Possible Malware or Virus

popnjaye · December 2, 2010

My computer has started acting strangely and I think it might be infected by something. I'm not very good at tech stuff so I hope you can help me.

First of all, on startup, there is an unusally long black screen loading after I log into my profile. After that, programs which normally run at startup are failing to load. This includes windows notification services, msn messenger, avast realtime shields and steam. Attempting to turn on the realtime shields of avast does nothing. I also cannot connect to the internet, as each time I attempt to connect it says connection terminated.

I used another computer to get malwarebytes. I also copied the updated rules file to the infected computer. The malwarebytes scan crashes after about 5 minutes. The happens consistantly. The file that it was scanning when i crashed last time was:

c:\\windows\system32\vds.exe.

I have run a full scan with avast turning up no results. Also tdsskiller returned no results. I ran rkill and it came up with these processes terminated:

c:\\windows\system32\DllHost.exe

c:\\windows\system32\conime.exe

Also I attempted to do a system restore, but I was told that I couldn't do one for an unspecified reason.

Also I can't remember what it was, but I tried to do something and windows told me I couldn't access my host files or something. Not sure if it is relevant.

Also I can't start the windows firewall service, but I don't know if that's because I have zone alarm also installed.

That's about all the info I have! Hope you can help!

Jaye

Elise · December 2, 2010

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the Quick Scan button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

extract RKUnhooker to your desktop
- Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
  you can get a free one from here -
http://www.7-zip.org/

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)
RKU log

Thanks and again sorry for the delay.

popnjaye · December 4, 2010

Hey thanks for the reply. Here are the OTL log, Extra and RKU Report. I also tried to run GMER but it caused a blue screen crash. Hope you can help!

DDS

DDS (Ver_10-11-27.01) - NTFSx86

Run by Jaye at 13:46:45.65 on 04/12/2010 Sat

Internet Explorer: 7.0.6002.18005

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\ZoneLabs\vsmon.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\System Control Manager\MSIService.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

D:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Users\Jaye\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14200&l=dis

uDefault_Page_URL = hxxp://www.msi.com

mDefault_Page_URL = hxxp://www.msi.com.tw

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [AdobeBridge]

uRun: [steam] "d:\program files\steam\steam.exe" -silent

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Mobile Partner] "d:\program files\3 mobile broadband\3 Mobile Broadband.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe

mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [skytel] c:\program files\realtek\audio\hda\Skytel.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - d:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-29 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-29 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-29 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-4-8 159744]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-7-3 9216]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-4-8 54784]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-6-27 101120]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-4-8 45600]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-15 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]

R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-8-7 31616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\dragon age\bin_ship\daupdatersvc.service.exe [2010-8-22 25832]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-11-24 113664]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-13 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-16 38224]

S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-4-8 3658752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-01 23:47:13 -------- d-----w- C:\TDSSKiller_Quarantine

2010-11-30 15:24:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{526c7bcb-f47a-41ec-932f-cd43451ffb34}\mpengine.dll

2010-11-25 13:44:01 15256 ----a-w- c:\users\jaye\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll

2010-11-18 01:01:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-10-18 23:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll

2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

============= FINISH: 13:47:26.37 ===============

popnjaye · December 4, 2010

OTL logfile created on: 4/12/2010 1:59:13 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jaye\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43.95 Gb Total Space | 0.93 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Drive D: | 246.33 Gb Total Space | 0.64 Gb Free Space | 0.26% Space Free | Partition Type: NTFS

Drive E: | 14.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 1.84 Gb Total Space | 0.72 Gb Free Space | 39.31% Space Free | Partition Type: FAT

Computer Name: JAYE-PC | User Name: Jaye | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe

PRC - [2010/09/08 02:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/27 03:09:15 | 000,110,592 | ---- | M] () -- D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe

PRC - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe

PRC - [2010/06/23 14:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010/03/27 06:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe

PRC - [2010/02/22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/01/17 07:58:56 | 000,708,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe

PRC - [2008/11/12 14:42:42 | 006,687,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

PRC - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe

PRC - [2008/05/24 10:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2008/05/14 12:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/04/16 11:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/04/15 17:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2008/04/01 13:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2008/01/21 13:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/09/29 10:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

========== Modules (SafeList) ==========

MOD - [2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe

MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/08 02:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/09/05 10:21:42 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/06/23 14:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/03/29 20:40:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/11/06 03:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)

SRV - [2008/05/23 16:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008/04/16 11:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/12 19:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smserial.sys -- (smserial)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake)

DRV - [2010/09/08 01:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/08 01:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/08 01:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/08 01:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/08 01:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2010/04/29 16:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/03/16 19:55:13 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2010/03/16 19:55:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009/12/08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/12/07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009/10/12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009/08/09 22:17:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2008/11/11 20:15:12 | 002,236,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/10/31 14:00:00 | 007,431,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/09/24 19:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/07/28 18:53:00 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/07/15 19:38:00 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)

DRV - [2008/06/28 06:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2008/06/12 12:28:00 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)

DRV - [2008/05/14 10:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2008/05/02 16:59:00 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/29 04:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/04/28 09:29:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/04/24 11:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2008/04/16 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2008/03/26 07:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2008/03/20 05:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2008/01/23 14:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/12/27 12:17:14 | 000,021,760 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2007/12/27 12:15:30 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2007/12/27 12:14:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2007/11/30 03:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007/03/19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)

DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 18:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2005/01/07 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com

IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14200&l=dis

IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/06/15 15:16:22 | 000,001,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Mobile Partner] D:\Program Files\3 Mobile Broadband\3 Mobile Broadband.exe ()

O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-1016934384-1885933234-2010409476-1000..\Run: [steam] d:\program files\steam\steam.exe (Valve Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O13 - gopher Prefix: missing

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/05/29 12:48:52 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell - "" = AutoRun

O33 - MountPoints2\{3ffb37b6-dd0f-11df-a039-0024216c61f5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\AutoRun\command - "" = a2g21.exe

O33 - MountPoints2\{4473788b-c3dd-11de-9aff-0024216c61f5}\Shell\open\Command - "" = a2g21.exe

O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell - "" = AutoRun

O33 - MountPoints2\{554b5f5d-d9b5-11de-b8c3-001e101fcbf4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found

O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun

O33 - MountPoints2\{79a3eda6-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell - "" = AutoRun

O33 - MountPoints2\{79a3edb2-791a-11df-86e0-0024216c61f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell - "" = AutoRun

O33 - MountPoints2\{7b8c77a1-94da-11df-973c-0022fba99af0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/24 05:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell - "" = AutoRun

O33 - MountPoints2\{f1c2f763-d754-11de-9c17-0024216c61f5}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found

O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell - "" = AutoRun

O33 - MountPoints2\{f1c2f76b-d754-11de-9c17-001e101f2a27}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 13:44:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe

[2010/12/02 10:47:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010/11/29 21:19:15 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (4)

[2010/11/19 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\New Folder (3)

[2010/11/18 12:08:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/11/12 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\CrossOverCon.pdf

[2010/11/11 05:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jaye\Desktop\Professor Green - Alive Till Im Dead!www.MusicPlaaza.com!

[2008/08/14 08:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000130616

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/04 13:47:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/04 13:47:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/04 13:43:28 | 000,629,057 | ---- | M] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar

[2010/12/04 13:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jaye\Desktop\OTL.exe

[2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/12/04 12:57:59 | 000,073,040 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/12/04 12:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/02 15:34:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/02 13:34:07 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/02 13:34:06 | 324,951,513 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/02 13:20:38 | 000,000,176 | ---- | M] () -- C:\Users\Jaye\defogger_reenable

[2010/12/02 13:16:58 | 000,296,448 | ---- | M] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe

[2010/12/02 13:16:36 | 000,050,477 | ---- | M] () -- C:\Users\Jaye\Desktop\Defogger.exe

[2010/12/02 13:16:28 | 000,630,272 | ---- | M] () -- C:\Users\Jaye\Desktop\dds.scr

[2010/12/02 03:27:53 | 000,001,356 | ---- | M] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat

[2010/12/01 16:16:57 | 003,973,792 | ---- | M] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3

[2010/12/01 13:21:48 | 005,863,552 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3

[2010/12/01 13:21:48 | 000,168,364 | ---- | M] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk

[2010/12/01 02:37:48 | 000,175,104 | ---- | M] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/30 21:29:50 | 000,161,513 | ---- | M] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht

[2010/11/30 19:27:16 | 000,349,806 | ---- | M] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg

[2010/11/30 17:39:53 | 008,753,292 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.ai

[2010/11/30 17:36:09 | 000,395,229 | ---- | M] () -- C:\Users\Jaye\Desktop\crossoverad.png

[2010/11/30 17:34:50 | 000,042,095 | ---- | M] () -- C:\Users\Jaye\Desktop\pokitpalad.png

[2010/11/30 04:08:32 | 000,014,623 | ---- | M] () -- C:\Users\Jaye\Desktop\price.xlsx

[2010/11/30 02:43:55 | 003,331,504 | ---- | M] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3

[2010/11/29 14:33:57 | 000,058,274 | ---- | M] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf

[2010/11/27 12:38:18 | 000,318,267 | ---- | M] () -- C:\Users\Jaye\Desktop\jo1.png

[2010/11/26 23:24:34 | 000,028,672 | ---- | M] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc

[2010/11/26 23:23:04 | 002,798,592 | ---- | M] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc

[2010/11/25 23:51:05 | 000,264,543 | ---- | M] () -- C:\Users\Jaye\Desktop\bboy workshops2.png

[2010/11/24 17:42:43 | 003,748,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/23 00:14:22 | 008,450,615 | ---- | M] () -- C:\Users\Jaye\Desktop\nicola.mp3

[2010/11/19 21:37:07 | 015,166,206 | ---- | M] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv

[2010/11/18 21:58:12 | 000,208,208 | ---- | M] () -- C:\Users\Jaye\Desktop\united096.jpg

[2010/11/16 10:47:19 | 001,147,473 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.ai

[2010/11/15 00:59:09 | 001,364,522 | ---- | M] () -- C:\Users\Jaye\Desktop\wrar393.exe

[2010/11/14 22:01:51 | 007,334,440 | ---- | M] () -- C:\Users\Jaye\Desktop\robrich.wmv

[2010/11/14 17:17:36 | 002,730,469 | ---- | M] () -- C:\Users\Jaye\Desktop\pania012.jpg

[2010/11/14 17:17:14 | 000,002,743 | ---- | M] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf

[2010/11/14 16:05:41 | 000,032,463 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion2.png

[2010/11/13 20:03:01 | 000,028,628 | ---- | M] () -- C:\Users\Jaye\Desktop\funktion.png

[2010/11/13 12:37:13 | 008,855,559 | ---- | M] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3

[2010/11/12 15:32:21 | 000,008,115 | ---- | M] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht

[2010/11/12 12:45:59 | 000,000,213 | ---- | M] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences

[2010/11/11 03:52:34 | 001,622,345 | ---- | M] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht

[2010/11/09 17:23:52 | 000,059,392 | ---- | M] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM

[2010/11/09 16:03:32 | 000,133,632 | ---- | M] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc

[2010/11/04 15:43:25 | 000,000,165 | -H-- | M] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/04 13:44:42 | 000,629,057 | ---- | C] () -- C:\Users\Jaye\Desktop\RkU3.8.388.590.rar

[2010/12/02 13:27:09 | 000,296,448 | ---- | C] () -- C:\Users\Jaye\Desktop\ytx2k2rm.exe

[2010/12/02 13:27:05 | 000,630,272 | ---- | C] () -- C:\Users\Jaye\Desktop\dds.scr

[2010/12/02 13:20:04 | 000,000,176 | ---- | C] () -- C:\Users\Jaye\defogger_reenable

[2010/12/02 13:19:39 | 000,050,477 | ---- | C] () -- C:\Users\Jaye\Desktop\Defogger.exe

[2010/12/02 12:17:32 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys

[2010/12/01 16:15:59 | 003,973,792 | ---- | C] () -- C:\Users\Jaye\Desktop\02 Again & Again.mp3

[2010/12/01 13:21:31 | 000,168,364 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3.sfk

[2010/12/01 13:20:25 | 005,863,552 | ---- | C] () -- C:\Users\Jaye\Desktop\Wonder Girls - Irony.mp3

[2010/11/30 21:29:49 | 000,161,513 | ---- | C] () -- C:\Users\Jaye\Desktop\Application for Australian Business Number.mht

[2010/11/30 19:27:15 | 000,349,806 | ---- | C] () -- C:\Users\Jaye\Desktop\pop_101105_b.jpg

[2010/11/30 17:39:42 | 008,753,292 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.ai

[2010/11/30 17:36:02 | 000,395,229 | ---- | C] () -- C:\Users\Jaye\Desktop\crossoverad.png

[2010/11/30 17:34:45 | 000,042,095 | ---- | C] () -- C:\Users\Jaye\Desktop\pokitpalad.png

[2010/11/30 15:28:12 | 008,450,615 | ---- | C] () -- C:\Users\Jaye\Desktop\nicola.mp3

[2010/11/30 02:42:27 | 003,331,504 | ---- | C] () -- C:\Users\Jaye\Desktop\Tom Jones - Sex Bomb.mp3

[2010/11/26 23:24:34 | 000,028,672 | ---- | C] () -- C:\Users\Jaye\Desktop\Multidate_adventure_passport_intro.doc

[2010/11/26 23:23:03 | 002,798,592 | ---- | C] () -- C:\Users\Jaye\Desktop\GG18338_-_Crossover_Dance_Studios.doc

[2010/11/25 23:50:54 | 000,264,543 | ---- | C] () -- C:\Users\Jaye\Desktop\bboy workshops2.png

[2010/11/19 21:36:15 | 015,166,206 | ---- | C] () -- C:\Users\Jaye\Desktop\tmb 19-11-10.wmv

[2010/11/18 21:58:12 | 000,208,208 | ---- | C] () -- C:\Users\Jaye\Desktop\united096.jpg

[2010/11/16 22:21:57 | 000,318,267 | ---- | C] () -- C:\Users\Jaye\Desktop\jo1.png

[2010/11/15 00:58:59 | 001,364,522 | ---- | C] () -- C:\Users\Jaye\Desktop\wrar393.exe

[2010/11/14 21:58:03 | 007,334,440 | ---- | C] () -- C:\Users\Jaye\Desktop\robrich.wmv

[2010/11/14 18:19:44 | 000,058,274 | ---- | C] () -- C:\Users\Jaye\Desktop\PokitPal_Specs.pdf

[2010/11/14 17:17:14 | 000,002,743 | ---- | C] () -- C:\Users\Jaye\Desktop\Inv00000411.pdf

[2010/11/14 17:17:09 | 002,730,469 | ---- | C] () -- C:\Users\Jaye\Desktop\pania012.jpg

[2010/11/14 16:05:36 | 000,032,463 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion2.png

[2010/11/14 12:39:42 | 001,147,473 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.ai

[2010/11/13 20:02:36 | 000,028,628 | ---- | C] () -- C:\Users\Jaye\Desktop\funktion.png

[2010/11/13 12:35:19 | 008,855,559 | ---- | C] () -- C:\Users\Jaye\Desktop\aaliyah - rock the boat.mp3

[2010/11/12 15:32:20 | 000,008,115 | ---- | C] () -- C:\Users\Jaye\Desktop\Dimensions Of A Paper Sizes - A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10 - In Inches & mm.mht

[2010/11/11 04:57:36 | 001,622,345 | ---- | C] () -- C:\Users\Jaye\Desktop\Amazing Photoshop light effect in 10 Steps _ Abduzeedo _ Graphic Design Inspiration and Photoshop Tutorials.mht

[2010/11/09 17:22:12 | 000,059,392 | ---- | C] () -- C:\Users\Jaye\Desktop\Untitled.MSWMM

[2010/11/09 16:03:32 | 000,133,632 | ---- | C] () -- C:\Users\Jaye\Desktop\application_for_Audition[kor_eg].doc

[2010/11/04 15:43:25 | 000,000,165 | -H-- | C] () -- C:\Users\Jaye\Desktop\~$price (Autosaved).xlsx

[2010/06/03 08:01:35 | 000,001,356 | ---- | C] () -- C:\Users\Jaye\AppData\Local\d3d9caps.dat

[2010/04/29 14:04:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/03/16 19:55:13 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2010/03/16 19:55:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010/02/02 01:18:54 | 000,000,213 | ---- | C] () -- C:\Users\Jaye\AppData\Roaming\onyx 3 preferences

[2009/12/31 00:55:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/09/24 17:40:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/08 03:49:34 | 000,175,104 | ---- | C] () -- C:\Users\Jaye\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/07 17:58:18 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2009/04/08 06:08:28 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/04/08 06:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2009/04/08 05:33:38 | 000,073,040 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2007/12/22 10:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/07/23 15:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/09/14 00:34:28 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\.minecraft

[2010/08/04 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Any Video Converter

[2010/06/20 03:20:55 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Braid

[2010/06/20 03:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Broken Rules

[2010/06/20 03:38:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Crayon Physics Deluxe

[2009/08/09 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\DAEMON Tools Lite

[2010/08/17 08:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Desktopicon

[2009/12/09 02:58:09 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\FrostWire

[2010/06/07 23:01:30 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\GetRightToGo

[2009/09/14 06:01:18 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\LG Electronics

[2010/06/20 03:23:56 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Mount&Blade

[2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\NetMedia Providers

[2010/01/25 00:38:26 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Nifflas

[2010/04/29 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Opera

[2009/10/19 15:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Publish Providers

[2009/08/31 02:00:04 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3

[2009/10/24 06:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Red Alert 3 Uprising

[2009/11/21 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\runic games

[2009/09/16 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ScummVM

[2009/10/19 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Sony

[2010/03/16 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Ubisoft

[2010/07/30 14:56:52 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\uTorrent

[2009/11/24 16:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\Vodafone

[2010/07/03 16:58:47 | 000,000,000 | ---D | M] -- C:\Users\Jaye\AppData\Roaming\ZombieDriver

[2010/11/18 12:22:06 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

popnjaye · December 4, 2010