Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCHP Redirect - Netsky Server


  • This topic is locked This topic is locked
2 replies to this topic

#1 socaliber

socaliber

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 03 May 2010 - 01:20 PM

Greetings,

Thank you in advance for your assistance!

I have discovered that my DCHP settings have been rerouted to IP addresses known to be affiliated with the Netsky Worm/Trojan.

(209.18.47.61 209.18.47.62)

In addition, have noted seeing certain config. and XML files associated with Server 2008 enterprise system on my computer.

According to OTL, when booting in safe mode there are two different sets of drivers loading.

There are over 1300 files named "Channel_0" on my computer. A google search revealed that these files are associated with RSS feeds of which I have willingly subscibed to any.

I was able to recently gain dos access, not sure if this is possible now, and noted the presence of a RAM Drive Drive X: on my system.

I am not able to run GMER as it says it can not find the config/system file or it is currently in use.

Having thrown just about every online virus/Malware scan in the book at this thing yields no results.

Here are the recent DDS and OTL scans:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2010 13:05:35
System Uptime: 5/3/2010 04:06:15 (6 hours ago)

Motherboard: MSI | | G41TM-E43 (MS-7592)
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2203/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 436.885 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP22: 4/27/2010 21:55:17 - avast! Free Antivirus Setup
RP23: 4/27/2010 22:08:41 - Windows Update
RP24: 4/27/2010 22:31:39 - Windows Update
RP25: 4/28/2010 15:31:52 - Removed Microsoft Easy Assist v2
RP26: 4/28/2010 16:50:58 - Cleaned registry with Windows Live OneCare safety scanner
RP27: 4/28/2010 20:47:18 - Installed Sophos pcclie-i Cleanup Tool.
RP28: 4/28/2010 23:32:28 - Windows Update
RP29: 4/29/2010 08:05:48 - Windows Update
RP30: 4/30/2010 13:59:08 - Windows Update
RP31: 4/30/2010 17:01:00 - Installed Viewfinity User Migration.
RP32: 4/30/2010 17:04:08 - Installed Microsoft Deployment Toolkit 2010 (5.0.1641.0)
RP33: 5/1/2010 11:19:20 - Installed Microsoft Baseline Security Analyzer 2.1
RP34: 5/1/2010 12:25:27 - Installed Java™ 6 Update 20 (64-bit)
RP35: 5/1/2010 12:42:59 - Windows Update
RP37: 5/1/2010 20:37:52 - Windows Update
RP39: 5/3/2010 10:14:50 - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
ERUNT 1.1j
ESET Online Scanner v3
FriendFinder Messenger v4.1
Malwarebytes' Anti-Malware
Microsoft Easy Assist v2
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.3)
PC Pitstop Driver Alert2 2.0.0.0
RunAlyzer
Sophos Anti-Rootkit 1.5.0
Sophos pcclie-i Cleanup Tool
Spybot - Search & Destroy
Viewfinity User Migration
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live OneCare safety scanner
Windows Resource Kit Tools
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

5/3/2010 10:04:28, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/2/2010 12:33:20, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
5/2/2010 12:32:02, Error: Application Popup [1060] - \??\C:\Windows\system32\drivers\SBREdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/1/2010 20:56:36, Error: Application Popup [1060] - \??\C:\Users\stephen\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/1/2010 12:38:56, Error: Application Popup [1060] - \??\C:\Users\stephen\AppData\Local\Temp\{6249D548-5DE6-4453-95B has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/1/2010 10:48:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8002e97730, 0xfffffa8002e97a10, 0xfffff800025cd540). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050110-17674-01.
5/1/2010 10:45:37, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/1/2010 10:02:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/1/2010 10:02:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/1/2010 10:02:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/1/2010 10:02:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/1/2010 10:02:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/1/2010 10:02:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx Wanarpv6 WfpLwf
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2010 10:02:00, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2010 21:59:59, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/30/2010 20:54:22, Error: Service Control Manager [7003] - The Link-Layer Topology Discovery Mapper service depends the following service: lltdio. This service might not be installed.
4/30/2010 20:54:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
4/30/2010 17:33:58, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/30/2010 17:08:12, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer *stephen using any of the configured protocols.
4/30/2010 17:05:25, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer *stepen using any of the configured protocols.
4/30/2010 13:48:44, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
4/29/2010 12:26:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks SBRE
4/29/2010 08:40:39, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/29/2010 08:40:39, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
4/29/2010 08:40:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/29/2010 08:34:38, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
4/29/2010 08:34:38, Error: Application Popup [1060] - \??\C:\Windows\system32\B7DB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/29/2010 08:14:21, Error: Application Popup [1060] - \??\C:\Windows\system32\65E3.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/28/2010 23:45:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.81.547.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/28/2010 20:41:01, Error: Application Popup [1060] - \??\C:\Windows\system32\120D.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/28/2010 20:30:29, Error: Application Popup [1060] - \??\C:\Windows\system32\1077.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/28/2010 11:58:42, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\uze3otkw.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/28/2010 11:55:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/28/2010 11:50:12, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2010 11:37:35, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2010 10:59:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SBRE spldr Wanarpv6
4/28/2010 08:53:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/28/2010 08:53:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/28/2010 07:50:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88003635938, 0x0000000000000000, 0xfffff88004e7db77, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042810-23946-01.
4/28/2010 06:33:34, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/28/2010 06:24:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
4/27/2010 23:42:15, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069
4/27/2010 23:42:15, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
4/27/2010 21:54:07, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
4/27/2010 21:50:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2010 18:02:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx Wanarpv6 WfpLwf
4/27/2010 15:27:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2010 12:45:01, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/27/2010 08:41:55, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\ute3otkw.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/26/2010 23:03:35, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2010 22:41:35, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2010 22:32:07, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
4/26/2010 22:28:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2010 12:56:32, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2010 12:42:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2010 12:42:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: rdbss SBRE
4/26/2010 12:42:28, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service.
4/26/2010 12:42:28, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service.
4/26/2010 12:42:27, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The endpoint mapper database entry could not be created.
4/26/2010 12:42:27, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2010 12:42:27, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The endpoint mapper database entry could not be created.
4/26/2010 12:42:27, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
4/26/2010 12:42:22, Error: Service Control Manager [7023] - The Windows Audio Endpoint Builder service terminated with the following error: The RPC server is unavailable.
4/26/2010 12:42:22, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The operation completed successfully.
4/26/2010 12:30:53, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/26/2010 12:00:09, Error: Service Control Manager [7030] - The Security Accounts Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/26/2010 11:49:57, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
4/26/2010 11:48:15, Error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/26/2010 11:05:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: An instance of the service is already running.
4/26/2010 11:05:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
4/26/2010 02:22:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx Wanarpv6 WfpLwf
4/26/2010 02:22:39, Error: TPM [14] -
4/26/2010 01:31:07, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.

==== End Of File ===========================

OTL SCAN :

OTL logfile created on: 5/3/2010 10:37:40 - Run 7
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\stephen\Desktop\OTL
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 436.90 Gb Free Space | 93.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHEN-PC
Current User Name: stephen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/27 16:59:56 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\stephen\Desktop\OTL\OTL.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 16:59:56 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\stephen\Desktop\OTL\OTL.exe
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/22 16:08:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/04/28 08:53:22 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Windows Resource Kits\Tools\spooler.txt -- (Spooler)
SRV - [2010/04/25 12:42:43 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2010/04/25 12:29:37 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/11 00:56:30 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Fusion(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 17:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\120D.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/04/20 13:21:38 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D7 58 16 8F E1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.rr.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/30 14:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/30 14:47:41 | 000,000,000 | ---D | M]

[2010/04/26 21:47:38 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Mozilla\Extensions
[2010/04/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\uhwa4pla.default\extensions
[2010/04/21 13:15:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/01 10:47:21 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2010/04/25 12:45:57 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: WudfRd - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/05/01 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\stephen\Desktop\OTL
[2010/05/01 13:05:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\stephen\Desktop\mbam-setup-1.46.exe
[2010/05/01 13:03:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/01 13:03:28 | 000,000,000 | ---D | C] -- C:\Windows\Content.IE5
[2010/05/01 12:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/01 11:20:02 | 000,000,000 | ---D | C] -- C:\Users\stephen\SecurityScans
[2010/05/01 11:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/05/01 10:45:52 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2010/05/01 10:45:52 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2010/05/01 10:45:52 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2010/05/01 10:45:52 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2010/05/01 10:45:52 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2010/05/01 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Temp
[2010/05/01 10:02:41 | 000,000,000 | ---D | C] -- C:\Users\stephen\Desktop\rem
[2010/04/30 21:26:31 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2010/04/30 21:26:31 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2010/04/30 21:26:31 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2010/04/30 21:26:31 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2010/04/30 21:26:31 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2010/04/30 21:26:31 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2010/04/30 21:26:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\Desktop\SmitfraudFix
[2010/04/30 17:34:45 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE1
[2010/04/30 17:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewfinity
[2010/04/30 13:27:06 | 000,000,000 | ---D | C] -- C:\Temp
[2010/04/28 20:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/04/28 06:00:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/28 04:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/28 04:13:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/28 02:43:43 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/04/27 16:58:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 16:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/04/27 16:57:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\stephen\Desktop\erunt_setup.exe
[2010/04/27 16:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/04/27 15:51:52 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/04/27 15:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/27 15:17:08 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Thinstall
[2010/04/27 15:17:08 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Thinstall
[2010/04/27 12:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/27 12:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/04/27 12:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2010/04/27 12:42:16 | 000,000,000 | ---D | C] -- C:\Users\stephen\Desktop\Spybot
[2010/04/27 00:01:02 | 000,000,000 | ---D | C] -- C:\Users\stephen\DoctorWeb
[2010/04/26 23:01:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/04/26 19:17:32 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/04/26 15:58:16 | 000,000,000 | ---D | C] -- C:\Users\stephen\Documents\EDD
[2010/04/26 10:42:03 | 000,000,000 | ---D | C] -- C:\AppData
[2010/04/26 10:29:40 | 000,000,000 | ---D | C] -- C:\Windows\HCBackup
[2010/04/26 00:24:07 | 000,000,000 | ---D | C] -- C:\Users\stephen\Documents\Notes
[2010/04/25 22:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2010/04/25 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Yahoo!
[2010/04/25 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Yahoo
[2010/04/25 20:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/25 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/04/25 19:24:00 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\SBREDrv.sys
[2010/04/25 18:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/25 17:52:26 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2010/04/25 17:33:45 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys
[2010/04/25 17:33:45 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe
[2010/04/25 17:33:35 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/04/25 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2010/04/25 17:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/04/25 16:08:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/04/25 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/25 12:13:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/25 00:56:53 | 000,000,000 | R--D | C] -- C:\Topics
[2010/04/24 22:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/24 20:32:12 | 000,000,000 | ---D | C] -- C:\Users\stephen\Documents\SightSpeed Recordings
[2010/04/24 20:21:58 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\LogiShrd
[2010/04/24 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/04/24 20:21:44 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Leadertech
[2010/04/24 20:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010/04/24 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/04/24 20:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/04/24 20:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/04/24 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Microsoft_Corporation
[2010/04/24 12:39:35 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/04/24 12:39:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/04/24 12:39:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/04/24 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/04/24 07:43:01 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Apps
[2010/04/24 03:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Deployment Toolkit
[2010/04/24 03:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2010/04/24 03:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/04/24 03:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/24 03:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/04/23 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendFinder
[2010/04/23 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/04/23 14:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/04/23 14:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/04/23 14:59:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/23 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/23 14:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/23 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Microsoft Help
[2010/04/23 14:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/04/23 14:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/23 14:55:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/22 21:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/22 21:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/22 21:21:49 | 000,000,000 | ---D | C] -- C:\Avast
[2010/04/22 16:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Javara
[2010/04/22 16:30:06 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Macromedia
[2010/04/22 16:30:06 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Adobe
[2010/04/22 16:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/04/22 16:25:42 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Diagnostics
[2010/04/22 16:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/22 16:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/22 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/04/22 16:08:23 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/22 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\WindowsUpdate
[2010/04/22 14:59:48 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2010/04/22 14:25:18 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Malwarebytes
[2010/04/22 14:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/22 14:25:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/22 14:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/22 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\ElevatedDiagnostics
[2010/04/21 13:46:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/04/21 13:46:12 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/04/21 13:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/04/21 13:41:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/04/21 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Mozilla
[2010/04/21 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Mozilla
[2010/04/21 13:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/04/21 13:06:04 | 000,000,000 | R--D | C] -- C:\Users\stephen\Searches
[2010/04/21 13:05:55 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Identities
[2010/04/21 13:05:53 | 000,000,000 | R--D | C] -- C:\Users\stephen\Contacts
[2010/04/21 13:05:51 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\VirtualStore
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\AppData\Local\Temporary Internet Files
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Templates
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Start Menu
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\SendTo
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Recent
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\PrintHood
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\NetHood
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Documents\My Videos
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Documents\My Pictures
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Documents\My Music
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\My Documents
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Local Settings
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\AppData\Local\History
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Cookies
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\Application Data
[2010/04/21 13:05:40 | 000,000,000 | -HSD | C] -- C:\Users\stephen\AppData\Local\Application Data
[2010/04/21 13:05:39 | 000,000,000 | --SD | C] -- C:\Users\stephen\AppData\Roaming\Microsoft
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Videos
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Saved Games
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Pictures
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Music
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Links
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Favorites
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Downloads
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\My Documents
[2010/04/21 13:05:39 | 000,000,000 | R--D | C] -- C:\Users\stephen\Desktop
[2010/04/21 13:05:39 | 000,000,000 | -H-D | C] -- C:\Users\stephen\AppData
[2010/04/21 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Local\Microsoft
[2010/04/21 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\stephen\AppData\Roaming\Media Center Programs
[2010/04/20 14:20:24 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/04/20 14:20:11 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/04/20 13:26:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/20 13:21:42 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/04/20 12:10:39 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/04/20 11:46:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/04/20 10:54:21 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/03/04 13:43:00 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/02/11 00:21:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/03 10:38:28 | 005,242,880 | ---- | M] () -- C:\Users\stephen\ntuser.dat
[2010/05/03 10:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/03 10:04:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/05/02 12:41:12 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 12:41:12 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 12:38:15 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/02 12:38:15 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/02 12:38:15 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/02 12:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 12:32:10 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 21:46:17 | 001,394,010 | -H-- | M] () -- C:\Users\stephen\AppData\Local\IconCache.db
[2010/05/01 21:45:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2010/05/01 21:01:20 | 079,306,752 | R--- | M] () -- C:\Users\stephen\Desktop\VIPRERescue6245.exe
[2010/05/01 20:54:33 | 000,899,695 | ---- | M] () -- C:\Users\stephen\Desktop\XDelBox.zip
[2010/05/01 13:06:30 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 13:05:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\stephen\Desktop\mbam-setup-1.46.exe
[2010/05/01 12:51:49 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2010/05/01 12:46:56 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/01 12:38:56 | 000,033,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010/05/01 12:32:37 | 000,000,114 | ---- | M] () -- C:\Users\stephen\Desktop\shellfix.reg
[2010/05/01 11:19:46 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/01 10:48:46 | 275,280,638 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/01 10:47:23 | 000,000,214 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2010/05/01 10:47:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/05/01 10:00:16 | 000,383,836 | ---- | M] () -- C:\Users\stephen\Desktop\smitRem.exe
[2010/04/30 21:28:15 | 000,007,597 | ---- | M] () -- C:\Users\stephen\AppData\Local\Resmon.ResmonCfg
[2010/04/30 21:25:41 | 001,872,472 | ---- | M] () -- C:\Users\stephen\Desktop\SmitfraudFix.exe
[2010/04/30 14:37:17 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 14:37:17 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 14:37:17 | 000,065,536 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 12:53:22 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 12:53:22 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 12:53:22 | 000,065,536 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TM.blf
[2010/04/29 12:25:56 | 005,242,880 | ---- | M] () -- C:\Users\stephen\ntuser.bak
[2010/04/28 20:47:37 | 000,003,197 | ---- | M] () -- C:\Users\stephen\Desktop\Sophos pcclie-i Cleanup Tool.lnk
[2010/04/28 20:46:23 | 003,878,400 | ---- | M] () -- C:\Users\stephen\Desktop\Aurora Malware Removal Tool.msi
[2010/04/28 19:29:28 | 000,063,872 | ---- | M] () -- C:\Users\stephen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/28 17:36:40 | 000,303,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/28 17:35:37 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 17:35:37 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 17:35:37 | 000,065,536 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TM.blf
[2010/04/28 10:54:03 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 10:54:03 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 10:54:03 | 000,065,536 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TM.blf
[2010/04/28 06:35:02 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 06:35:02 | 000,524,288 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 06:35:02 | 000,065,536 | -HS- | M] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TM.blf
[2010/04/27 16:58:29 | 000,000,928 | ---- | M] () -- C:\Users\stephen\Desktop\NTREGOPT.lnk
[2010/04/27 16:58:29 | 000,000,909 | ---- | M] () -- C:\Users\stephen\Desktop\ERUNT.lnk
[2010/04/27 16:57:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\stephen\Desktop\erunt_setup.exe
[2010/04/27 15:04:53 | 000,197,342 | ---- | M] () -- C:\Users\stephen\Documents\Startups
[2010/04/27 14:56:12 | 007,323,143 | ---- | M] () -- C:\Users\stephen\Documents\System State.reg
[2010/04/27 12:57:18 | 000,001,262 | ---- | M] () -- C:\Users\stephen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/27 07:59:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2010/04/27 07:59:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/04/25 23:04:47 | 000,001,259 | ---- | M] () -- C:\Users\stephen\Desktop\ATF-Cleaner.exe - Shortcut.lnk
[2010/04/25 20:09:14 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/25 16:02:29 | 000,967,085 | ---- | M] () -- C:\Users\stephen\Documents\fafsaws01bw.pdf
[2010/04/25 12:58:45 | 000,000,036 | ---- | M] () -- C:\Users\stephen\AppData\Local\housecall.guid.cache
[2010/04/25 12:19:58 | 000,000,262 | ---- | M] () -- C:\Users\stephen\Desktop\Run.lnk
[2010/04/25 12:18:45 | 000,001,899 | ---- | M] () -- C:\Users\stephen\Desktop\Windows PowerShell.lnk
[2010/04/24 03:34:43 | 000,294,308 | ---- | M] () -- C:\Users\stephen\Documents\win 7 img.docx
[2010/04/23 18:10:05 | 000,003,093 | ---- | M] () -- C:\Users\stephen\Desktop\MSGR.lnk
[2010/04/23 18:03:50 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/04/22 21:36:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/04/22 13:37:14 | 000,006,144 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2010/04/21 13:15:49 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/21 13:05:40 | 000,000,020 | -HS- | M] () -- C:\Users\stephen\ntuser.ini
[2010/04/20 13:23:50 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/04/20 13:23:50 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/02/11 01:27:54 | 000,005,156 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/02/11 01:08:16 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2010/02/11 00:54:24 | 000,982,224 | ---- | M] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/02/11 00:54:24 | 000,982,224 | ---- | M] () -- C:\Windows\SysNative\igkrng500.bin
[2010/02/11 00:54:24 | 000,439,336 | ---- | M] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/02/11 00:54:24 | 000,439,336 | ---- | M] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/02/11 00:54:24 | 000,092,292 | ---- | M] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/02/11 00:54:24 | 000,092,292 | ---- | M] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/02/11 00:27:38 | 000,102,380 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/02/11 00:27:38 | 000,101,267 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/02/11 00:27:36 | 000,119,498 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/02/11 00:27:34 | 000,188,052 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/02/11 00:27:34 | 000,117,708 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/02/11 00:27:32 | 000,112,701 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/02/11 00:27:30 | 000,163,802 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/02/11 00:27:30 | 000,116,410 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/02/11 00:27:28 | 000,117,404 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/02/11 00:27:26 | 000,118,737 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/02/11 00:27:26 | 000,116,799 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/02/11 00:27:24 | 000,117,941 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/02/11 00:27:22 | 000,121,633 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/02/11 00:27:22 | 000,113,210 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/02/11 00:27:20 | 000,134,790 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/02/11 00:27:18 | 000,123,921 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/02/11 00:27:16 | 000,132,112 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/02/11 00:27:16 | 000,117,919 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/02/11 00:27:14 | 000,119,142 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/02/11 00:27:12 | 000,121,312 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/02/11 00:27:12 | 000,117,032 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/02/11 00:27:10 | 000,176,762 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/02/11 00:27:08 | 000,121,077 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/02/11 00:27:08 | 000,112,605 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/02/11 00:27:06 | 000,117,117 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/02/11 00:27:04 | 000,138,293 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/02/11 00:26:48 | 000,108,574 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/02/11 00:21:48 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/02/11 00:12:08 | 000,000,151 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/02/11 00:05:42 | 001,991,936 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/02/11 00:05:42 | 000,208,896 | ---- | M] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/11 00:05:42 | 000,205,824 | ---- | M] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/02/11 00:05:42 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/02/11 00:05:42 | 000,060,254 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/02/11 00:05:42 | 000,060,226 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/02/11 00:05:42 | 000,060,015 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/02/11 00:05:42 | 000,001,090 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/01 21:45:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2010/05/01 21:01:20 | 079,306,752 | R--- | C] () -- C:\Users\stephen\Desktop\VIPRERescue6245.exe
[2010/05/01 20:54:31 | 000,899,695 | ---- | C] () -- C:\Users\stephen\Desktop\XDelBox.zip
[2010/05/01 13:06:30 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 12:51:49 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2010/05/01 12:46:54 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/01 12:38:56 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010/05/01 12:32:37 | 000,000,114 | ---- | C] () -- C:\Users\stephen\Desktop\shellfix.reg
[2010/05/01 11:19:46 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/01 10:48:46 | 275,280,638 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/01 10:00:12 | 000,383,836 | ---- | C] () -- C:\Users\stephen\Desktop\smitRem.exe
[2010/04/30 21:27:07 | 000,000,214 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2010/04/30 21:26:31 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2010/04/30 21:26:31 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2010/04/30 21:26:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2010/04/30 21:25:34 | 001,872,472 | ---- | C] () -- C:\Users\stephen\Desktop\SmitfraudFix.exe
[2010/04/30 13:48:54 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 13:48:54 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 13:48:54 | 000,065,536 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{baeb9954-5499-11df-b11f-002421f0a33f}.TM.blf
[2010/04/30 13:48:35 | 1583,276,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 12:50:46 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/04/29 12:26:55 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 12:26:55 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 12:26:55 | 000,065,536 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{0de8e79c-53a6-11df-a510-002421f0a33f}.TM.blf
[2010/04/28 20:47:37 | 000,003,197 | ---- | C] () -- C:\Users\stephen\Desktop\Sophos pcclie-i Cleanup Tool.lnk
[2010/04/28 20:46:07 | 003,878,400 | ---- | C] () -- C:\Users\stephen\Desktop\Aurora Malware Removal Tool.msi
[2010/04/28 11:59:14 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 11:59:14 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 11:59:14 | 000,065,536 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{d3b3cb11-52f6-11df-b8e1-e671a8f30d62}.TM.blf
[2010/04/28 10:54:03 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 10:54:03 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 10:54:03 | 000,065,536 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{25a2240d-52ea-11df-bf03-d7e393d00b5b}.TM.blf
[2010/04/28 06:02:10 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 06:02:10 | 000,524,288 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 06:02:10 | 000,065,536 | -HS- | C] () -- C:\Users\stephen\ntuser.dat{98e6b6b5-52ae-11df-8fc2-002421f0a33f}.TM.blf
[2010/04/27 17:15:57 | 000,000,000 | -HS- | C] () -- C:\Users\stephen\ntuser.tmp.LOG2
[2010/04/27 17:15:57 | 000,000,000 | -HS- | C] () -- C:\Users\stephen\ntuser.tmp.LOG1
[2010/04/27 16:58:29 | 000,000,928 | ---- | C] () -- C:\Users\stephen\Desktop\NTREGOPT.lnk
[2010/04/27 16:58:29 | 000,000,909 | ---- | C] () -- C:\Users\stephen\Desktop\ERUNT.lnk
[2010/04/27 15:04:53 | 000,197,342 | ---- | C] () -- C:\Users\stephen\Documents\Startups
[2010/04/27 14:56:07 | 007,323,143 | ---- | C] () -- C:\Users\stephen\Documents\System State.reg
[2010/04/27 12:53:34 | 000,001,262 | ---- | C] () -- C:\Users\stephen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/27 07:59:19 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2010/04/27 07:59:19 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/04/25 23:04:47 | 000,001,259 | ---- | C] () -- C:\Users\stephen\Desktop\ATF-Cleaner.exe - Shortcut.lnk
[2010/04/25 20:09:14 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/04/25 18:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/04/25 16:02:27 | 000,967,085 | ---- | C] () -- C:\Users\stephen\Documents\fafsaws01bw.pdf
[2010/04/25 12:58:45 | 000,000,036 | ---- | C] () -- C:\Users\stephen\AppData\Local\housecall.guid.cache
[2010/04/25 12:19:58 | 000,000,262 | ---- | C] () -- C:\Users\stephen\Desktop\Run.lnk
[2010/04/25 12:18:45 | 000,001,899 | ---- | C] () -- C:\Users\stephen\Desktop\Windows PowerShell.lnk
[2010/04/25 01:38:19 | 000,007,597 | ---- | C] () -- C:\Users\stephen\AppData\Local\Resmon.ResmonCfg
[2010/04/24 03:34:42 | 000,294,308 | ---- | C] () -- C:\Users\stephen\Documents\win 7 img.docx
[2010/04/23 18:10:05 | 000,003,093 | ---- | C] () -- C:\Users\stephen\Desktop\MSGR.lnk
[2010/04/22 21:36:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/04/21 13:15:49 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/21 13:05:40 | 000,000,020 | -HS- | C] () -- C:\Users\stephen\ntuser.ini
[2010/04/21 13:05:39 | 005,242,880 | ---- | C] () -- C:\Users\stephen\ntuser.dat
[2010/04/21 13:05:39 | 005,242,880 | ---- | C] () -- C:\Users\stephen\ntuser.bak
[2010/04/21 13:05:39 | 000,262,144 | -HS- | C] () -- C:\Users\stephen\ntuser.dat.LOG1
[2010/04/21 13:05:39 | 000,000,000 | -HS- | C] () -- C:\Users\stephen\ntuser.dat.LOG2
[2010/02/11 01:27:54 | 000,005,156 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/02/11 01:08:16 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2010/02/11 00:54:24 | 000,982,224 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/02/11 00:54:24 | 000,982,224 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2010/02/11 00:54:24 | 000,439,336 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/02/11 00:54:24 | 000,439,336 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/02/11 00:54:24 | 000,092,292 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/02/11 00:54:24 | 000,092,292 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/02/11 00:27:38 | 000,102,380 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/02/11 00:27:38 | 000,101,267 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/02/11 00:27:36 | 000,119,498 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/02/11 00:27:34 | 000,188,052 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/02/11 00:27:34 | 000,117,708 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/02/11 00:27:32 | 000,112,701 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/02/11 00:27:30 | 000,163,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/02/11 00:27:30 | 000,116,410 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/02/11 00:27:28 | 000,117,404 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/02/11 00:27:26 | 000,118,737 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/02/11 00:27:26 | 000,116,799 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/02/11 00:27:24 | 000,117,941 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/02/11 00:27:22 | 000,121,633 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/02/11 00:27:22 | 000,113,210 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/02/11 00:27:20 | 000,134,790 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/02/11 00:27:18 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/02/11 00:27:16 | 000,132,112 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/02/11 00:27:16 | 000,117,919 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/02/11 00:27:14 | 000,119,142 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/02/11 00:27:12 | 000,121,312 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/02/11 00:27:12 | 000,117,032 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/02/11 00:27:10 | 000,176,762 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/02/11 00:27:08 | 000,121,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/02/11 00:27:08 | 000,112,605 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/02/11 00:27:06 | 000,117,117 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/02/11 00:27:04 | 000,138,293 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/02/11 00:26:48 | 000,108,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/02/11 00:12:08 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/02/11 00:05:42 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/02/11 00:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/02/11 00:05:42 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/02/11 00:05:42 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/02/11 00:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/02/11 00:05:42 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/02/11 00:05:42 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/02/11 00:05:42 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/02/11 00:05:42 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/04/24 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Leadertech
[2010/04/28 15:02:54 | 000,000,000 | ---D | M] -- C:\Users\stephen\AppData\Roaming\Thinstall
[2009/07/13 22:08:49 | 000,008,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%*. /mp /s >
< End of report >

I appologize .. I should have attached the log instead of copy/paste..

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 03 May 2010 - 03:02 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:25 AM

Posted 05 May 2010 - 06:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:25 AM

Posted 10 May 2010 - 06:31 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users