Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log for review, thanks!!!!


  • This topic is locked This topic is locked
15 replies to this topic

#1 auggiedog

auggiedog

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 09 June 2009 - 09:37 AM

The problem i am having is that Firefox keeps getting hijacked to other sites, making searches impossible!
Thanks sooo much for looking at this!!!
BTW. i could not get the DDS script to work, sorry...
:thumbup2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:37 AM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sketchup.google.com/gsu6/download.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15424F48-7A26-11D4-A2EC-00A0CC630AC3} (pkcDragDrop.pkcDropFiles) - http://www.mspkc.com/Controls/pkcDragDrop.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.mspkc.com/Controls/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rsi.local
O17 - HKLM\Software\..\Telephony: DomainName = rsi.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{809496ED-E60D-4249-ABE5-8F16CF881330}: NameServer = 10.0.1.10,66.238.96.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rsi.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application

Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus

for Windows\FPAVServer.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage

Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 10202 bytes

Attached Files


Edited by auggiedog, 09 June 2009 - 09:39 AM.


BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:12:18 AM

Posted 19 June 2009 - 06:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying

our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it

takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the

following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so

far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in

working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect

from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 19 June 2009 - 09:03 AM

Here are the dds files...
Thanks!
K

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 19 June 2009 - 08:35 PM

Hi auggiedog,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 19 June 2009 - 08:46 PM

Hi auggiedog,

Hijacker or not we need to check out if anything else is hiding away.

Firstly

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

We need to create an OTL Report
  • Please download OTL from the mirror:
    This is THE Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 23 June 2009 - 08:29 AM

Mole...
Sorry, I was away from the computer..
Am doing all of this now...
Thanks!
auggiedog

#7 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 24 June 2009 - 08:52 AM

Mole,
Here you go.....
Thanks!!
K
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-24 08:32:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT sper.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT sper.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT sper.sys ZwOpenKey [0xBA6A70C0]
SSDT sper.sys ZwQueryKey [0xBA6C610A]
SSDT sper.sys ZwQueryValueKey [0xBA6C5F8A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE]

INT 0x63 ? 8A2D8BF8
INT 0x73 ? 8AE0FBF8
INT 0x73 ? 8AE0FBF8
INT 0x73 ? 8A2D8BF8
INT 0x73 ? 8A2D8BF8
INT 0x73 ? 8AE0FBF8
INT 0x74 ? 8A2D8BF8
INT 0x94 ? 8AE84BF8

---- Kernel code sections - GMER 1.0.15 ----

? sper.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B92998AC 5 Bytes JMP 8A2D81D8
.text aruenlbm.SYS B9201386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aruenlbm.SYS B92013AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aruenlbm.SYS B92013C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aruenlbm.SYS B92013C9 1 Byte [30]
.text aruenlbm.SYS B92013C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1464] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe[3632] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00510D8D C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (Icon in the taskbar notification area (F-PROT Antivirus)/FRISK Software International)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] sper.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] sper.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] sper.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] sper.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] sper.sys
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aruenlbm.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE831F8

AttachedDevice \FileSystem\Ntfs \Ntfs FStopW.sys (FPAV - RealTime Protector/FRISK Software International)

Device \Driver\PCI_PNP0104 \Device\00000043 sper.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A3511F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE851F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE851F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE851F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE851F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3511F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3511F8
Device \Driver\usbehci \Device\USBPDO-3 8A33C500
Device \Driver\usbuhci \Device\USBPDO-4 8A3511F8

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-5 8A3511F8
Device \Driver\usbuhci \Device\USBPDO-6 8A3511F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE101F8
Device \Driver\usbehci \Device\USBPDO-7 8A33C500
Device \Driver\Cdrom \Device\CdRom0 8A33D500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AE101F8
Device \Driver\Cdrom \Device\CdRom1 8A33D500
Device \Driver\sptd \Device\2172233854 sper.sys
Device \Driver\usbstor \Device\00000073 89A901F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{809496ED-E60D-4249-ABE5-8F16CF881330} 8A211500
Device \Driver\usbstor \Device\00000077 89A901F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A211500
Device \Driver\usbstor \Device\00000078 89A901F8
Device \Driver\NetBT \Device\NetbiosSmb 8A211500
Device \Driver\usbstor \Device\00000079 89A901F8
Device \Driver\usbuhci \Device\USBFDO-0 8A3511F8
Device \Driver\usbstor \Device\0000007a 89A901F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3511F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FF5500
Device \Driver\usbuhci \Device\USBFDO-2 8A3511F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FF5500
Device \Driver\usbehci \Device\USBFDO-3 8A33C500
Device \Driver\usbuhci \Device\USBFDO-4 8A3511F8
Device \Driver\Ftdisk \Device\FtControl 8AE101F8
Device \Driver\usbuhci \Device\USBFDO-5 8A3511F8
Device \Driver\usbuhci \Device\USBFDO-6 8A3511F8
Device \Driver\usbehci \Device\USBFDO-7 8A33C500
Device \Driver\aruenlbm \Device\Scsi\aruenlbm1Port3Path0Target0Lun0 8A287500
Device \Driver\aruenlbm \Device\Scsi\aruenlbm1 8A287500
Device \FileSystem\Cdfs \Cdfs 89A8E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0x8E 0x75 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0x3A 0xD6 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x56 0x15 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0x8E 0x75 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0x3A 0xD6 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x56 0x15 0x0C ...

---- EOF - GMER 1.0.15 ----





OTL logfile created on: 6/24/2009 8:35:57 AM - Run 1
OTL by OldTimer - Version 3.0.5.1 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 373.40 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.42 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive R: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive S: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive U: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS

Computer Name: KEVINN
Current User Name: kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/18 10:43:54 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/27 23:18:04 | 00,183,064 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/02/20 02:46:12 | 00,201,728 | ---- | M] (OuterTechnologies) -- C:\Program Files\CachemanXP\CachemanXP.exe
PRC - [2006/04/18 04:00:00 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2008/04/21 21:26:48 | 00,045,960 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
PRC - [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2006/07/25 16:54:54 | 00,849,408 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/27 23:18:03 | 00,109,336 | R--- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/06/27 23:18:05 | 02,554,648 | R--- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/07/27 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/03/21 14:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2007/06/27 23:18:04 | 00,404,248 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2006/07/25 16:55:44 | 01,043,968 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2003/12/17 09:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE
PRC - [2008/04/21 15:25:46 | 01,597,832 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
PRC - [2009/06/18 10:43:56 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/12/05 12:39:37 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/08/30 16:05:16 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2009/04/23 08:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2006/08/30 16:03:06 | 00,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\gmer.exe
PRC - [2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/06/12 15:09:57 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/23 08:27:15 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/02/15 11:48:15 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/27 23:18:04 | 00,183,064 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
SRV - [2008/02/15 16:38:07 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/02/20 02:46:12 | 00,201,728 | ---- | M] (OuterTechnologies) -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/18 04:00:00 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2008/02/21 10:21:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/21 21:26:48 | 00,045,960 | ---- | M] (FRISK Software International) -- C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -- (FPAVServer [Auto | Running])
SRV - [2008/06/26 10:24:08 | 00,031,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/07/25 16:54:54 | 00,849,408 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/18 10:43:54 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/12/14 18:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/06/27 23:18:03 | 00,109,336 | R--- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])
SRV - [2006/08/23 01:10:22 | 00,724,992 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [Disabled | Stopped])
SRV - [2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/28 16:41:24 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2008/05/23 10:40:50 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 12.0.1\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped])
SRV - [2007/06/27 23:18:05 | 02,554,648 | R--- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2002/04/02 17:30:16 | 00,033,024 | ---- | M] (Colorvision Inc) -- C:\WINDOWS\System32\DRIVERS\cvspydr2.sys -- (cvspydr2 [On_Demand | Stopped])
DRV - [2007/06/27 23:19:26 | 00,254,872 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/03/28 14:06:28 | 00,592,224 | ---- | M] (FRISK Software International) -- C:\WINDOWS\system32\drivers\FStopW.sys -- (FPAV_RTP [Boot | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/11/30 19:18:11 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/05/11 20:00:14 | 00,045,056 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\HECI.sys -- (HECI [On_Demand | Running])
DRV - [2007/03/21 13:58:56 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/07/25 16:51:56 | 00,102,912 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])
DRV - [2006/07/25 16:52:46 | 00,031,488 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2006/07/25 16:54:02 | 00,033,792 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [System | Running])
DRV - [2007/06/27 23:17:58 | 04,402,176 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/05/14 10:42:25 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/04/13 14:46:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/12/05 02:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/07/27 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2009/05/28 09:42:20 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2008/02/10 16:49:10 | 00,018,048 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\DRIVERS\tpm.sys -- (TPM [On_Demand | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\S-1-5-21-3674535350-3849484998-178904266-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\S-1-5-21-3674535350-3849484998-178904266-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3CED30CE-BCCC-4AFC-9DD1-849FFDBABA23}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/05 12:39:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:00:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 15:09:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/12 15:09:59 | 00,000,000 | ---D | M]

[2009/05/20 13:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Extensions
[2009/05/20 13:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/23 15:08:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Firefox\Profiles\oykqlwfm.default\extensions
[2009/06/24 08:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Firefox\Profiles\oykqlwfm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 15:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Firefox\Profiles\oykqlwfm.default\extensions\DTToolbar@toolbarnet.com
[2009/06/24 08:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\mozilla\Firefox\Profiles\oykqlwfm.default\extensions\staged-xpis
[2009/06/23 15:08:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/13 14:34:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3CED30CE-BCCC-4AFC-9DD1-849FFDBABA23}
[2009/06/12 15:09:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/12 15:09:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 15:09:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/06/12 15:09:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/12/05 12:39:42 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/09 09:04:58 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/05 12:39:48 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/12/05 12:39:40 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/23 19:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 19:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 19:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 19:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 19:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 19:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 19:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (256591 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8924 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3674535350-3849484998-178904266-1115..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3674535350-3849484998-178904266-1115..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRSpawner.lnk = C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3674535350-3849484998-178904266-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15424F48-7A26-11D4-A2EC-00A0CC630AC3} http://www.mspkc.com/Controls/pkcDragDrop.CAB (pkcDragDrop.pkcDropFiles)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.mspkc.com/Controls/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.238.96.12 66.180.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rsi.local
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/08 12:33:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/22 08:58:39 | 00,000,000 | ---D | M] - U:\AutoCad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/06/23 08:27:06 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2009/06/23 08:24:54 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\gmer.zip
[2009/06/19 13:55:00 | 00,345,392 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\sketch279.jpg
[2009/06/19 08:56:36 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\dds.pif
[2009/06/19 08:56:18 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2009/06/17 11:00:55 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\GSW kitchen.lnk
[2009/06/10 14:23:37 | 00,908,287 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\1038-f.jpg
[2009/06/10 13:07:15 | 00,000,723 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/06/10 12:48:03 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2009/06/10 12:48:03 | 00,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2009/06/10 12:48:02 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2009/06/10 12:48:02 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/10 12:48:02 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/06/10 12:47:51 | 00,001,699 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\SUPER © Uninstall.lnk
[2009/06/10 12:47:48 | 00,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2009/06/10 12:47:48 | 00,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2009/06/10 12:47:48 | 00,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2009/06/10 12:47:48 | 00,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2009/06/10 12:47:48 | 00,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2009/06/10 12:47:48 | 00,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2009/06/10 12:47:48 | 00,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2009/06/10 12:47:48 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2009/06/10 12:47:48 | 00,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2009/06/10 12:47:48 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2009/06/10 12:47:48 | 00,054,784 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLAPEDec.ax
[2009/06/10 12:47:48 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2009/06/10 12:47:48 | 00,037,888 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLMPCDec.ax
[2009/06/10 12:47:48 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2009/06/10 12:47:48 | 00,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2009/06/10 12:47:47 | 00,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2009/06/10 12:47:47 | 00,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2009/06/10 12:47:46 | 00,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2009/06/10 12:39:55 | 31,693,599 | ---- | C] (eRightSoft ) -- C:\Documents and Settings\Kevin\My Documents\SUPERsetup.exe
[2009/06/10 12:34:06 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/06/10 12:34:06 | 00,000,000 | ---D | C] -- C:\Program Files\AndreaMosaic
[2009/06/10 12:30:32 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/10 12:30:32 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/06/10 12:30:32 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/06/10 12:30:31 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/06/10 12:30:31 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/06/10 12:30:31 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/10 12:30:31 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/06/10 12:30:31 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/10 12:30:31 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/06/10 12:30:31 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/06/10 12:30:31 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/06/10 12:30:31 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/06/10 12:30:30 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/10 12:30:30 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/10 12:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/06/10 02:58:46 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/06/10 02:58:40 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/06/10 02:56:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/10 02:56:53 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/10 02:55:31 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/09 17:05:12 | 14,017,526 | ---- | C] ( ) -- C:\Documents and Settings\Kevin\My Documents\klcodec485f.exe
[2009/06/09 17:03:15 | 05,283,358 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicSetupSample.exe
[2009/06/09 16:45:49 | 03,126,628 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicManual.pdf
[2009/06/09 16:45:23 | 08,388,383 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicSetup.exe
[2009/06/09 09:37:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/09 09:37:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/09 09:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/09 09:36:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/06/09 09:36:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/06/09 09:36:56 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/06/09 09:36:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/06/09 09:36:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/06/09 09:36:56 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/06/09 09:36:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/06/09 09:36:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/06/09 09:11:57 | 00,076,805 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Belarc Advisor Current Profile.pdf
[2009/06/09 09:10:34 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/09 09:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/09 09:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/09 09:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/09 08:56:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/06/09 08:51:29 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\dds.scr
[2009/06/09 08:40:33 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\Safari.lnk
[2009/06/09 08:40:28 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/06/08 17:11:21 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\HijackThis.lnk
[2009/06/08 17:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/08 17:10:51 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kevin\My Documents\HJTInstall.exe
[2009/06/05 15:13:57 | 80,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\Professional_HDRI_Vol.3_CD1.part1.rar
[2009/06/05 15:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/02 08:50:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/02 08:50:30 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/02 08:49:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/28 15:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\DAEMON Tools Pro
[2009/05/28 15:45:43 | 00,001,623 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\DAEMON Tools Lite.lnk
[2009/05/28 09:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/28 09:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/05/28 09:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/05/28 09:42:20 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/28 09:34:14 | 07,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Kevin\My Documents\daemon4304-lite.exe
[2009/05/28 08:54:28 | 00,001,645 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\DVD Decrypter.lnk
[2009/05/28 08:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/05/28 08:53:19 | 00,899,414 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\SetupDVDDecrypter_3.5.4.0.exe
[2009/05/28 08:47:21 | 00,399,520 | ---- | C] (NCH Software) -- C:\Documents and Settings\Kevin\My Documents\burnsetup.exe
[2009/05/28 08:32:35 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\HandBrake.lnk
[2009/05/28 08:32:34 | 00,000,000 | ---D | C] -- C:\Program Files\HandBrake
[2009/05/27 11:45:46 | 06,529,156 | ---- | C] () -- C:\Documents and Settings\Kevin\My Documents\HandBrake-0.9.3-Win_GUI.exe
[2009/05/13 14:43:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/26 12:42:58 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/02/26 12:42:58 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/05 12:41:19 | 00,000,302 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/12 15:12:15 | 00,000,193 | ---- | C] () -- C:\WINDOWS\sc.INI
[2008/06/27 11:04:59 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/08 09:53:25 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSON4990.ini
[2008/04/28 16:41:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/03/12 12:05:57 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/12 12:05:02 | 00,000,083 | ---- | C] () -- C:\WINDOWS\EPSP1400.ini
[2008/02/22 09:20:49 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/02/21 10:32:03 | 00,000,313 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2008/02/21 09:47:51 | 00,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/02/21 09:00:06 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/02/21 08:24:23 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/02/15 14:50:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/15 14:01:16 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/02/15 14:01:16 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/02/15 14:00:48 | 00,000,814 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/02/15 14:00:48 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/02/15 14:00:18 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/02/08 13:08:22 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2008/02/08 12:46:34 | 00,000,331 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/05 02:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 06:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/27 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/06/24 08:33:33 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Microsoft Office Outlook 2007.lnk
[2009/06/24 04:00:00 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\F-PROT Antivirus - Nightly Scan.job
[2009/06/23 14:56:08 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/23 14:55:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/23 14:55:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/23 08:27:15 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2009/06/23 08:24:55 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\gmer.zip
[2009/06/22 10:46:25 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/19 13:55:00 | 00,345,392 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\sketch279.jpg
[2009/06/19 08:56:36 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\dds.pif
[2009/06/19 08:56:18 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2009/06/17 14:45:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/17 11:01:28 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\GSW kitchen.lnk
[2009/06/16 09:48:04 | 00,000,723 | ---- | M] () -- C:\WINDOWS\AndreaMosaic.INI
[2009/06/16 08:21:43 | 01,651,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 17:00:36 | 00,110,344 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/12 16:47:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/10 14:23:37 | 00,908,287 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\1038-f.jpg
[2009/06/10 14:09:43 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/10 12:47:51 | 00,001,699 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\SUPER © Uninstall.lnk
[2009/06/10 12:47:48 | 00,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2009/06/10 12:43:12 | 31,693,599 | ---- | M] (eRightSoft ) -- C:\Documents and Settings\Kevin\My Documents\SUPERsetup.exe
[2009/06/10 12:33:37 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/06/10 12:30:32 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/06/10 03:06:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 17:06:28 | 14,017,526 | ---- | M] ( ) -- C:\Documents and Settings\Kevin\My Documents\klcodec485f.exe
[2009/06/09 17:03:39 | 05,283,358 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicSetupSample.exe
[2009/06/09 16:45:59 | 08,388,383 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicSetup.exe
[2009/06/09 16:45:49 | 03,126,628 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\AndreaMosaicManual.pdf
[2009/06/09 15:23:35 | 00,534,508 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/09 15:23:35 | 00,464,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/09 15:23:35 | 00,079,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/09 09:11:57 | 00,076,805 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Belarc Advisor Current Profile.pdf
[2009/06/09 09:10:34 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/09 08:53:58 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\dds.scr
[2009/06/09 08:40:33 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\Safari.lnk
[2009/06/09 08:34:24 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/09 08:34:24 | 00,000,330 | -HS- | M] () -- C:\boot.ini
[2009/06/09 08:34:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/08 17:11:21 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\HijackThis.lnk
[2009/06/08 17:10:51 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kevin\My Documents\HJTInstall.exe
[2009/06/05 15:31:37 | 80,000,000 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\Professional_HDRI_Vol.3_CD1.part1.rar
[2009/06/01 11:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/28 15:45:43 | 00,001,623 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\DAEMON Tools Lite.lnk
[2009/05/28 09:42:20 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/28 09:34:52 | 07,658,952 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Kevin\My Documents\daemon4304-lite.exe
[2009/05/28 08:54:28 | 00,001,645 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\DVD Decrypter.lnk
[2009/05/28 08:53:19 | 00,899,414 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\SetupDVDDecrypter_3.5.4.0.exe
[2009/05/28 08:47:22 | 00,399,520 | ---- | M] (NCH Software) -- C:\Documents and Settings\Kevin\My Documents\burnsetup.exe
[2009/05/28 08:32:35 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\HandBrake.lnk
[2009/05/27 11:46:09 | 06,529,156 | ---- | M] () -- C:\Documents and Settings\Kevin\My Documents\HandBrake-0.9.3-Win_GUI.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D566A1AD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18C482B
< End of report >





OTL Extras logfile created on: 6/24/2009 8:35:57 AM - Run 1
OTL by OldTimer - Version 3.0.5.1 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 373.40 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.42 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive R: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive S: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive U: | 906.50 Gb Total Space | 301.66 Gb Free Space | 33.28% Space Free | Partition Type: NTFS

Computer Name: KEVINN
Current User Name: kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application
[2003/12/01 13:48:36 | 00,428,032 | ---- | M] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) -- C:\Program Files\WSFTP\WS_FTP95.exe:*:Enabled:WS_FTP 95
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
File not found -- C:\Documents and Settings\Kevin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
[2008/12/17 14:05:00 | 02,076,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGvis\DRSpawner\DRSpawner.exe:*:Enabled:DRSpawner
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/02/19 14:45:08 | 10,665,984 | ---- | M] (Google, Inc.) -- C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Enabled:SketchUp Application
File not found -- C:\Program Files\Font Explorer\FontExplorerv27.exe:*:Enabled:FontExplorerv27


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0341796A-9224-48FB-AAE1-4079C7AE375E}" = DDXGDIRenderer
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}" = Safari
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{377F5472-544F-4055-A470-4EDA319BA1F3}" = V-Ray for SketchUp 7
"{3925DA22-2D9E-4AD4-9078-876120FE5FC6}" = SVGExport
"{45873324-094C-4516-A84A-134A175A1CD6}" = PDFExport
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57BB3328-049D-4EEA-AD13-22875B60260F}" = V-Ray for SketchUp
"{57E7F262-3B6A-403E-81C2-E9D2B196D00C}" = DDXSheetSets
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68E733D9-1E1E-480C-AA30-D90DD6D432F9}" = V-Ray for SketchUp 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{873E53ED-308E-4D13-864F-81CE29FBC447}" = V-Ray for SketchUp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{75EC8FFC-B913-4991-B3A1-22576D2FC45D}" = Microsoft Office Project 2007 Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91FF4491-867D-4F39-AD5F-4292086D785C}" = V-Ray for SketchUp
"{92377672-DF6E-4D7C-AFFC-50B01254C488}" = DDXViewX
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7385936-7917-4210-9471-ECDF300D1D02}" = DWGDirectX Core
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B123EBD8-89B7-4834-B06D-F758815E1033}" = Nero 7 Ultra Edition
"{B3AE4CD6-7742-4998-A72D-250A6824DE45}" = V-Ray for SketchUp
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4881695-B622-4669-8992-4AC17A505250}" = NXPowerLite
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD4E788B-B668-4C37-B277-C5AD52FF6299}" = V-Ray for SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C51496B3-E15E-41D8-B812-9492E4EC86E0}" = DDX DWF Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus®
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E31ABA95-B5A8-4373-AABF-BAC8CD34E217}" = V-Ray for SketchUp 7
"{E58B329B-FB28-4874-90DE-0D7CB2709267}" = F-PROT Antivirus for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E980B458-32CB-47A2-AA46-8232E69A5A37}" = StuffIt 12
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}" = F-PROT Antivirus Updater Fix
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AndreaMosaic" = AndreaMosaic 3.32.1
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CachemanXP 1.1" = CachemanXP 1.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Duplicate File Finder" = Duplicate File Finder
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"File Shredder_is1" = File Shredder 2.0
"FoxArc Screen Capture" = FoxArc Screen Capture V1.2
"HandBrake" = HandBrake 0.9.3
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"IcoFX_is1" = IcoFX 1.6.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.5 (Full)
"LinkedIn Outlook Toolbar" = LinkedIn Outlook Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology Device Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ODEUNST #1" = RSI
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 6.0" = RealPlayer
"RegVac Registry Cleaner (Trial Version)_is1" = RegVac Registry Cleaner 5.01 (Trial Version)
"Rhapsody" = Rhapsody
"ShockwaveFlash" = Macromedia Flash Player 8
"Silent Package Run-Time Sample" = EPSON Perf 4990 Guide
"SoundCapture" = SoundCapture
"Spyder2" = Spyder2
"ST5UNST #1" = LightCalc
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SWiSH v2.01" = SWiSH v2.01
"SystemRequirementsLab" = System Requirements Lab
"TraxTime" = TraxTime
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2009 9:21:54 AM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 6/16/2009 5:57:44 PM | Computer Name = KEVINN | Source = Windows Search Service | ID = 3006
Description = Performance monitoring cannot be initialized for the gatherer service,
because the counters are not loaded or the shared memory object cannot be opened.
This only affects availability of the perfmon counters. Restart the computer.

Error - 6/16/2009 5:57:44 PM | Computer Name = KEVINN | Source = Windows Search Service | ID = 3007
Description = Performance monitoring cannot be initialized for the gatherer object,
because the counters are not loaded or the shared memory object cannot be opened.
This only affects availability of the perfmon counters. Restart the computer. Context:
Application, SystemIndex Catalog

Error - 6/17/2009 9:22:04 AM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 6/18/2009 11:14:43 AM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 6/19/2009 9:45:20 AM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 6/22/2009 9:29:54 AM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 6/23/2009 11:21:45 AM | Computer Name = KEVINN | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KEVIN\RECENT\CONCRETE.LNK> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/23/2009 11:21:45 AM | Computer Name = KEVINN | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KEVIN\RECENT\CONCRETE.LNK> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/23/2009 3:55:37 PM | Computer Name = KEVINN | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

[ OSession Events ]
Error - 1/19/2009 11:57:42 AM | Computer Name = KEVINN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 84
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/30/2009 9:56:49 AM | Computer Name = KEVINN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1555
seconds with 900 seconds of active time. This session ended with a crash.

Error - 3/30/2009 9:58:00 AM | Computer Name = KEVINN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/3/2009 2:57:36 PM | Computer Name = KEVINN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19359
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2009 9:22:16 AM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/18/2009 11:15:04 AM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2009 9:45:29 AM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/22/2009 9:30:04 AM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/23/2009 3:50:50 PM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7034
Description = The InCD Helper service terminated unexpectedly. It has done this
1 time(s).

Error - 6/23/2009 3:50:53 PM | Computer Name = KEVINN | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/23/2009 3:51:53 PM | Computer Name = KEVINN | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/23/2009 3:52:53 PM | Computer Name = KEVINN | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/23/2009 3:53:53 PM | Computer Name = KEVINN | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 6/23/2009 3:55:55 PM | Computer Name = KEVINN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 24 June 2009 - 01:27 PM

Hi auggiedog,

Your logs have all scanned clean.

Your error messages seem to point to a hardware issue but just to be sure let's do two scans.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Then

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

If nothing significant comes up then I may redirect you to a more appropriate Bleeping forum. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 25 June 2009 - 08:58 AM

Mole..
FYI the scan did not complete last night, will do again..lost power...
K

#10 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 June 2009 - 11:58 AM

Mole,
here are the results...
Thanks!
K
:thumbup2:
BitDefender Online Scanner

Scan report generated at: Thu, Jun 25, 2009 - 15:28:22
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics

Time
01:57:13

Files 518536

Folders 12371

Boot Sectors 0

Archives 9175

Packed Files 41739



Results

Identified Viruses 3

Infected Files 6

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 6







Engines Info

Virus Definitions


3524001

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Kevin\Desktop\my briefcase\Kevin\dellbakup_092707\applications\eXeem_0.21_setup.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006


Detected with: Adware.Iebar.A

C:\Documents and Settings\Kevin\Desktop\my briefcase\Kevin\dellbakup_092707\applications\eXeem_0.21_setup.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006


Deleted

C:\Documents and Settings\Kevin\Desktop\my briefcase\Kevin\dellbakup_092707\applications\eXeem_0.21_setup.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)


Update failed

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078992.sys


Infected with: Trojan.Generic.1940649

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078992.sys


Deleted

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078993.sys


Infected with: Trojan.Generic.1940649

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078993.sys


Deleted

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078994.sys


Infected with: Trojan.Generic.1940649

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0078994.sys


Deleted

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0079023.sys


Infected with: Trojan.Generic.1940649

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0079023.sys


Deleted

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0079132.exe


Infected with: Trojan.Generic.1954720

C:\System Volume Information\_restore{84EB7FDF-D05D-4B49-8D71-4DBEB9C75617}\RP437\A0079132.exe


Deleted

Attached Files



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 26 June 2009 - 01:57 PM

Thanks for the logs, auggiedog.

The MBAM scan shows that you scanned but did not set the tool to remove what it found.

Can you run MBAM again but make sure that everything is checked, and click Remove Selected

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 29 June 2009 - 02:54 AM

Are you still there auggiedog?
Posted Image
m0le is a proud member of UNITE

#13 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2009 - 09:12 AM

I am still here....I can do all of that right away...
Thanks!
should i re-post once we are cleaned?

#14 auggiedog

auggiedog
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2009 - 09:14 AM

I am still here....I can do all of that right away...
Thanks!
should i re-post once we are cleaned?
BTW, I have had malawarebytes for a while and run it pretty regular, but whatever is in there keeps coming back..

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:18 AM

Posted 02 July 2009 - 05:24 PM

Hi auggiedog,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users