Really Slow/Not responding often

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

Really Slow/Not responding often Don't know what's wrong...

#1 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 09 January 2010 - 06:46 PM

Hey everyone, I've been here several times with fantastic results thanks to the incredible community and people hard at work. Once again I need your help with my pc.. It has been running very slow compared to even a few months ago, and has a very hard time running any game, regardless of graphic complexity. Even programs as simple as internet explorer, windows explorer, and everyday programs like microsoft word take a long time to boot up, then run slow and have a tendency to "Not Respond". Something is just not right.. I have tried malware and virus scans but they find nothing, removed old pictures to try and speed it up, removed old programs, and I started using CCleaner often, but results are slim to none.

I attached all the requested files, except for the RootRepeal because it it wouldn't finish the scan without coming up with an unknown error.
Thank you so much in advance for helping to fix this laptop, I really appreciate all efforts.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Zac at 17:10:21.70 on Sat 01/09/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.819 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Users\Zac\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070724
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.colby.edu/chemistry/OChem/DEMOS/Substitution.html"
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {582610B8-E496-4813-993C-4B027173FE38} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-15 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-15 108552]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-15 73728]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-8-24 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-8-24 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-8-24 177864]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-15 27784]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-15 298776]

=============== Created Last 30 ================

2010-01-08 23:34:45 0 d-----w- C:\VivoxLogs
2009-12-29 18:54:33 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-29 17:43:54 0 d-----w- c:\programdata\CCP
2009-12-29 17:43:54 0 d-----w- c:\program files\CCP
2009-12-27 03:21:21 0 d-----w- c:\program files\CCleaner
2009-12-25 18:52:32 15360 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-12-25 18:52:30 14336 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2009-12-25 18:51:13 0 d-----w- c:\windows\system32\drivers\nti
2009-12-25 18:51:13 0 d-----w- c:\program files\NewTech Infosystems

==================== Find3M ====================

2010-01-09 21:30:18 62985 ----a-w- c:\programdata\nvModes.dat
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 17:24:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 17:24:38 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 17:24:36 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 17:24:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 17:24:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 17:23:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-08 06:22:54 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-09-14 01:44:55 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-04 19:04:03 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-04 19:04:03 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-04 19:04:03 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-07-24 21:51:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:12:29.57 ===============

Attached File(s)

Attach.txt (6.05K)
Number of downloads: 10

#2 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 15 January 2010 - 05:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Please download OTL from following mirror:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 18 January 2010 - 02:41 PM

The problem is not yet resolved, but it appears to come and go randomly. Sorry for being vague, but the best description I can provide is that my computer has generally slowed down compared to the way it was. For instance, it will take a really long time to load any program, sometimes providing the "Not Responding" response in the title bar of the program window. Upon waking my computer up from sleep mode, the screen will stay black for a few minutes, which never used to happen, and from time to time it seems as though the computer will get so overwhelmed by just a few programs being open, that windows explorer starts to "Not respond", meaning I cannot really do anything until it refreshes itself. I'm just wondering if I have too many programs running at the same time, or if there is some sort of virus/malware infection, or something else along those lines that is causing my comp to run slowly which is fixable.

Here are the scan logs you requested:

OTL logfile created on: 1/18/2010 2:14:58 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Zac\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 65.60 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.53 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Zac
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/18 14:13:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/27 22:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/18 16:11:37 | 00,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/10/18 16:11:36 | 00,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/27 19:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/01/27 19:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 19:50:00 | 00,013,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
PRC - [2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/09 07:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/12/08 13:34:40 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/12/08 13:34:40 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/08 13:34:10 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/09/20 13:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 13:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 13:44:48 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/06/07 11:27:56 | 00,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2007/05/09 17:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/27 19:35:28 | 00,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/20 13:01:12 | 01,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/12/19 10:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 10:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

========== Modules (SafeList) ==========

MOD - [2010/01/18 14:13:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/18 16:11:36 | 00,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/15 13:31:44 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/08 18:20:34 | 00,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2009/01/27 19:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/01/27 19:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/09 07:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/13 17:24:00 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/12/08 13:34:40 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/10/22 10:31:33 | 00,138,168 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/20 13:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 13:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/19 12:44:44 | 00,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/19 10:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/15 13:32:26 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/15 13:32:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/15 13:31:55 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/05/05 16:46:08 | 00,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/05/05 16:46:08 | 00,014,336 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/01/27 19:50:00 | 00,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/01/27 19:50:00 | 00,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/27 19:50:00 | 00,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/01/27 19:50:00 | 00,052,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/01/27 19:50:00 | 00,031,848 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/06/09 07:23:00 | 07,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/06 20:52:48 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/10 17:03:00 | 00,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 13:46:06 | 00,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/24 16:47:30 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/07/24 16:47:30 | 00,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/07/24 16:47:30 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/15 12:25:46 | 00,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/27 19:35:56 | 00,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/03/05 21:45:00 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/12 16:36:54 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/09 14:34:16 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\drvnddm.sys -- (DRVNDDM)
DRV - [2007/02/08 22:05:30 | 00,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/30 07:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/27 02:48:46 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 21:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 00,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/18 12:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 19:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3070724

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..\URLSearchHook: *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\S-1-5-21-2241642629-384779116-2283715535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2009/03/15 18:31:38 | 00,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Extensions
[2009/03/15 18:31:38 | 00,000,000 | ---D | M] -- C:\Users\Zac\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/01/08 22:52:41 | 00,371,781 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12818 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix:
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2241642629-384779116-2283715535-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.65.8.11 158.65.3.66
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Zac\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zac\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8466f72a-ef39-11de-b78d-001c23ab7700}\Shell\AutoRun\command - "" = G:\restore\restorestarter.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\restore\restorestarter.exe -- File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/18 14:13:25 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
[2010/01/12 21:59:33 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 21:59:32 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 16:09:45 | 00,000,000 | ---D | C] -- C:\Users\Zac\Documents\Canon Utilities
[2010/01/12 16:00:50 | 00,000,000 | ---D | C] -- C:\Users\Zac\Desktop\Pics for mom
[2010/01/09 17:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/01/08 18:34:45 | 00,000,000 | ---D | C] -- C:\VivoxLogs
[2010/01/08 18:21:02 | 18,848,592 | ---- | C] (Lime Wire LLC) -- C:\Users\Zac\Desktop\LimeWireWin.exe
[2009/12/29 14:38:30 | 00,000,000 | ---D | C] -- C:\Users\Zac\Documents\EVE
[2009/12/29 14:38:13 | 00,000,000 | ---D | C] -- C:\Users\Zac\AppData\Local\CCP
[2009/12/29 13:54:33 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/12/29 12:43:54 | 00,000,000 | ---D | C] -- C:\ProgramData\CCP
[2009/12/29 12:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\CCP
[2009/12/26 22:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/26 22:15:48 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Users\Zac\Documents\ccsetup227.exe
[2009/12/25 13:52:32 | 00,015,360 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
[2009/12/25 13:52:30 | 00,014,336 | ---- | C] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys
[2009/12/25 13:51:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2009/12/25 13:51:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2009/12/25 13:51:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2009/12/25 13:51:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2009/12/25 13:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/18 14:19:54 | 08,126,464 | -HS- | M] () -- C:\Users\Zac\ntuser.dat
[2010/01/18 14:13:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Zac\Desktop\OTL.exe
[2010/01/18 13:21:26 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6C41B86-B69F-4B9B-A559-A4FF72E6A5F9}.job
[2010/01/18 13:20:35 | 00,062,985 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/18 13:20:30 | 00,062,985 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/18 13:19:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 01:31:33 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/18 01:31:33 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/17 18:27:22 | 00,012,889 | ---- | M] () -- C:\Users\Zac\Desktop\Workout Schedule.xlsx
[2010/01/17 15:39:28 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/17 15:39:28 | 00,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/17 15:39:28 | 00,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/14 13:39:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/14 13:39:28 | 21,454,31552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/14 03:09:04 | 00,524,288 | -HS- | M] () -- C:\Users\Zac\ntuser.dat{f0b7a23a-b96c-11dc-acd3-0019b9841f84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/14 03:09:04 | 00,065,536 | -HS- | M] () -- C:\Users\Zac\ntuser.dat{f0b7a23a-b96c-11dc-acd3-0019b9841f84}.TM.blf
[2010/01/14 03:08:05 | 02,183,971 | -H-- | M] () -- C:\Users\Zac\AppData\Local\IconCache.db
[2010/01/14 03:06:41 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/12 21:55:05 | 00,000,864 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/12 21:50:40 | 07,520,288 | ---- | M] () -- C:\Users\Zac\Desktop\SUPERAntiSpyware.exe
[2010/01/12 16:08:00 | 00,115,200 | ---- | M] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 01:46:11 | 00,018,526 | ---- | M] () -- C:\Users\Zac\Documents\Resume.docx
[2010/01/09 17:19:39 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/09 17:19:39 | 00,001,750 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/09 17:03:00 | 00,000,393 | ---- | M] () -- C:\Users\Zac\Desktop\Log In.url
[2010/01/09 13:19:44 | 00,010,530 | ---- | M] () -- C:\Users\Zac\Documents\Its been a few years but I.docx
[2010/01/09 12:46:36 | 00,000,180 | ---- | M] () -- C:\Users\Zac\Desktop\Facebook.url
[2010/01/08 22:52:41 | 00,371,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/01/08 22:17:48 | 00,001,662 | ---- | M] () -- C:\Users\Zac\Desktop\LimeWire 5.4.6.lnk
[2010/01/08 20:30:53 | 00,003,716 | ---- | M] () -- C:\Users\Zac\Documents\cc_20100108_203036.reg
[2010/01/08 18:21:03 | 18,848,592 | ---- | M] (Lime Wire LLC) -- C:\Users\Zac\Desktop\LimeWireWin.exe
[2010/01/08 15:28:08 | 00,001,760 | ---- | M] () -- C:\Users\Zac\Desktop\Runes of Magic.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 13:52:55 | 00,001,672 | ---- | M] () -- C:\Users\Zac\Desktop\EVE.lnk
[2009/12/28 20:53:13 | 00,012,364 | ---- | M] () -- C:\Users\Zac\Documents\s.docx
[2009/12/26 22:31:40 | 00,435,186 | ---- | M] () -- C:\Users\Zac\Documents\cc_20091226_223113.reg
[2009/12/26 22:21:24 | 00,001,632 | ---- | M] () -- C:\Users\Zac\Desktop\CCleaner.lnk
[2009/12/26 22:16:24 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Users\Zac\Documents\ccsetup227.exe
[2009/12/25 13:51:37 | 00,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 03:06:41 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/12 21:55:05 | 00,000,864 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/12 21:50:05 | 07,520,288 | ---- | C] () -- C:\Users\Zac\Desktop\SUPERAntiSpyware.exe
[2010/01/09 17:19:39 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/01/09 17:19:39 | 00,001,750 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/01/09 13:19:42 | 00,010,530 | ---- | C] () -- C:\Users\Zac\Documents\Its been a few years but I.docx
[2010/01/08 22:17:48 | 00,001,662 | ---- | C] () -- C:\Users\Zac\Desktop\LimeWire 5.4.6.lnk
[2010/01/08 20:30:49 | 00,003,716 | ---- | C] () -- C:\Users\Zac\Documents\cc_20100108_203036.reg
[2010/01/07 20:26:09 | 00,012,889 | ---- | C] () -- C:\Users\Zac\Desktop\Workout Schedule.xlsx
[2009/12/29 13:52:55 | 00,001,672 | ---- | C] () -- C:\Users\Zac\Desktop\EVE.lnk
[2009/12/28 20:53:12 | 00,012,364 | ---- | C] () -- C:\Users\Zac\Documents\s.docx
[2009/12/26 22:31:16 | 00,435,186 | ---- | C] () -- C:\Users\Zac\Documents\cc_20091226_223113.reg
[2009/12/26 22:21:24 | 00,001,632 | ---- | C] () -- C:\Users\Zac\Desktop\CCleaner.lnk
[2009/12/25 13:51:37 | 00,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk
[2009/11/08 01:22:54 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/08/24 22:07:13 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/08/04 16:45:12 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 21:56:24 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/10 20:22:50 | 00,000,035 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\TheHunterSettings.cfg
[2008/11/18 14:27:01 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/11/01 22:21:42 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/06/19 23:16:46 | 00,062,985 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/19 23:16:45 | 00,062,985 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/02/08 23:33:25 | 00,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007/09/29 18:38:27 | 00,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/09/29 18:37:51 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/09/29 18:37:51 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/09/29 18:37:51 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/09/24 10:46:11 | 00,001,356 | ---- | C] () -- C:\Users\Zac\AppData\Local\d3d9caps.dat
[2007/08/26 14:51:59 | 00,011,075 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/23 18:30:00 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/03 03:20:51 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc675-4162-11dc-a2d7-0019b9841f84}.TMContainer00000000000000000002.regtrans-ms
[2007/08/03 03:20:51 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc675-4162-11dc-a2d7-0019b9841f84}.TMContainer00000000000000000001.regtrans-ms
[2007/08/03 03:20:51 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc666-4162-11dc-a2d7-0019b9841f84}.TMContainer00000000000000000002.regtrans-ms
[2007/08/03 03:20:51 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc666-4162-11dc-a2d7-0019b9841f84}.TMContainer00000000000000000001.regtrans-ms
[2007/08/03 03:20:51 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/08/03 03:20:51 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc675-4162-11dc-a2d7-0019b9841f84}.TM.blf
[2007/08/03 03:20:51 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{a67dc666-4162-11dc-a2d7-0019b9841f84}.TM.blf
[2007/08/03 03:20:51 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/08/03 03:20:51 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/08/02 17:53:36 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/02 17:53:33 | 00,000,163 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/02 17:42:52 | 00,041,049 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\nvModes.dat
[2007/08/02 17:42:52 | 00,041,049 | ---- | C] () -- C:\Users\Zac\AppData\Roaming\nvModes.001
[2007/08/02 17:19:32 | 00,115,200 | ---- | C] () -- C:\Users\Zac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/24 16:51:28 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/24 16:51:19 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/07/24 09:13:00 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/20 12:59:08 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/02/20 12:59:06 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/20 12:59:04 | 00,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/02/20 11:24:46 | 00,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E73B14E2
< End of report >

Extras

OTL Extras logfile created on: 1/18/2010 2:14:58 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Zac\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 65.60 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.53 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Zac
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1674AB5F-590E-40F6-8CDE-B226F9BE7706}" = rport=1701 | protocol=17 | dir=out | app=system |
"{2D0461FC-959B-4858-BFA4-F38105A4D517}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{31C24EF1-34BE-4869-8ACB-7A15D6086E63}" = lport=1723 | protocol=6 | dir=in | app=system |
"{42B68C42-11C0-4E14-A428-1D405126B1E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4B5CC70B-E557-4579-9717-73DCB3CCD6BB}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{526EFEBC-6A56-41D7-BF39-96AFF4D84C6D}" = rport=1723 | protocol=6 | dir=out | app=system |
"{554AA018-2020-4E18-91D3-8C88941856FF}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{66C1E46F-A626-49C2-AB97-1CED0272E2A6}" = lport=80 | protocol=6 | dir=in | app=system |
"{76C7D8C5-5C89-4381-B5B9-0DF8F0BEE27D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{7D55A72A-93D1-4C80-BB1F-456FF1E718CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{810D20A8-C9AA-4868-BD9E-5AC8940E9F9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8471C5EF-F163-474E-90B3-B667C88A2D28}" = lport=1701 | protocol=17 | dir=in | app=system |
"{8B07FCD1-56E1-4A05-9220-A37CF6AFCC78}" = rport=1701 | protocol=17 | dir=out | app=system |
"{8C3A933B-1C2F-4C39-90CD-548DDB873DA6}" = rport=1723 | protocol=6 | dir=out | app=system |
"{8E42A3EB-51DC-484F-A322-F74285675C70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{90EAA8A4-2C1E-42F5-B587-7F9DD8A57B75}" = lport=443 | protocol=6 | dir=in | name=hunter |
"{AE7D8A3C-9939-494D-8171-101F1DFD5F1F}" = lport=1723 | protocol=6 | dir=in | app=system |
"{B2922005-8CEC-4E09-9E1A-515CEAFA4763}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{BF23860C-4D5A-483A-B120-BA692A0C9BCD}" = lport=1701 | protocol=17 | dir=in | app=system |
"{C46B8C83-A2AA-41B7-B21B-F213B479C27F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FE4DB0BA-DA2D-44C2-BF5E-73EEC96F9F8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B255F2-0CD3-4774-8FDC-7C84DFDF7F64}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{095D40E9-62D3-44A4-BA32-11A2667A136E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{110F4DDC-0D32-4D02-8E83-93DE3C659550}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{14D01B71-F49A-416E-AEBB-1B6238A98B5F}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds_radeon.exe |
"{190A9A83-1727-4128-8100-6D9F20A63A2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E3569F9-26F9-4F46-8160-42335AD10844}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{1E644AEC-6B44-4C2C-A218-4DD905FBD69C}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"{2172D1D7-3722-49C2-A563-50D8F11491DE}" = protocol=6 | dir=out | app=system |
"{21A0C163-AC16-46D6-81D2-773AB9C02FA3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{2A01D0C5-0BA7-4984-BC3A-C64D1A7C8F31}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{30F4867D-2436-4F6C-965A-893B998B9616}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{3B947B72-9373-4F37-B10A-AD931393D3C0}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{45D4C2A3-F320-48E1-9E2C-669E471AE5D0}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{4B2F6E23-5D15-4256-83F2-EEDA7EBE2980}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{4C2D4E66-F9E3-43CD-8E16-FE1C89DC9B9B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{4DCBD288-1B1B-4921-BB78-2AFDBA2B3CA0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{52E56291-9580-4569-879D-A6CF1006F94F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5AA3B0C0-3C2F-42F0-920E-2390C3386E69}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6433338B-93D5-4812-BA69-56924CAA66C9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{6663D5FE-F297-4360-AFDB-649984C689C6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{71BF7388-E6EE-434D-AA1D-5AB5FACF6B85}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{95796909-DF24-4B9B-8DEB-F20415B22DB3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{97A27E8B-81E1-44B7-BE1E-458514B9D0DB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9BC07FF0-D82C-4D81-9E30-A41146309DA8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9D97C064-9950-474B-A9F9-A3DF90571D56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A6F809D9-C2D3-420F-97AF-7EF51BC2487D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A70F1988-3D04-4BD7-9DD9-B0F90C0A93F0}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"{B0CEC4A3-C9DA-4B0E-87C3-6D804BE18B0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BABC0CA1-5915-4D1C-BEB8-6DF26E82D187}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds_radeon.exe |
"{BD095099-11A2-4EE5-854D-5427819DFBA4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4F4282A-ED2B-433D-B186-5B3AD06E4455}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{C8A59694-A8B9-4D5F-9750-5663A24E86C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E30E4848-2620-4CF2-980C-48A01E888DD6}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{E39E1242-A1DD-4409-9528-3219C844F6B2}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{E8168DAA-A12A-4624-90DE-4A7C0DECA532}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{F374CB18-4471-4266-97BA-1B4AFB5FEC92}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"TCP Query User{2746121E-5D3C-4DAC-9E51-30367F037216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2F1F6499-7424-437D-B467-DBAB67092689}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=6 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |
"TCP Query User{39B057A2-E1DD-43AC-B486-F528AF70AE8E}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{40E6439D-A91D-42FE-BE4B-22C5F79FA16F}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{426B61B7-AFB8-46B3-BCDF-1FEA8982E7CA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{4B5A66F9-5F41-4630-A877-C4C87C89D776}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4CF4039E-76B4-4C8E-9179-152F64FD5DD7}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"TCP Query User{605BDA17-4493-4215-97FB-577772771C67}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{6F8E3068-45DF-47DE-8B61-1D4FF2A50294}C:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{71D5ACBA-BA94-4F82-A7E5-FA8E9000EC72}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{7DC69292-3D69-47C9-9193-3DA3365C2080}C:\users\zac\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\zac\program files\dna\btdna.exe |
"TCP Query User{825EDDF1-B31F-4032-9151-ADB4C290FEA0}C:\users\zac\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\zac\program files\dna\btdna.exe |
"TCP Query User{8798F1CF-39CA-48F6-A217-D5B14E31F29A}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{A1378E3A-2331-45D1-BD64-40D91D8B1DCA}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"TCP Query User{ACBD6C32-3738-4F5D-A6C2-921498C57B15}C:\program files\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files\emote\launcher\launcher.exe |
"TCP Query User{BDCEA0E5-6AB9-4646-BB31-63C1852B71FB}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=6 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |
"TCP Query User{C8AF8E80-5FE7-4056-BC82-A1E65C605745}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DC0D3916-14CB-404C-8C93-C62AA54E6227}C:\program files\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"TCP Query User{E4DD0505-6434-49CF-9EAB-632D18D7EA55}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{0268F43E-6C65-4E8E-AA52-E4C02592E51E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{1CFAD234-1CFA-460B-BAB9-815D55BA9C38}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2264D8D3-AC3A-4669-AA42-9AE391E01CC5}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{2872F8E1-D538-4ED3-A862-D9F96C824C56}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{2CC26596-B816-49F0-BCF4-B0BC74752F3C}C:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{38C5E6C4-BB2D-4685-B1E0-F17049D3A6B8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{40C7465B-0B75-44B6-9CA7-C7FF98EF63E8}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{46B5581C-4B71-4FDD-A177-A92C56DAFC47}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=17 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |
"UDP Query User{53753BC4-97F4-4FAC-B1F0-F8259D9689F1}C:\program files\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files\emote\launcher\launcher.exe |
"UDP Query User{5BC102B2-6FAE-427A-9EB4-701FCF1F05FB}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{63AF5365-0303-4FB8-857F-C84A5F6F4579}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"UDP Query User{7A2641E9-E0B1-4BF1-8620-7B875220E2EA}C:\users\zac\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\zac\program files\dna\btdna.exe |
"UDP Query User{7D2766B3-886B-49CF-A29C-99F588CDCEB9}C:\users\zac\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\zac\program files\dna\btdna.exe |
"UDP Query User{8A8BBB96-1546-456C-BD5B-3A5007B4A720}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
"UDP Query User{8D00C06B-7853-406F-A2A8-CEDB9BF026F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B0E1C4A9-B7AB-4FE0-A49B-EA7907F8E181}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{B172EC49-239E-478D-9C18-04B89EC0D853}C:\program files\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"UDP Query User{B28A2C77-4434-41CD-85F4-F4544D4FB4EE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{E4B43872-D0B8-4DF9-A07C-B21B85727621}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=17 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{582610B8-E496-4813-993C-4B027173FE38}" = PixiePack Codec Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC858602-D984-4F08-8B88-039CD82ECBB8}" = Preclick PhotoMovieMaker
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EVE" = EVE Online (remove only)
"ffdshow_is1" = ffdshow [rev 1909] [2008-03-20]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SafeConnect" = SafeConnect
"SerifDrawPlus40" = Serif DrawPlus 4.0
"SynTPDeinstKey" = Dell Touchpad
"SystemRequirementsLab" = System Requirements Lab
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2241642629-384779116-2283715535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2009 2:24:13 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application TeaTimer.exe, version 1.6.6.32, time stamp 0x2a425e19,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x0004a4e3, process id 0xa64, application start time
0x01ca794406b460b0.

Error - 12/16/2009 4:39:25 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x047190da, process id 0x6b0, application start time
0x01ca7e8f964b283d.

Error - 12/19/2009 3:13:24 AM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7b4 Start Time: 01ca7e8f9a18c26d Termination Time: 2106

Error - 12/19/2009 3:14:02 AM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16c4 Start Time: 01ca8079dc839710 Termination Time: 359

Error - 12/19/2009 4:02:52 AM | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =

Error - 12/19/2009 4:39:03 AM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

Error - 12/19/2009 4:41:36 AM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 12/23/2009 4:37:27 AM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18111 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 150c Start Time: 01ca83ab0dbae980 Termination Time: 44

Error - 12/25/2009 2:48:40 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 12/25/2009 11:22:45 PM | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/15/2009 4:32:30 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 16:32:28, Wed, Jul 15, 09 Error - Unable to gain access to user store

Error - 9/14/2009 6:49:27 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 18:49:25, Mon, Sep 14, 09 Error - Unable to gain access to user store

Error - 12/19/2009 12:51:57 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 11:51:53, Sat, Dec 19, 09 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 11/30/2007 6:58:57 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2007 4:50:20 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2007 6:45:51 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/2/2007 8:46:39 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/5/2007 10:43:47 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/16/2008 10:44:42 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 12/15/2008 4:42:47 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/5/2009 1:43:59 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 12:09:40 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/2/2009 11:54:04 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 3/31/2009 12:54:54 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 94 seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/14/2009 1:51:49 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 23 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/17/2009 4:26:22 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/21/2009 10:32:47 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 309 seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/21/2009 10:49:19 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 185 seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/24/2009 12:56:37 AM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/7/2009 7:21:36 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 980 seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/15/2009 2:33:42 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2055
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 12/10/2009 11:22:09 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33182
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 1/17/2010 6:46:54 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1221
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/17/2010 6:08:40 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:42 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:46 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:48 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:49 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:50 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:08:50 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/17/2010 6:10:39 PM | Computer Name = Laptop | Source = netbt | ID = 4321
Description = The name "LAPTOP :0" could not be registered on the interface
with IP address 158.65.205.56. The computer with the IP address 158.65.100.11 did
not allow the name to be claimed by this computer.

Error - 1/18/2010 2:19:19 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 1/18/2010 2:19:22 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#4 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 19 January 2010 - 10:56 AM

Hi,

please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#5 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 19 January 2010 - 05:53 PM

I tried running GMER in both normal and safe mode, but in each mode the scan would not finish. In normal booting mode, the error came up saying "jfkx0ggg is no longer responding", and that it encountered a random error and had to close. Each and every time I tried to scan I got the same result. So then I tried the scan in safe mode. Even in safe mode, the program ran into the same error, causing the same error message to pop up before it could finish the scan. While in safe mode I tried right clicking on GMER and runing as an administrator, and oddly enough the "Blue screen of death" popped up, saying something along the lines of "Windows has encounter a fatal error and must restart". The blue screen disappeared before I could read the rest of the specifics.

#6 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 20 January 2010 - 02:02 PM

Hi,

please try running the following tools instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).

Go to Start > Run and type: cmd.exe
press Ok.
At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
press Enter.
A "DOS" box will open and quickly disappear. That is normal.
A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
Copy and paste the results of the mbr.log in your next reply.

Download RootRepeal from the following location and save it to your desktop.
Extract the contents of RootRepeal.zip, to your desktop.
Double click on your desktop.
Click on the report tab, then click scan
Check all seven boxes:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
Click Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#7 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 20 January 2010 - 11:32 PM

The only way I could save the mbr file to my root directory was via safe mode with networking (thank you vista protection...) After saving it there, I was able to have it scan, and a quick log appeared with the following results:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
kernel: MBR read successfully
user & kernel MBR OK

After that I tried the RootRepeal program in safe mode with networking as well. It would scan for a long time, approximately 30-40 mins, and then right near what I'm assuming the end of the scan would be, an error message popped up saying "Could not read our index block!". As soon as I closed the error message the program exited itself out, and no scan log could be saved. I tried again and again with the same results. Finally, I rebooted in normal start up mode to try the rootrepeal program again, and this time after scanning for a while, and error message popped up with the title "RootRepeal Error". Unfortunately the contents of the error window were transparent so no further details were provided. After closing that error window, a new window popped up without a title, and again with a transparent interior. Sorry to be so vague, but these error messages provided no further information. Is it a bad sign that I can't do these scans?

#8 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 21 January 2010 - 07:04 AM

Hi,

rootkitscanners are tricky programs, they don't always run as we wish them to. The mbr-log looks fine.

There may also be some interference from other programs. Please try RootRepeal again, but before the scan do the following:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regarsd myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#9 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 21 January 2010 - 08:22 PM

Well thats good at least. Thank you so much for all of the time and effort you have put into this with me; I know this isn't easy. I tried adjusting the settings you suggested, and after running RootRepeal in both Safe and Normal boot modes, I got the following error messages in both modes: "RootRepeal Error; Attempt to write to address: 0x00000004" Then after exiting out of that error, this one popped up: "Could not read our index block!".

#10 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 22 January 2010 - 11:55 AM

Hi,

please try the following tool instead:

Please download Sysprot Antirootkit from here

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#11 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 23 January 2010 - 02:11 PM

I tried this new program, but with similar results... After clicking the "get log" button, an error message popped up saying: "Failed to start service. Sysprot AntiRootKit needs to be run with Admin privileges!" It's getting a little annoying to read this error message since I HAVE administrator privileges on my account, and the fact that I even see this in safe mode. Am I doing something wrong, maybe logged in with the wrong credentials or something?

#12 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 23 January 2010 - 06:25 PM

Hi,

please try to launch it by doing a right click on the file and select "run as administrator"

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#13 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 23 January 2010 - 08:47 PM

Wow, I cannot believe I didn't do that before complaining about my problem haha. Doing that worked, thanks a bunch. Here's the log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 432
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 484
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 544
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 600
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\Windows\System32\nvvsvc.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 856
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 896
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 920
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 992
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1068
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1224
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1288
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 1376
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRYSVC.EXE
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\BCMWLTRY.EXE
PID: 1696
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wlanext.exe
PID: 1732
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 1500
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\Windows\System32\AEstSrv.exe
PID: 2428
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2440
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2476
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PID: 2520
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PID: 2652
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PID: 2708
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PID: 2732
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2948
Hidden: No
Window Visible: No

Name: C:\Program Files\SafeConnect\scManager.sys
PID: 2964
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 2992
Hidden: No
Window Visible: No

Name: C:\Windows\System32\stacsv.exe
PID: 3024
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3096
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3136
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3172
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 3232
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2352
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 1872
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRAY.EXE
PID: 584
Hidden: No
Window Visible: No

Name: C:\Windows\System32\rundll32.exe
PID: 2584
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PID: 2308
Hidden: No
Window Visible: No

Name: C:\Windows\OEM02Mon.exe
PID: 752
Hidden: No
Window Visible: No

Name: C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PID: 2900
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2988
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 3116
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 3120
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 3168
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\QuickSet\quickset.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Program Files\SafeConnect\SCClient.exe
PID: 2264
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 2780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\mobsync.exe
PID: 2220
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4232
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PID: 5056
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5224
Hidden: No
Window Visible: No

Name: C:\Users\Zac\Desktop\SysProt\SysProt.exe
PID: 4944
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 5028
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 1440
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Zac\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 8D9F4000
Module End: 8D9FF000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82404000
Module End: 827BD000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 827BD000
Module End: 827F0000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 8040E000
Module End: 80415000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80415000
Module End: 80485000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80485000
Module End: 80496000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80496000
Module End: 8049E000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8049E000
Module End: 804DF000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804DF000
Module End: 805BF000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80602000
Module End: 8067E000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8067E000
Module End: 8068B000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8068B000
Module End: 806D1000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D1000
Module End: 806DA000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806DA000
Module End: 806E2000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E2000
Module End: 80709000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80709000
Module End: 80718000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 80718000
Module End: 8071B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8071B000
Module End: 80725000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80725000
Module End: 80734000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80734000
Module End: 8077E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelide.sys
Service Name: intelide
Module Base: 8077E000
Module End: 80785000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: 80785000
Module End: 80793000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80793000
Module End: 8079A000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8079A000
Module End: 807AA000
Hidden: No

Module Name: C:\Windows\system32\drivers\iastorv.sys
Service Name: iaStorV
Module Base: 82A02000
Module End: 82AA2000
Hidden: No

Module Name: C:\Windows\system32\drivers\iastor.sys
Service Name: iaStor
Module Base: 82AA2000
Module End: 82B60000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 82B60000
Module End: 82B68000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 82B68000
Module End: 82B86000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 82B86000
Module End: 82BB8000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 82BB8000
Module End: 82BC8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: 82BC8000
Module End: 82BDE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 82BDE000
Module End: 82BE7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 88408000
Module End: 88479000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 88479000
Module End: 88584000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 885AF000
Module End: 885EA000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 88606000
Module End: 886F0000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 886F0000
Module End: 8870B000
Hidden: No

Module Name: C:\Windows\system32\drivers\mfetdik.sys
Service Name: mfetdik
Module Base: 8870B000
Module End: 88717000
Hidden: No

Module Name: C:\Windows\system32\drivers\TDI.SYS
Service Name: ---
Module Base: 88717000
Module End: 88722000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 88807000
Module End: 88917000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 88917000
Module End: 88950000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 88950000
Module End: 88958000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 88958000
Module End: 88967000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 88967000
Module End: 8898E000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8898E000
Module End: 8899F000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8899F000
Module End: 889C0000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 889C0000
Module End: 889C9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 889E9000
Module End: 889F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 889F4000
Module End: 889FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 88722000
Module End: 88731000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8C204000
Module End: 8C931000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8C931000
Module End: 8C9D2000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8C9D2000
Module End: 8C9DE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8C9DE000
Module End: 8C9E9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 88731000
Module End: 8876F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8C9E9000
Module End: 8C9F8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8876F000
Module End: 887FC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 8CC00000
Module End: 8CD02000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: 8CD02000
Module End: 8CD13000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8CD13000
Module End: 8CD23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8CD23000
Module End: 8CD31000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8CD31000
Module End: 8CD4B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8CD4B000
Module End: 8CD59000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 8CD59000
Module End: 8CD6D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 8CD6D000
Module End: 8CDBE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8CDBE000
Module End: 8CDD1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8CDD1000
Module End: 8CDFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8CDFC000
Module End: 8CDFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 885EA000
Module End: 885F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 885F5000
Module End: 88600000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\UBHelper.sys
Service Name: UBHelper
Module Base: 8C9F8000
Module End: 8CA00000
Hidden: No

Module Name: C:\Windows\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: 8CDFE000
Module End: 8CE00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 82BE7000
Module End: 82BFF000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\NTIDrvr.sys
Service Name: NTIDrvr
Module Base: 88400000
Module End: 88408000
Hidden: No

Module Name: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 88800000
Module End: 88807000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8C200000
Module End: 8C204000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 807AA000
Module End: 807B3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 807B3000
Module End: 807E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 805BF000
Module End: 80600000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 807E2000
Module End: 807F9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 80400000
Module End: 8040B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8D00D000
Module End: 8D030000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8D030000
Module End: 8D03F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8D03F000
Module End: 8D053000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8D053000
Module End: 8D068000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8D068000
Module End: 8D078000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8D078000
Module End: 8D07A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8D07A000
Module End: 8D0A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8D0A4000
Module End: 8D0AE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8D0AE000
Module End: 8D0BB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8D0BB000
Module End: 8D0F0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8D0F0000
Module End: 8D101000
Hidden: No

Module Name: C:\Windows\system32\drivers\stwrt.sys
Service Name: STHDA
Module Base: 8D101000
Module End: 8D156000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8D156000
Module End: 8D183000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8D183000
Module End: 8D1A8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8D1A8000
Module End: 8D1E5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8D20D000
Module End: 8D310000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8D310000
Module End: 8D3C4000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8D3C4000
Module End: 8D3D1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8D3E1000
Module End: 8D3E8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\DLARTL_M.SYS
Service Name: DLARTL_M
Module Base: 8D3E8000
Module End: 8D3EE000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8D3EE000
Module End: 8D3FA000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8D801000
Module End: 8D822000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8D822000
Module End: 8D82A000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8D82A000
Module End: 8D832000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8D83D000
Module End: 8D84B000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8D84B000
Module End: 8D854000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8D854000
Module End: 8D86A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8D86A000
Module End: 8D87E000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8D87E000
Module End: 8D8B0000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8D8B0000
Module End: 8D8F8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 8D8F8000
Module End: 8D911000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8D911000
Module End: 8D927000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8D927000
Module End: 8D935000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8D935000
Module End: 8D948000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: 8D948000
Module End: 8D96D000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: 8D96D000
Module End: 8D973000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8D973000
Module End: 8D9AF000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8D9AF000
Module End: 8D9B9000
Hidden: No

Module Name: \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Service Name: mferkdk
Module Base: 8D9B9000
Module End: 8D9C0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8D9C0000
Module End: 8D9D7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 8D9D7000
Module End: 8D9DD000
Hidden: No

Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 8DC04000
Module End: 8DC53000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8DC53000
Module End: 8DC6A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\OEM02Dev.sys
Service Name: OEM02Dev
Module Base: 8DC6A000
Module End: 8DCA4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
Service Name: OEM02Vfx
Module Base: 8DCA4000
Module End: 8DCA6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8DCA6000
Module End: 8DCAF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8DCAF000
Module End: 8DCBF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8DCBF000
Module End: 8DCC6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8DCC6000
Module End: 8DCCE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8DCCE000
Module End: 8DCDB000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8DCDB000
Module End: 8DCE6000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8DCE6000
Module End: 8DCEE000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8DCEE000
Module End: 8DCF8000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8DD07000
Module End: 8DD22000
Hidden: No

Module Name: C:\Windows\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: 8DD22000
Module End: 8DD2D000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLADResM.SYS
Service Name: DLADResM
Module Base: 8DD2D000
Module End: 8DD2E000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: 8DD2E000
Module End: 8DD46000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: 8DD46000
Module End: 8DD4B000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: 8DD4B000
Module End: 8DD4D000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLABMFSM.SYS
Service Name: DLABMFSM
Module Base: 8DD4D000
Module End: 8DD54000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: 8DD54000
Module End: 8DD5B000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: 8DD5B000
Module End: 8DD71000
Hidden: No

Module Name: C:\Windows\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: 8DD71000
Module End: 8DD88000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9BC04000
Module End: 9BCB4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9BCB4000
Module End: 9BCC4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9BCC4000
Module End: 9BCEE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9BCEE000
Module End: 9BCF8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9BCF8000
Module End: 9BD0B000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9BD0B000
Module End: 9BD78000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9BD78000
Module End: 9BD95000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9BD95000
Module End: 9BDAE000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9BDAE000
Module End: 9BDC3000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9BDC3000
Module End: 9BDE4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 8DD90000
Module End: 8DDAF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8DDAF000
Module End: 8DDE8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9BDE4000
Module End: 9BDFC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9D601000
Module End: 9D628000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9D628000
Module End: 9D674000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: 9D68C000
Module End: 9D68E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 9D68E000
Module End: 9D692000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 9D692000
Module End: 9D6BA000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9D6BA000
Module End: 9D798000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9D798000
Module End: 9D7A2000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9D7A2000
Module End: 9D7AE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 9D7AE000
Module End: 9D7B6000
Hidden: No

Module Name: C:\Windows\system32\drivers\mfehidk.sys
Service Name: mfehidk
Module Base: 9D7B6000
Module End: 9D7E0000
Hidden: No

Module Name: C:\Windows\system32\drivers\mfebopk.sys
Service Name: mfebopk
Module Base: 9D7E0000
Module End: 9D7E7000
Hidden: No

Module Name: C:\Windows\system32\drivers\mfeapfk.sys
Service Name: mfeapfk
Module Base: 9D7E7000
Module End: 9D7F6000
Hidden: No

Module Name: C:\Windows\system32\drivers\mfeavfk.sys
Service Name: mfeavfk
Module Base: 9D674000
Module End: 9D685000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 8DDE8000
Module End: 8DDFE000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: 9D685000
Module End: 9D68A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: 9D7F6000
Module End: 9D7FF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8DCF8000
Module End: 8DD07000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8D3DA000
Module End: 8D3E1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8D832000
Module End: 8D83D000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: 8D9510B0
Driver Base: 8D948000
Driver End: 8D96D000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwTerminateProcess
At Address: 825F4D5D
Jump To: 9D7CA19B
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 8261DE7D
Jump To: 9D7CA1C3
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcess
At Address: 8269574B
Jump To: 9D7CA1D9
Module Name: C:\Windows\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 82645D59
Jump To: 9D7CA1AF
Module Name: C:\Windows\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LAPTOP.KEENE.EDU:62132
Remote Address: 12.120.78.253:HTTP
Type: TCP
Process: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
State: CLOSE_WAIT

Local Address: LAPTOP.KEENE.EDU:56285
Remote Address: A96-6-41-121.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: LAPTOP.KEENE.EDU:51570
Remote Address: VX-IN-F138.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: LAPTOP.KEENE.EDU:51559
Remote Address: WWW.PAYPAL.CO.NZ:HTTPS
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: LAPTOP.KEENE.EDU:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51632
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51631
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51630
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51629
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51628
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51627
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51626
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51625
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51624
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51623
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51622
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51621
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51620
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51619
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51618
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51617
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51616
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51615
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51614
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51613
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51612
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51611
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51610
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51609
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51608
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51607
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51605
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51604
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51603
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51602
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51601
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51600
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51599
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51598
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51597
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51596
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51595
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51594
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51593
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51592
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51591
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51574
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51573
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51572
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51571
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51569
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51546
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51545
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51542
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51541
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51540
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51539
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51538
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51537
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51536
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51535
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51534
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: LOCALHOST:51533
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LAPTOP:8585
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\SafeConnect\scManager.sys
State: LISTENING

Local Address: LAPTOP:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: LAPTOP:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: LAPTOP:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: LAPTOP:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: LAPTOP:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP.KEENE.EDU:63530
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP.KEENE.EDU:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LAPTOP.KEENE.EDU:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP.KEENE.EDU:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LAPTOP.KEENE.EDU:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LAPTOP:63531
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:55422
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:55029
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: LAPTOP:52298
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:49288
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:49286
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LAPTOP:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\DFSR
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{19733c53-013c-11df-bc53-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{19733d1d-013c-11df-bc53-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{19733d36-013c-11df-bc53-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{327f15bf-07c1-11df-9dc9-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{327f15dd-07c1-11df-9dc9-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{73e6b85e-063d-11df-9611-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{73e6b87a-063d-11df-9611-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{8164e859-053a-11df-9548-001c23ab7700}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

#14 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 23 January 2010 - 09:33 PM

Hi,

please run ComboFix:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#15 Beatbox

Member

Group: Members
Posts: 49
Joined: 08-November 08

Posted 24 January 2010 - 11:39 PM

I tried running Combofix like you said, but in the process a Dell Support Center installer popped up, tried to install the support center, but could not find what it needed. I clicked cancel, then waited and waited, but nothing was happening. I exited out of combofix, and now all of my icons are gone.. Its like everything just vanished! What happened? I'm a little freaked out, especially after reading the announcement above that combofix was bugged.