\magicJackSplash.exe
[2009/12/24 09:58:02 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\st00000\mjsetup.exe
[2009/12/24 09:54:02 | 000,730,032 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ug00000\install.exe
[2009/12/24 09:52:36 | 000,441,704 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ug00000\magicJackSplash.exe
[2009/12/24 09:58:44 | 006,515,976 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\ug00000\setup.exe
[2009/12/24 09:54:02 | 000,730,032 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\Upgrade\install2.exe
[2009/12/24 09:58:44 | 006,515,976 | -H-- | M] (magicJack L.P.) -- C:\Documents and Settings\Colin\Application Data\mjusbsp\Upgrade\setup2.exe
[2009/05/31 16:45:01 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Colin\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
[2010/03/19 14:55:07 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\setup.exe
[2010/04/04 08:15:40 | 010,309,448 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
[2010/04/04 08:15:42 | 000,149,000 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
[2010/04/04 08:16:45 | 008,405,312 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010/04/04 08:18:46 | 020,846,064 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
[2010/04/04 08:14:39 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Colin\Application Data\Real\Update\setup3.10\RUP\vista.exe
[2008/07/31 03:30:14 | 052,770,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Colin\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
[2009/06/28 23:26:54 | 000,235,764 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Yamb\MP4Box.exe
[2009/08/19 19:43:52 | 000,128,682 | ---- | M] (http://yamb.unite-video.com) -- C:\Documents and Settings\Colin\Application Data\Yamb\Uninstall.exe
[2009/06/29 05:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Documents and Settings\Colin\Application Data\Yamb\Yamb.exe
[2009/05/03 11:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Documents and Settings\Colin\Application Data\Yamb\eac3to\eac3to.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\config\BackupAfterGoogleVirusBartPEFix\sysdll-copy\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_80FADF59B996DEF517513B0713A4AB06CE0D38E2\iaStor.sys
[2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\config\BackupAfterGoogleVirusBartPEFix\sysdll-copy\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\config\BackupAfterGoogleVirusBartPEFix\sysdll-copy\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/03/21 23:32:43 | 000,064,512 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tsbyuvx.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/04/05 07:17:48 | 000,000,300 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\xxgpnwxb.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/29 05:24:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/29 05:24:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/29 05:24:41 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 4/5/2010 6:48:35 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Colin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 5.71 Gb Free Space | 11.69% Space Free | Partition Type: NTFS
Drive D: | 100.21 Gb Total Space | 5.68 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COLIN-QUAD-CORE
Current User Name: Colin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"85:TCP" = 85:TCP:*:Disabled:BroadWave Web Server
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"D:\Program Files\VideoLAN\VLC\vlc.exe" = D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\altme\altme.exe" = C:\Program Files\altme\altme.exe:*:Enabled:REBOL/View System -- (REBOL Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\downloads\grahans rebol chatter\browser.exe" = D:\downloads\grahans rebol chatter\browser.exe:*:Enabled:REBOL/View System -- (REBOL Technologies)
"D:\downloads\grahans rebol chatter\browser3.exe" = D:\downloads\grahans rebol chatter\browser3.exe:*:Enabled:REBOL/View System -- (REBOL Technologies)
"D:\downloads\grahans rebol chatter\browser4.exe" = D:\downloads\grahans rebol chatter\browser4.exe:*:Enabled:REBOL/View System -- (REBOL Technologies)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" = C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe:*:Enabled:Streaming Audio Server -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent -- File not found
"C:\Documents and Settings\Colin\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Colin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192D726B-C6C0-4478-9F8D-040E56EAAB4D}_is1" = TaggedFrog 1.0.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver B7.1214.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.0 PRO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.0 PRO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CC41E6-A4F5-448E-97DC-A9F254193EC7}" = Zenoté Blur for Vegas
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C40E19E-176A-4B42-AD7B-C472AEC6704F}" = Zenoté Letterbox for Vegas
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŪ Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C0756682-E278-4A92-A327-9FEDEEDFE3C7}" = Zenoté Random for Vegas
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D428F260-DF6E-4D5A-9C8D-5C45CC209FAD}" = Zenoté Grain for Vegas
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3A15FE0-A67B-4E05-853A-46851EAEFBF0}" = Zenoté Glow for Vegas
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD525209-216F-4C25-A9E3-8122273CB42A}}_is1" = Simese 2.0.9 (SwissCenter)
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.6
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.1
"BestPractice" = BestPractice (remove only)
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EffectsLab DV" = EffectsLab DV (remove only)
"ePrompter" = ePrompter
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"Flash Movie Player" = Flash Movie Player 1.5
"FlashDiggerPlus" = FlashDigger Plus
"FlashGet" = FlashGet 1.9.2.1028
"Fraps" = Fraps (remove only)
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v8.2.1
"FXhome PhotoKey 2 Pro Demo" = FXhome PhotoKey 2 Pro Demo (remove only)
"FXhome VisionLab Studio" = FXhome VisionLab Studio (remove only)
"Google Updater" = Google Updater
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"IsoBuster_is1" = IsoBuster 2.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Basic)
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.0
"MediaCoder Audio Edition" = MediaCoder Audio Edition 0.7.2.4515
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Morpheus Photo Animation Suite_is1" = Morpheus Photo Animation Suite v3.10
"Morpheus Photo Morpher_is1" = Morpheus Photo Morpher v3.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = Memorex exPressit Label Design Studio
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetworkActiv PIAFCTM 2.2" = NetworkActiv PIAFCTM 2.2
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Free Effects for Windows" = NewBlue Free Effects for Windows
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"NewBlue Video Essentials II for Windows" = NewBlue Video Essentials II for Windows
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"particleIllusion 3.0" = particleIllusion 3.0
"PassKeeper_is1" = PassKeeper 2.2
"PCSI" = Prevx 3.0
"Picasa 3" = Picasa 3
"POP Peeper" = POP Peeper
"RealPlayer 12.0" = RealPlayer
"Registry Drill4.4" = Registry Drill
"SafeWorlds AltME" = AltME by SafeWorlds
"Silent Package Run-Time Sample" = EPSON ESPR220 Reference Guide
"SkillSoft Course Manager" = SkillSoft Course Manager
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Task Catcher" = Task Catcher
"Traffic Travis_is1" = Traffic Travis 3.0.0
"Trillian" = Trillian
"TurboTax 2009" = TurboTax 2009
"VASST PIPSelection" = VASST PIPSelection 1.2.0
"VASST SubText" = VASST SubText 1.4.0
"VLC media player" = VLC media player 1.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WnBrowse" = WnBrowse 4.6
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XSitePro2" = XSitePro2
"Xvid_is1" = Xvid 1.2.2 final uninstall
"YAMB" = YAMB
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Meebo Notifier" = Meebo Notifier
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 4:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 5:37:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 5:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 6:37:37 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 6:57:36 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 7:37:40 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 7:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 8:37:38 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 8:57:36 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 9:37:37 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 4/5/2010 4:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 5:37:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 5:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 6:37:37 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 6:57:36 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 7:37:40 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 7:57:39 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 8:37:38 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 8:57:36 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

Error - 4/5/2010 9:37:37 PM | Computer Name = COLIN-QUAD-CORE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/4/2010 1:22:56 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%1068

Error - 4/4/2010 1:22:56 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt Fips intelppm

Error - 4/4/2010 1:23:31 AM | Computer Name = COLIN-QUAD-CORE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/4/2010 1:30:18 AM | Computer Name = COLIN-QUAD-CORE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/4/2010 1:32:45 AM | Computer Name = COLIN-QUAD-CORE | Source = DCOM | ID = 10010
Description = The server {AE3A66BB-85FE-49B8-BF7B-4DB4E0005091} did not register
with DCOM within the required timeout.

Error - 4/4/2010 2:12:36 AM | Computer Name = COLIN-QUAD-CORE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/4/2010 11:33:51 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 4/4/2010 11:33:51 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 4/5/2010 10:18:02 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 4/5/2010 10:18:02 AM | Computer Name = COLIN-QUAD-CORE | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053


< End of report >
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3958

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/5/2010 6:43:10 PM
mbam-log-2010-04-05 (18-43-10).txt

Scan type: Quick scan
Objects scanned: 119784
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 06 April 2010 - 08:23 AM

I ran the gmer scan overnight and when I clicked SAVE, the PC went to 100% CPU and it won't respond.
Any ideas on what I should try next?

#5 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 06 April 2010 - 12:36 PM

Hi,

Please follow these steps.

-- Step 1 --

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent malware removal tools from fixing certain things.
Please disable TeaTimer for now until you are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

-- Step 2 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\Shell\AutoRun\command - "" = N:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\Shell\Setup FlipShare\command - "" = N:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\Shell\phone\command - "" = N:\autorun.exe -- File not found
[2010/04/05 07:17:48 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\xxgpnwxb.job
[2010/03/21 23:32:43 | 000,064,512 | RHS- | M] () -- C:\WINDOWS\System32\tsbyuvx.dll
[2010/03/21 14:43:26 | 000,000,156 | ---- | M] () -- C:\WINDOWS\System32\-1

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 3 --

Download RootRepeal from one of the following locations and save it to your desktop:
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT

  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

#6 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 06 April 2010 - 12:59 PM

Thanks - I will work on that today.
Just a note, rootrepeal has never worked on my PC.
It just displays the initialization message and them hangs.

#7 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 06 April 2010 - 01:33 PM

OK, let's try an alternative to RootRepeal.

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

#8 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 06 April 2010 - 01:37 PM

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c451a9c-ed20-11de-92a3-000000000000}\ not found.
File N:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c451a9c-ed20-11de-92a3-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c451a9c-ed20-11de-92a3-000000000000}\ not found.
File N:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7253e0b4-1d0f-11df-92cb-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7253e0b4-1d0f-11df-92cb-000000000000}\ not found.
File N:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7253e0b4-1d0f-11df-92cb-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7253e0b4-1d0f-11df-92cb-000000000000}\ not found.
File N:\autorun.exe not found.
C:\WINDOWS\tasks\xxgpnwxb.job moved successfully.
C:\WINDOWS\system32\tsbyuvx.dll moved successfully.
C:\WINDOWS\system32\-1 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Colin
->Temp folder emptied: 2666478 bytes
->Temporary Internet Files folder emptied: 7021041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79446679 bytes
->Google Chrome cache emptied: 40850600 bytes
->Flash cache emptied: 11801 bytes

User: COLIN-QUAD-CORE

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 2038392 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 822 bytes

User: NetworkService
->Temp folder emptied: 2033772 bytes
->Temporary Internet Files folder emptied: 704179 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2257714 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1648 bytes

Total Files Cleaned = 131.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Colin
->Flash cache emptied: 0 bytes

User: COLIN-QUAD-CORE

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04062010_121219

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Colin\Local Settings\Temp\Perflib_Perfdata_cdc.dat not found!
File\Folder C:\Documents and Settings\Colin\Local Settings\Temp\Perflib_Perfdata_da8.dat not found!
C:\Documents and Settings\Colin\Local Settings\Temp\~DF3BB7.tmp moved successfully.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_154.dat not found!
File\Folder C:\WINDOWS\temp\ZLT04bce.TMP not found!

Registry entries deleted on Reboot...

#9 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 06 April 2010 - 01:51 PM

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1156
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1324
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1384
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PID: 1512
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1552
Hidden: No
Window Visible: No

Name: C:\Program Files\Ahead\InCD\InCDsrv.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 364
Hidden: No
Window Visible: No

Name: C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PID: 732
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 124
Hidden: No
Window Visible: No

Name: C:\Program Files\Prevx\prevx.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe
PID: 1584
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 2000
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 340
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 728
Hidden: No
Window Visible: No

Name: C:\Program Files\Prevx\prevx.exe
PID: 2244
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 2880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2908
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 3944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 4028
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Google Talk\googletalk.exe
PID: 4036
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\Program Files\GIGABYTE\GEST\gest.exe
PID: 4068
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 260
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 992
Hidden: No
Window Visible: No

Name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 1012
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PID: 2424
Hidden: No
Window Visible: No

Name: C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
PID: 2484
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Microsoft Security Essentials\msseces.exe
PID: 2572
Hidden: No
Window Visible: No

Name: C:\Program Files\TaggedFrog\TaggedFrog.exe
PID: 2820
Hidden: No
Window Visible: No

Name: C:\Program Files\GIGABYTE\GEST\GSvr.exe
PID: 2852
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
PID: 3128
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3364
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 2772
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 3388
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 3436
Hidden: No
Window Visible: No

Name: C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PID: 272
Hidden: No
Window Visible: No

Name: D:\Program Files\Snagit\SnagIt32.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 3828
Hidden: No
Window Visible: No

Name: D:\Program Files\Snagit\TscHelp.exe
PID: 3888
Hidden: No
Window Visible: No

Name: D:\Program Files\Snagit\SnagPriv.exe
PID: 2416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PID: 2580
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 3896
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 3136
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 3608
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 3748
Hidden: No
Window Visible: No

Name: C:\Program Files\WinRAR\WinRAR.exe
PID: 2512
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PID: 3800
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Colin\Desktop\SysProt.exe
PID: 3556
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Colin\Desktop\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: ADC35000
Module End: ADC40000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E2000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E2000
Module End: 80702D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BADA8000
Module End: BADAA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BACB8000
Module End: BACBB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: BA779000
Module End: BA7A7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BADAA000
Module End: BADAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: BA768000
Module End: BA779000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA8A8000
Module End: BA8B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BAE70000
Module End: BAE71000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BAB28000
Module End: BAB2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA8B8000
Module End: BA8C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: BA749000
Module End: BA768000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BADAC000
Module End: BADAE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: BA723000
Module End: BA749000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BAB30000
Module End: BAB35000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pxscan.sys
Service Name: pxscan
Module Base: BA8C8000
Module End: BA8D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA8D8000
Module End: BA8E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: BA70B000
Module End: BA723000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: BA632000
Module End: BA70B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\jraid.tsk
Service Name: JRAID
Module Base: BA8E8000
Module End: BA8F8000
Hidden: No

Module Name: \WINDOWS\system32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: BA61A000
Module End: BA632000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA8F8000
Module End: BA901000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA908000
Module End: BA915000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: BA5FA000
Module End: BA61A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: BA5E8000
Module End: BA5FA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pxsec.sys
Service Name: pxsec
Module Base: BA918000
Module End: BA922000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: BA928000
Module End: BA937000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA938000
Module End: BA942000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: BA5D1000
Module End: BA5E8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: BA544000
Module End: BA5D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: BA517000
Module End: BA544000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: BA948000
Module End: BA957000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: BA958000
Module End: BA965000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: BA4FC000
Module End: BA517000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: BAAA8000
Module End: BAAB8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA9C8000
Module End: BA9D1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B969D000
Module End: B9CDE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B9689000
Module End: B969D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BAC30000
Module End: BAC35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B9666000
Module End: B9689000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BAC40000
Module End: BAC47000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B9641000
Module End: B9666000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Service Name: RTLE8023xp
Module Base: B9628000
Module End: B9641000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BAC48000
Module End: BAC4F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: BA9D8000
Module End: BA9E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA4C0000
Module End: BA4C4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B9614000
Module End: B9628000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA9E8000
Module End: BA9F3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA9F8000
Module End: BAA08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BA1A2000
Module End: BA1B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B95F1000
Module End: B9614000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA4BC000
Module End: BA4BF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\InCDPass.sys
Service Name: InCDPass
Module Base: BAC38000
Module End: BAC40000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\incdrm.SYS
Service Name: incdrm
Module Base: BAC50000
Module End: BAC57000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BAF4A000
Module End: BAF4B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BAA08000
Module End: BAA15000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA49C000
Module End: BA49F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B95DA000
Module End: B95F1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BAA18000
Module End: BAA23000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BAA28000
Module End: BAA34000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BAC58000
Module End: BAC5D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B95C9000
Module End: B95DA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BAA38000
Module End: BAA41000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BAC60000
Module End: BAC65000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BAC68000
Module End: BAC6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\PIAFCTM.sys
Service Name: PIAFCTM
Module Base: BA48C000
Module End: BA490000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B9598000
Module End: B95C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BAA48000
Module End: BAA52000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BAC70000
Module End: BAC76000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BAC78000
Module End: BAC7E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mcdbus.sys
Service Name: mcdbus
Module Base: B9553000
Module End: B9570000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BADD6000
Module End: BADD8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B94FA000
Module End: B9553000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA478000
Module End: BA47C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: BAC80000
Module End: BAC85000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B9D3E000
Module End: B9D48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BAA58000
Module End: BAA67000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BADF8000
Module End: BADFA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: B5CEF000
Module End: B617B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B5CCD000
Module End: B5CEF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BAB08000
Module End: BAB17000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: B106C000
Module End: B108F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BADEE000
Module End: BADF0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BAF06000
Module End: BAF07000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BADF0000
Module End: BADF2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: AF547000
Module End: AF54E000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: AF53F000
Module End: AF545000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BADF2000
Module End: BADF4000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BADF6000
Module End: BADF8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Service Name: InCDrec
Module Base: BADFE000
Module End: BAE00000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\InCDfs.SYS
Service Name: InCDfs
Module Base: AE750000
Module End: AE768000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: AF537000
Module End: AF53C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: AF52F000
Module End: AF537000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: AF7D8000
Module End: AF7DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AE73D000
Module End: AE750000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AE6E5000
Module End: AE73D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AE6BD000
Module End: AE6E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AE69C000
Module End: AE6BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: AFAA7000
Module End: AFAB0000
Hidden: No

Module Name: C:\WINDOWS\System32\vsdatant.sys
Service Name: vsdatant
Module Base: AE60C000
Module End: AE69C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: AE822000
Module End: AE831000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AE5EA000
Module End: AE60C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: AE812000
Module End: AE81B000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: AE5C9000
Module End: AE5EA000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: AF527000
Module End: AF52D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AE59E000
Module End: AE5C9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AE52F000
Module End: AE59E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: AE802000
Module End: AE80B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\BANTExt.sys
Service Name: BANTExt
Module Base: BAEC8000
Module End: BAEC9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: AE7E2000
Module End: AE7F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: AF517000
Module End: AF51F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: AF50F000
Module End: AF516000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: AE7D2000
Module End: AE7E1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: AF507000
Module End: AF50E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: AE89E000
Module End: AE8A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: AE7C2000
Module End: AE7CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: AE89A000
Module End: AE89D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B2E0F000
Module End: B2E13000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: B2162000
Module End: B2166000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_JRAID.sys
Service Name: ---
Module Base: AE7B2000
Module End: AE7C2000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B958C000
Module End: B958F000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: AE874000
Module End: AE879000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BAECC000
Module End: BAECD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AFF93000
Module End: AFF97000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: AE185000
Module End: AE1A8000
Hidden: No

Module Name: \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
Service Name: ISWKL
Module Base: B6DED000
Module End: B6DF5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AE0B9000
Module End: AE0E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AE07C000
Module End: AE091000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AFB07000
Module End: AFB16000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: BADDC000
Module End: BADDE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: ADCB5000
Module End: ADD0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: AD664000
Module End: AD6A5000
Hidden: No

Module Name: \??\C:\WINDOWS\gdrv.sys
Service Name: gdrv
Module Base: AD6C1000
Module End: AD6C4000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys
Service Name: ET5Drv
Module Base: B2248000
Module End: B224D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\hitmanpro35.sys
Service Name: hitmanpro35
Module Base: ACAA6000
Module End: ACAA9000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: BABF0000
Module End: BABF6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: AC94B000
Module End: AC976000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: BA91A280
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

Function Name: ZwConnectPort
Address: AE640630
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateFile
Address: AE639D80
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateKey
Address: AE65E070
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreatePort
Address: AE640E40
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateProcess
Address: AE657D30
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateProcessEx
Address: AE658150
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateSection
Address: AE662240
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateThread
Address: BA91A2C0
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

Function Name: ZwCreateWaitablePort
Address: AE640FB0
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteFile
Address: AE63AC60
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteKey
Address: AE65F780
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteValueKey
Address: AE65F160
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDuplicateObject
Address: AE656E70
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwLoadKey
Address: AE660080
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwLoadKey2
Address: AE6602B0
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenFile
Address: AE63A750
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenProcess
Address: AE65A450
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenThread
Address: AE65A020
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwProtectVirtualMemory
Address: BA91A320
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

Function Name: ZwRenameKey
Address: AE661430
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwReplaceKey
Address: AE660A40
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwRequestWaitReplyPort
Address: AE640180
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwRestoreKey
Address: AE6610D0
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSecureConnectPort
Address: AE640910
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetContextThread
Address: BA91A240
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

Function Name: ZwSetInformationFile
Address: AE63B080
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetSecurityObject
Address: AE6618E0
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetValueKey
Address: AE65E970
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSystemDebugControl
Address: AE658D20
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwTerminateProcess
Address: AE658A50
Driver Base: AE60C000
Driver End: AE69C000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwTerminateThread
Address: BA91A370
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

Function Name: ZwWriteVirtualMemory
Address: BA91A3B0
Driver Base: BA918000
Driver End: BA922000
Driver Name: pxsec.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: AE66E3B0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: AE66E3B0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: AE66E3B0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: AE66E3B0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: AE66E3B0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COLIN-QUAD-CORE.WMC:1224
Remote Address: 208.81.191.110:HTTPS
Type: TCP
Process: C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE.WMC:1223
Remote Address: 208.81.191.110:HTTPS
Type: TCP
Process: C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
State: CLOSE_WAIT

Local Address: COLIN-QUAD-CORE.WMC:1199
Remote Address: PX-IN-F101.1E100.NET:HTTP
Type: TCP
Process: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE.WMC:1099
Remote Address: CPE-76-84-49-5.NEB.RES.RR.COM:47119
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE.WMC:1098
Remote Address: PX-IN-F125.1E100.NET:5222
Type: TCP
Process: C:\Program Files\Google\Google Talk\googletalk.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE.WMC:1067
Remote Address: ADS.EFAX.COM:HTTPS
Type: TCP
Process: C:\Program Files\eFax Messenger 4.4\J2GTray.exe
State: CLOSE_WAIT

Local Address: COLIN-QUAD-CORE.WMC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COLIN-QUAD-CORE:27015
Remote Address: LOCALHOST:1046
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:1046
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: COLIN-QUAD-CORE:1031
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:41226
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COLIN-QUAD-CORE:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE:SMTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: COLIN-QUAD-CORE.WMC:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COLIN-QUAD-CORE.WMC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COLIN-QUAD-CORE.WMC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COLIN-QUAD-CORE.WMC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COLIN-QUAD-CORE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COLIN-QUAD-CORE:1066
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: COLIN-QUAD-CORE:1048
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Colin\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
State: NA

Local Address: COLIN-QUAD-CORE:1038
Remote Address: NA
Type: UDP
Process: C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
State: NA

Local Address: COLIN-QUAD-CORE:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COLIN-QUAD-CORE:41226
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: COLIN-QUAD-CORE:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COLIN-QUAD-CORE:3456
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: NA

Local Address: COLIN-QUAD-CORE:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COLIN-QUAD-CORE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COLIN-QUAD-CORE:HTTPS
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{4DC18607-5537-4240-A770-F0F33528A1A4}
Status: Access denied

Object: C:\Documents and Settings\All Users\Start Menu\Programs\Replay capture
Status: Hidden

#10 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 06 April 2010 - 02:06 PM

Hi,

How's you computer running? Still being redirected?

#11 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 06 April 2010 - 03:36 PM

Wow - it is not redirecting right now.
I'm going to run extensive tests on chrome, IE and Firefox and let you know.

What file or service do you suspect was hijacking the results?

Thanks a lot!!!

#12 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 07 April 2010 - 11:07 AM

I tested IE, Chrome and FF on Bing Yahoo and Google.
All the organic search results are working. Woohoo!
However, something strange is happening to the paid search results like Adwords.
Most of the times they don't work.
In FFox, it usually tries to go somewhere and just doesnt.
In Chrome I'm getting broken links pointing to googleadservices.com and
IE I get a similar result.
I don't think its a virus or malware and suspect its something in my hosts that is causing this, but that is only a guess.

#13 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 07 April 2010 - 11:51 AM

Hi,

Let's run a scan for remnants.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan spyware, adware, diallers and other riskware
      Scan Archives
      Scan E-mail databases

  • Click Save
  • Now under Scan
      Select My Computer

  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report

  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

#14 outta-google

  • Group: Member
  • Posts: 12
  • Joined: 05-April 10

Posted 07 April 2010 - 10:00 PM

Here are the results.
There are infected files that I was aware of but they are in compressed or zipped files
It doesn't seem to say that the PC is infected.
==========================================
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, April 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, April 07, 2010 14:57:43
Records in database: 3917951
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Objects scanned: 208348
Threats found: 3
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 07:39:29


File name / Threat / Threats count
C:\Documents and Settings\Colin\My Documents\Any Video Converter Professional\AVI\usb blue backup\perrymarshalladwordsdefguide\adwordsbonus\saleslettercreatorresell.zip Infected: Trojan-Clicker.JS.Iframe.cb 21
H:\downloads\plugins for vegas\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.l 1
H:\downloads\plugins for vegas\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar Infected: Trojan-PSW.Win32.WOW.bje 1
H:\downloads\Vasst3.0.3\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3\UltimateS3Installer-3.0.3.exe Infected: Trojan-PSW.Win32.WOW.bje 1
H:\downloads\Vasst3.0.3\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.l 1
H:\downloads\Vasst3.0.3\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar Infected: Trojan-PSW.Win32.WOW.bje 1

Selected area has been scanned.

#15 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 08 April 2010 - 06:34 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Documents and Settings\Colin\My Documents\Any Video Converter Professional\AVI\usb blue backup\perrymarshalladwordsdefguide\adwordsbonus\saleslettercreatorresell.zip
H:\downloads\plugins for vegas\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar
H:\downloads\Vasst3.0.3\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3.rar
H:\downloads\Vasst3.0.3\VASST Ultimate S 3.0.3 !The Ultimate Plug-in For Sony Vegas 6 & 7 Software 3.0.3\UltimateS3Installer-3.0.3.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done


Then...

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

Share this topic:


  • 2 Pages +
  • 1
  • 2