Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection-Cannot Install or Scan Antivirus Software


  • This topic is locked This topic is locked
6 replies to this topic

#1 Andrew P

Andrew P

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 17 November 2009 - 02:37 PM

I am encoutnering several problems with my computer which I suspect is linked to an infection. I cannot install Kaspersky, a scan with Vipre causes the computer to restart. Computer will often freeze and need to restarted. Occasionally I get an error when starting up with a MOM.exe file error.

I'm new to all these logs so baby steps are appreciated!


DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew at 14:09:12.93 on Tue 11/17/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1872 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081120
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081120
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\q9yl9099.default\
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\q9yl9099.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-11-2 203056]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-23 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-10-27 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-6 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-11-19 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-11-19 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-11-19 29736]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-20 21504]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-19 30192]

=============== Created Last 30 ================

2009-11-17 19:06:00 0 d-----w- c:\program files\Trend Micro
2009-11-11 19:46:15 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 19:45:53 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-04 15:42:07 0 d-----w- c:\program files\MSXML 4.0
2009-11-03 01:06:08 0 d-----w- c:\programdata\Sunbelt
2009-11-03 01:06:05 0 d-----w- c:\users\andrew\appdata\roaming\Sunbelt
2009-11-03 01:05:56 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-11-03 01:05:37 0 d-----w- c:\program files\Sunbelt Software
2009-11-03 00:16:38 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-02 20:13:21 0 d-----w- c:\program files\Defraggler
2009-10-30 17:14:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 17:13:57 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 17:13:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-30 17:13:48 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 19:31:16 27984 ----a-w- c:\windows\system32\sbbd.exe
2009-10-27 18:10:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 18:10:58 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 19:37:11 0 d-----w- c:\users\andrew\.realobjects

==================== Find3M ====================

2009-11-09 19:18:48 5364 ----a-w- c:\users\andrew\appdata\roaming\wklnhst.dat
2009-10-26 20:20:58 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-26 20:20:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-26 20:20:57 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-13 14:22:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-01 14:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 23:38:37 208896 ----a-w- c:\program files\lame_enc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40:58 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-20 13:47:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-20 01:42:36 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-20 00:11:51 76 --sha-r- c:\windows\CT4CET.bin
2008-11-20 01:17:36 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:10:29.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 AM

Posted 25 November 2009 - 07:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Andrew P

Andrew P
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 28 November 2009 - 01:15 PM

Thanks for the reply!

I have performed no additional steps to resolve the issue. The problems I have is random freezeing up, inability to scan or install anti virus protection, and specifically I get a Windows error for the "MOM.exe" file. Next time it occurs I will get a screen shot for this thread.


OTL.txt


OTL logfile created on: 11/28/2009 1:08:07 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Andrew\Desktop\Virus Removal
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 88.94% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 214.22 Gb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.77 Gb Free Space | 47.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREWLAPTOP
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 13:07:38 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\Virus Removal\OTL.exe
PRC - [2009/11/07 20:09:27 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/27 14:33:18 | 00,959,824 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2009/10/27 14:31:06 | 01,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/05/21 10:13:58 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/16 18:59:22 | 00,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/16 18:59:20 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/16 18:59:20 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/16 18:59:18 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/19 19:05:13 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/23 23:09:52 | 01,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/05 07:17:22 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/08/05 07:17:20 | 03,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/08/05 07:16:24 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/06/30 05:28:24 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 05:28:14 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 05:28:12 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/05 16:26:36 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/03 16:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 13:07:38 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\Virus Removal\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 14:31:06 | 01,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/03 10:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/04/28 01:06:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/04/15 01:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/16 18:59:20 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/16 18:59:18 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 19:16:06 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/19 19:05:17 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/05 07:17:22 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/06/05 16:26:36 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/10/13 09:22:50 | 00,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/16 18:46:46 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/10 20:06:28 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/08/05 15:29:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/08/05 14:59:00 | 00,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/07/15 09:17:58 | 00,203,056 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/16 18:59:22 | 00,398,336 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/08 16:06:00 | 00,280,096 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/08/05 07:16:16 | 01,207,288 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/08/05 07:16:06 | 00,018,424 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/30 05:28:10 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/16 04:24:12 | 00,017,448 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/06/16 04:24:04 | 00,029,736 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/06/16 04:24:02 | 00,100,392 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/06/16 04:24:00 | 00,081,960 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/05/04 03:42:18 | 03,548,672 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/04 03:42:18 | 03,548,672 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/14 08:04:26 | 00,054,784 | ---- | M] (ITE Tech. Inc. ) -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/03/11 01:44:12 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/11 01:42:24 | 00,203,264 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/03/11 01:24:46 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 01:24:44 | 00,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 01:24:42 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:27 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/14 04:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=4081120
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=4081120
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\S-1-5-21-3500033439-1048533546-1527000538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\S-1-5-21-3500033439-1048533546-1527000538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: development@add-art.org:0.8.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.991
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 19:18:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 20:09:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 20:09:41 | 00,000,000 | ---D | M]

[2009/06/22 00:13:06 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2009/06/22 00:13:06 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/11/28 01:10:41 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions
[2009/11/15 16:03:45 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/02 19:59:05 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/11/15 16:03:43 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2009/11/15 16:03:14 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/13 14:40:33 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/03 21:43:24 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/18 12:29:47 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\extensions\development@add-art.org
[2009/04/22 04:47:36 | 00,001,595 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\searchplugins\amazondotcom.xml
[2009/04/22 04:47:36 | 00,001,595 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\searchplugins\ebay.xml
[2009/08/03 17:22:31 | 00,001,729 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\searchplugins\rotten-tomatoes.xml
[2009/04/15 04:20:55 | 00,000,945 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\q9yl9099.default\searchplugins\youtube-video-search.xml
[2009/04/15 01:43:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3500033439-1048533546-1527000538-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - c:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{092a5fcf-3923-11de-a798-002170905732}\Shell - "" = AutoRun
O33 - MountPoints2\{092a5fcf-3923-11de-a798-002170905732}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{836f3808-8abf-11de-ba9b-002170905732}\Shell - "" = AutoRun
O33 - MountPoints2\{836f3808-8abf-11de-ba9b-002170905732}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/26 11:13:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 18:20:17 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/23 15:27:22 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\boozebleepesbonfire
[2009/11/19 10:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/19 10:00:57 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/19 10:00:56 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/19 10:00:56 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/19 09:59:50 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/19 09:59:50 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/19 09:59:49 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/19 09:59:49 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/19 09:59:49 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/19 09:59:49 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/19 09:59:49 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/19 09:59:49 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/19 09:59:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/19 09:59:48 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/19 09:59:48 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/19 09:59:48 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/19 09:59:40 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/19 09:59:31 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/19 09:59:31 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/19 09:59:31 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/19 09:59:30 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/19 09:59:30 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/19 09:59:30 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/19 09:59:30 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/19 09:59:30 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/19 09:59:30 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/19 09:59:29 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/19 09:59:29 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/19 09:59:29 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/19 09:59:03 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/19 09:59:02 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/19 09:58:56 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/19 09:58:53 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/19 09:58:53 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/19 09:58:52 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/19 09:58:52 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/19 09:58:52 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/19 09:58:52 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/19 09:58:52 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/19 09:58:51 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/19 09:58:51 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/19 09:57:15 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/19 09:57:14 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/17 14:11:05 | 00,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Virus Removal
[2009/11/17 14:10:18 | 00,472,064 | ---- | C] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2009/11/17 14:06:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/11 14:46:15 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 14:45:53 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/04 10:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/02 20:06:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2009/11/02 20:06:05 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Sunbelt
[2009/11/02 20:05:56 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbtis.sys
[2009/11/02 20:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/11/02 20:00:37 | 14,362,992 | ---- | C] (Sunbelt Software ) -- C:\Users\Andrew\Desktop\vipre.exe
[2009/11/02 19:16:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/02 15:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/10/30 12:14:19 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/30 12:14:19 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/30 12:13:57 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/30 12:13:57 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/30 12:13:57 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/30 12:13:48 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/30 12:13:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/08/31 18:38:37 | 00,208,896 | ---- | C] (www.mp3dev.org) -- C:\Program Files\lame_enc.dll
[2009/08/05 15:29:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Andrew\AppData\Roaming\pcouffin.sys
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]
[1 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/28 13:11:21 | 02,883,584 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT
[2009/11/28 12:59:07 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/28 12:59:07 | 00,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/28 12:59:07 | 00,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/28 12:52:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 12:52:55 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 12:52:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/28 12:52:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/26 21:48:57 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/26 21:48:55 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/26 21:48:55 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/26 11:41:55 | 01,730,235 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
[2009/11/24 09:52:23 | 00,000,087 | ---- | M] () -- C:\Users\Andrew\webct_upload_applet.properties
[2009/11/23 23:09:54 | 00,055,487 | ---- | M] () -- C:\Users\Andrew\Desktop\rshirt.jpg
[2009/11/23 16:33:58 | 00,055,532 | ---- | M] () -- C:\Users\Andrew\Desktop\Rush Shirt.jpg
[2009/11/23 16:33:57 | 00,000,439 | ---- | M] () -- C:\Users\Andrew\Desktop\Rush Shirt.lnk
[2009/11/22 21:02:22 | 00,000,000 | ---- | M] () -- C:\Windows\System32\null
[2009/11/22 19:12:07 | 00,026,529 | ---- | M] () -- C:\Users\Andrew\Desktop\gep2.jpg
[2009/11/22 19:09:38 | 00,061,705 | ---- | M] () -- C:\Users\Andrew\Desktop\cont poli theory2.jpg
[2009/11/22 18:36:42 | 00,011,464 | ---- | M] () -- C:\Users\Andrew\Documents\formal awards.docx
[2009/11/22 17:58:18 | 25,010,9093 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/19 19:14:25 | 00,010,096 | ---- | M] () -- C:\Users\Andrew\Desktop\Brotherhood Retreat.xlsx
[2009/11/19 17:47:11 | 00,010,652 | ---- | M] () -- C:\Users\Andrew\Desktop\fuuuuuuuuckj.xlsx
[2009/11/19 10:17:29 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/19 10:17:21 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/18 23:32:14 | 00,017,994 | ---- | M] () -- C:\Users\Andrew\Desktop\HC.docx
[2009/11/17 14:14:23 | 00,000,000 | ---- | M] () -- C:\Users\Andrew\Desktop\settings.dat
[2009/11/17 14:14:02 | 00,472,064 | ---- | M] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2009/11/17 14:08:16 | 00,523,776 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
[2009/11/17 14:06:00 | 00,001,876 | ---- | M] () -- C:\Users\Andrew\Desktop\HijackThis.lnk
[2009/11/17 13:56:10 | 00,054,784 | ---- | M] () -- C:\Users\Andrew\Desktop\Yearly Budget.xls
[2009/11/17 13:55:17 | 00,023,816 | ---- | M] () -- C:\Users\Andrew\Desktop\Monthly Budget.xlsx
[2009/11/16 19:40:53 | 00,028,160 | ---- | M] () -- C:\Users\Andrew\Desktop\Survey for Research Methods in CJ Group Project.doc
[2009/11/13 10:25:52 | 00,289,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/12 22:14:57 | 00,014,455 | ---- | M] () -- C:\Users\Andrew\Desktop\Illegal Substances Proposal.docx
[2009/11/12 22:06:20 | 00,014,466 | ---- | M] () -- C:\Users\Andrew\Desktop\BoA members.docx
[2009/11/11 16:11:37 | 00,011,964 | ---- | M] () -- C:\Users\Andrew\Desktop\Rawls vs Nozick on Health Care.docx
[2009/11/10 13:50:29 | 00,011,965 | ---- | M] () -- C:\Users\Andrew\Documents\Words to Learn.docx
[2009/11/09 14:48:56 | 00,021,246 | ---- | M] () -- C:\Users\Andrew\Desktop\cont poli theory.jpg
[2009/11/09 14:28:42 | 00,033,792 | ---- | M] () -- C:\Users\Andrew\Desktop\social chair wth comments.doc
[2009/11/09 14:18:48 | 00,005,364 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2009/11/09 13:35:55 | 00,024,126 | ---- | M] () -- C:\Users\Andrew\Desktop\gep.jpg
[2009/11/08 11:37:17 | 00,018,647 | ---- | M] () -- C:\Users\Andrew\Desktop\Prypry.docx
[2009/11/05 21:46:46 | 00,013,839 | ---- | M] () -- C:\Users\Andrew\Desktop\Advice Intake.docx
[2009/11/05 16:08:02 | 00,010,397 | ---- | M] () -- C:\Users\Andrew\Documents\Rawls group.docx
[2009/11/02 20:05:41 | 00,001,882 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2009/11/02 20:00:57 | 14,362,992 | ---- | M] (Sunbelt Software ) -- C:\Users\Andrew\Desktop\vipre.exe
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]
[1 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 23:09:53 | 00,055,487 | ---- | C] () -- C:\Users\Andrew\Desktop\rshirt.jpg
[2009/11/23 16:33:57 | 00,055,532 | ---- | C] () -- C:\Users\Andrew\Desktop\Rush Shirt.jpg
[2009/11/23 16:33:57 | 00,000,439 | ---- | C] () -- C:\Users\Andrew\Desktop\Rush Shirt.lnk
[2009/11/22 19:12:07 | 00,026,529 | ---- | C] () -- C:\Users\Andrew\Desktop\gep2.jpg
[2009/11/22 19:09:38 | 00,061,705 | ---- | C] () -- C:\Users\Andrew\Desktop\cont poli theory2.jpg
[2009/11/19 18:53:17 | 00,010,096 | ---- | C] () -- C:\Users\Andrew\Desktop\Brotherhood Retreat.xlsx
[2009/11/19 17:21:24 | 00,010,652 | ---- | C] () -- C:\Users\Andrew\Desktop\fuuuuuuuuckj.xlsx
[2009/11/19 10:17:29 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/19 10:17:21 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/17 14:14:23 | 00,000,000 | ---- | C] () -- C:\Users\Andrew\Desktop\settings.dat
[2009/11/17 14:07:46 | 00,523,776 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
[2009/11/17 14:06:00 | 00,001,876 | ---- | C] () -- C:\Users\Andrew\Desktop\HijackThis.lnk
[2009/11/17 13:56:10 | 00,054,784 | ---- | C] () -- C:\Users\Andrew\Desktop\Yearly Budget.xls
[2009/11/17 13:53:24 | 00,023,816 | ---- | C] () -- C:\Users\Andrew\Desktop\Monthly Budget.xlsx
[2009/11/17 00:14:05 | 00,011,464 | ---- | C] () -- C:\Users\Andrew\Documents\formal awards.docx
[2009/11/16 19:40:52 | 00,028,160 | ---- | C] () -- C:\Users\Andrew\Desktop\Survey for Research Methods in CJ Group Project.doc
[2009/11/12 22:14:56 | 00,014,455 | ---- | C] () -- C:\Users\Andrew\Desktop\Illegal Substances Proposal.docx
[2009/11/12 19:50:07 | 00,014,466 | ---- | C] () -- C:\Users\Andrew\Desktop\BoA members.docx
[2009/11/11 16:11:46 | 00,017,994 | ---- | C] () -- C:\Users\Andrew\Desktop\HC.docx
[2009/11/11 15:56:57 | 00,011,964 | ---- | C] () -- C:\Users\Andrew\Desktop\Rawls vs Nozick on Health Care.docx
[2009/11/09 14:48:56 | 00,021,246 | ---- | C] () -- C:\Users\Andrew\Desktop\cont poli theory.jpg
[2009/11/09 14:28:42 | 00,033,792 | ---- | C] () -- C:\Users\Andrew\Desktop\social chair wth comments.doc
[2009/11/09 13:35:55 | 00,024,126 | ---- | C] () -- C:\Users\Andrew\Desktop\gep.jpg
[2009/11/07 20:36:40 | 00,018,647 | ---- | C] () -- C:\Users\Andrew\Desktop\Prypry.docx
[2009/11/05 16:05:52 | 00,010,397 | ---- | C] () -- C:\Users\Andrew\Documents\Rawls group.docx
[2009/11/02 20:05:41 | 00,001,882 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2009/08/18 15:49:09 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/16 18:46:45 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/12 00:16:31 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/12 00:16:31 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/12 00:15:55 | 00,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/11 23:10:03 | 00,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009/08/05 15:31:18 | 00,001,044 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\vso_ts_preview.xml
[2009/08/05 15:30:54 | 00,000,034 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.log
[2009/08/05 15:29:57 | 00,087,608 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\inst.exe
[2009/08/05 15:29:57 | 00,007,887 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.cat
[2009/08/05 15:29:57 | 00,001,144 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.inf
[2009/05/28 00:27:13 | 00,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/05/07 00:21:13 | 00,000,680 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2009/04/15 16:34:43 | 00,021,504 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 02:26:19 | 00,005,364 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2008/11/19 20:30:11 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/19 19:03:20 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:10:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\WINSOCK.DLL
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >


Extras.txt
OTL Extras logfile created on: 11/28/2009 1:08:07 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Andrew\Desktop\Virus Removal
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 88.94% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.98 Gb Total Space | 214.22 Gb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.77 Gb Free Space | 47.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREWLAPTOP
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101FBF3F-D979-465B-BDE8-61E1BEEFD028}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1D1FF988-F699-4FA1-B7C3-8B6000A7CE3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20C2B891-B3FD-4233-A196-A498FEBC7A46}" = rport=138 | protocol=17 | dir=out | app=system |
"{48571537-E3BD-4831-977A-3F8EEFFA453F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6026BA77-9EBD-46A5-883F-053C05D8BE26}" = rport=137 | protocol=17 | dir=out | app=system |
"{79BF92F9-44AA-4100-9589-B8300CCCB1F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79E3FE80-71EB-4A9C-8B45-E7A184599879}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B5409A8-FCA6-4ADD-88AC-37A4DA5FB7D8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{944B5400-1427-4402-91C5-F3EF6DA955F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AAB6320-E2F0-4121-A7A2-BF6EC7F54580}" = lport=137 | protocol=17 | dir=in | app=system |
"{9AEF7279-E548-4FDF-AD2D-83EEA136F726}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AEEEBD6F-D3C7-4EDA-8D2B-F56001461A20}" = lport=139 | protocol=6 | dir=in | app=system |
"{BCCEB514-B9A1-4F5E-96BD-0288143D500D}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
"{D4403847-5514-48D6-AA79-B247FA3A8C4C}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8F1B32B-ABF0-4DD0-B4C4-084508421D6E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DDD64075-7CD7-494E-8F1E-91CC1D9EAF1E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E5181263-8102-473B-BD15-2059246DB58F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EBC67FD9-260E-4110-84EB-A1D1C981CE99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEBA81E6-E568-4E22-A57A-524DB0A7936A}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFA9DB47-0A87-47BE-B15B-A0D5614B3FC7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24DFC531-0A38-4FA9-BC3E-2BC13C34EC9D}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{275CB9BB-2E24-46F1-8AD8-13E5244545AC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{285FD2BF-71FE-4F61-BDC9-FCCB1C3B6C28}" = protocol=17 | dir=in | app=c:\program files\airport\apagent.exe |
"{32C964A4-AB7F-44C5-BF59-8D81DBF03CE6}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |
"{3982BEE3-1E17-4B55-99F5-CD2777C2960F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A3DEBB0-33B8-48B2-BD8F-5A6CE50D617F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{487BAEDF-F572-44EF-95D4-239AFB6038B7}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{6A8E8BF1-FA91-489D-B9C7-E083E02A8CA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6C93503D-1993-491D-AA15-D462DA11B7A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A75F0F0-A416-483C-8CCE-E2C65E8C4FF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D5F7D75-ADB4-422A-8D59-15E14C7E0029}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B79261D-8DD9-4F01-962D-2C7A6C156C1B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A8208857-C9F6-42C3-928E-0F31106FECC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B50D5F3D-0E7F-42EB-9CBA-404D534A1400}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BB2DCBEC-1D34-495F-BB77-1D643A3EE34E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA7B7970-0954-423A-BBBB-A4CCBBBD6052}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D06E3086-7E0D-4058-8A7C-B389AE94001E}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{DEBAD992-CC78-4A95-8BF5-2E9826325398}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{E277F5C3-6E6E-41A3-8A66-BA31A9231089}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EA63B2EB-B2A6-4687-94BA-C69BC57F82A7}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{FBC63EC7-A3F5-47F9-B8B7-27764AE08786}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"TCP Query User{3D3E7BE0-325D-4FB8-B837-28705F6DA3DD}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{49B9C582-703D-439F-9108-652E580E4F1C}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"TCP Query User{98E9D448-B473-4C5D-8612-9AAD283B65F5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9E6221D8-02DB-4FDB-92AE-20097610B6E5}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{FF2F17A8-FFAC-4B93-B3D8-10DC1560FC14}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{0FDE4A27-AE47-4C41-9FC6-6D54F925DA08}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{2A0DBA1B-4DF7-4E55-9876-64649B7755F9}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{45892B0B-3DA4-4545-93AA-BF0AC77C61FA}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{7175819C-88F9-4BE4-AC6C-BF3FFA022BAB}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{F3D2C9B0-FE90-49FB-BD56-6E90FF95464B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0298D87A-9095-4F05-BE2F-51C2D11E2435}" = SkiniTunes
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{244C63A8-035D-4D17-80B8-3E344DA306BD}" = VIPRE Antivirus + Antispyware
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian
"{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional
"{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard
"{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static
"{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista
"{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English
"{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French
"{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common
"{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish
"{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility
"{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch
"{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian
"{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing
"{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean
"{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Avi2Dvd" = Avi2Dvd 0.5
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Comical_is1" = Comical 0.8
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Defraggler" = Defraggler
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.1
"ffdshow_is1" = ffdshow [rev 2844] [2009-03-30]
"G-Force" = G-Force
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"iPowerHour_is1" = iPowerHour 3.01
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PFPortChecker" = PFPortChecker 1.0.30
"STANDARDR" = Microsoft Office Standard 2007
"Starcraft" = Starcraft
"TomTom HOME" = TomTom HOME 2.6.4.1641
"TR-2.2.1" = ThinkingRock-2.2.1
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3500033439-1048533546-1527000538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:12 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:13 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2009 5:48:13 PM | Computer Name = AndrewLaptop | Source = Windows Search Service | ID = 3013
Description =

[ Broadcom Wireless LAN Events ]
Error - 10/4/2009 10:06:25 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 22:06:24, Sun, Oct 04, 09 Error - Unable to gain access to user store


Error - 10/4/2009 10:08:38 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 22:08:38, Sun, Oct 04, 09 Error - Unable to gain access to user store


Error - 10/9/2009 10:25:39 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 22:25:39, Fri, Oct 09, 09 Error - Unable to gain access to user store


Error - 10/22/2009 11:59:03 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 23:59:03, Thu, Oct 22, 09 Error - Unable to gain access to user store


Error - 11/2/2009 12:36:58 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 11:36:57, Mon, Nov 02, 09 Error - Unable to gain access to user store


Error - 11/2/2009 11:02:28 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 22:02:27, Mon, Nov 02, 09 Error - Unable to gain access to user store


Error - 11/3/2009 2:51:17 AM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 01:51:17, Tue, Nov 03, 09 Error - Unable to gain access to user store


Error - 11/10/2009 9:31:44 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 20:31:43, Tue, Nov 10, 09 Error - Unable to gain access to user store


Error - 11/15/2009 5:48:47 PM | Computer Name = AndrewLaptop | Source = WLAN-Tray | ID = 0
Description = 16:48:47, Sun, Nov 15, 09 Error - Unable to gain access to user store


[ OSession Events ]
Error - 7/29/2009 11:03:16 AM | Computer Name = AndrewLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/31/2009 12:48:39 PM | Computer Name = AndrewLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/25/2009 10:11:44 PM | Computer Name = AndrewLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6043
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/1/2009 6:11:33 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 10.34.4.20 (The DHCP Server
sent a DHCPNACK message).

Error - 9/2/2009 5:23:53 PM | Computer Name = AndrewLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:39:51 PM on 9/1/2009 was unexpected.

Error - 9/2/2009 5:24:04 PM | Computer Name = AndrewLaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer HP LaserJet 1022 with shared
resource name Printer2. Error 2114. The printer cannot be used by others on the
network.

Error - 9/3/2009 7:28:19 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 10.34.12.222 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/3/2009 7:36:53 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.123 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 10.34.4.20 (The DHCP Server
sent a DHCPNACK message).

Error - 9/5/2009 2:29:20 AM | Computer Name = AndrewLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:30:29 PM on 9/3/2009 was unexpected.

Error - 9/6/2009 10:35:56 PM | Computer Name = AndrewLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:29:53 AM on 9/6/2009 was unexpected.

Error - 9/7/2009 6:53:41 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.104 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 10.34.24.20 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2009 2:04:40 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 10.34.4.163 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 10.34.32.20 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2009 2:05:52 PM | Computer Name = AndrewLaptop | Source = Dhcp | ID = 1002
Description = The IP address lease 10.34.33.243 for the Network Card with network
address 00234DAD2151 has been denied by the DHCP server 10.34.4.20 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 AM

Posted 29 November 2009 - 02:08 PM

Hi,

the logs are looking fine right now.

Please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

As well as a scan with Malwarebytes as a next step:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Andrew P

Andrew P
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 November 2009 - 05:09 PM

GMER Log

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 16:58:58
Windows 6.0.6002 Service Pack 2
Running: cruglkr6.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwldqpog.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? 86B63F00
INT 0x72 ? 86B63F00
INT 0x72 ? 86B63F00
INT 0x72 ? 86B63F00
INT 0x82 ? 86B63F00
INT 0x82 ? 86B63F00
INT 0x82 ? 86B63F00
INT 0x82 ? 86B63F00
INT 0xA2 ? 8511FBF8
INT 0xA2 ? 8511FBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spih.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DA09000, 0x1FB0FA, 0xE8000020]
.text USBPORT.SYS!DllUnload 8DFBF41B 5 Bytes JMP 86B634E0
.text ab6q9kag.SYS 9028B000 22 Bytes [82, F3, 1C, 82, 6C, F2, 1C, ...]
.text ab6q9kag.SYS 9028B017 45 Bytes [00, 32, D7, 79, 80, 3D, D5, ...]
.text ab6q9kag.SYS 9028B045 135 Bytes [5A, EB, 81, FD, D9, E4, 81, ...]
.text ab6q9kag.SYS 9028B0CE 10 Bytes [00, 00, 00, 00, 00, 00, F6, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; IDIV BYTE [ECX-0x25]; DEC ECX}
.text ab6q9kag.SYS 9028B0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A2E9C] \SystemRoot\System32\Drivers\spih.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851201F8
Device \FileSystem\fastfat \FatCdrom 885CD1F8
Device \Driver\volmgr \Device\VolMgrControl 8478D1F8
Device \Driver\usbuhci \Device\USBPDO-0 86D131F8
Device \Driver\usbuhci \Device\USBPDO-1 86D131F8
Device \Driver\usbehci \Device\USBPDO-2 86D1A1F8
Device \Driver\usbuhci \Device\USBPDO-3 86D131F8
Device \Driver\usbuhci \Device\USBPDO-4 86D131F8

AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

Device \Driver\usbuhci \Device\USBPDO-5 86D131F8
Device \Driver\usbehci \Device\USBPDO-6 86D1A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8478D1F8
Device \Driver\sptd \Device\3241141008 spih.sys
Device \Driver\volmgr \Device\HarddiskVolume2 8478D1F8
Device \Driver\cdrom \Device\CdRom0 86DC51F8
Device \Driver\volmgr \Device\HarddiskVolume3 8478D1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [89F418E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [89F418E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [89F418E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 86DC51F8
Device \Driver\netbt \Device\NetBt_Wins_Export 873DA1F8
Device \Driver\Smb \Device\NetbiosSmb 8733D1F8
Device \Driver\PCI_PNP6984 \Device\0000004e spih.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86EB61F8

AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

Device \Driver\usbuhci \Device\USBFDO-0 86D131F8
Device \Driver\usbuhci \Device\USBFDO-1 86D131F8
Device \Driver\usbehci \Device\USBFDO-2 86D1A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E0FBC21A-D20A-4083-8D7A-F5FF3F0DF97F} 873DA1F8
Device \Driver\usbuhci \Device\USBFDO-3 86D131F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0018D6E8-6A19-430E-83B5-4FF814FA3015} 873DA1F8
Device \Driver\usbuhci \Device\USBFDO-4 86D131F8
Device \Driver\usbuhci \Device\USBFDO-5 86D131F8
Device \Driver\usbehci \Device\USBFDO-6 86D1A1F8
Device \Driver\ab6q9kag \Device\Scsi\ab6q9kag1Port2Path0Target0Lun0 86EC21F8
Device \Driver\ab6q9kag \Device\Scsi\ab6q9kag1 86EC21F8
Device \FileSystem\fastfat \Fat 885CD1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 889CA1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002268e0854a
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0xCB 0x7C 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x85 0x6A 0x34 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x45 0xD8 0xBC 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\002268e0854a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5A 0xCB 0x7C 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x85 0x6A 0x34 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x45 0xD8 0xBC 0x0F ...

---- EOF - GMER 1.0.15 ----



MBAM - Log - It said there were no malicious threats detected

Malwarebytes' Anti-Malware 1.41
Database version: 3259
Windows 6.0.6002 Service Pack 2

11/29/2009 5:06:50 PM
mbam-log-2009-11-29 (17-06-50).txt

Scan type: Quick Scan
Objects scanned: 97444
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 AM

Posted 29 November 2009 - 07:21 PM

Hi,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please run gmer again after disabling your CD Emulation:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

So far I have seen no sign of malware. Could you please describe exactly your problem with Kaspersky.
Mom.exe belongs to the Catalyst Control Center from ATI. Do you use that program at all? Or would you like to disable it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 AM

Posted 21 December 2009 - 08:29 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users