Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirect


  • This topic is locked This topic is locked
21 replies to this topic

#1 cyclonebill

cyclonebill

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 09 January 2010 - 12:12 AM

Seems like a popular infection here, having my Google searches be redirected to unsafe/unaffilated websites, sometimes coming up in popups. Clicking the google link 3 or 4 times eventually takes me to the correct page.

I've tried various anti virus programs, malwarebytes, spybot, adaware, online scans. some viruses have come up but the redirect issue has consistently remained.

Any help is appreciated as I'm just about at my wit's end at this point. Running Windows 7 Ultimate.

I've pasted my HJT log below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:07 PM, on 08/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Moondi\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [prunnet] "C:\Windows\system32\prunnet.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17) -
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{174D5973-C2F1-4B80-B18D-993EFBEE77AD}: NameServer = 199.166.210.2,199.166.210.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1E38240-D414-411A-B7DA-DF9B19CEB8E2}: NameServer = 199.166.210.2,199.166.210.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{174D5973-C2F1-4B80-B18D-993EFBEE77AD}: NameServer = 199.166.210.2,199.166.210.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{174D5973-C2F1-4B80-B18D-993EFBEE77AD}: NameServer = 199.166.210.2,199.166.210.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12381 bytes



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 15 January 2010 - 05:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 15 January 2010 - 06:03 PM

Thanks for your reply.


OTL.EXE:

OTL logfile created on: 15/01/2010 5:55:35 PM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Moondi\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 14.27 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.75 Gb Total Space | 49.34 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOP-VISTA
Current User Name: Moondi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 17:34:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Moondi\Downloads\OTL.exe
PRC - [2009/12/29 20:29:38 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/29 20:29:37 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 23:02:12 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Moondi\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/13 20:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/13 20:14:43 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:21 | 00,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009/06/22 18:45:12 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2009/06/16 17:45:22 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/16 17:45:20 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/06/16 17:45:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/05/22 18:34:34 | 00,851,968 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 23:01:49 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/07/31 17:11:06 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/29 17:32:52 | 00,236,520 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndasmgmt.exe
PRC - [2007/05/02 18:00:36 | 00,055,368 | ---- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/04/09 07:17:54 | 00,925,696 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PowerISO.exe
PRC - [2007/02/08 00:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/11/27 17:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2006/11/27 17:56:02 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2006/11/27 17:55:48 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2006/11/17 18:27:32 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/12 02:19:46 | 00,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/08 19:47:14 | 01,066,528 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:39:58 | 00,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 11:35:42 | 00,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 17:34:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Moondi\Downloads\OTL.exe
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LicCtrlService)
SRV - [2009/12/29 20:29:37 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/22 18:34:34 | 00,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/26 14:16:31 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/15 18:48:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/31 17:44:34 | 00,501,048 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/31 17:11:06 | 00,106,496 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/06/29 17:32:52 | 00,236,520 | ---- | M] (XIMETA, Inc.) [Auto | Stopped] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2007/05/15 20:07:37 | 01,831,936 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006/11/27 17:56:04 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/07 13:27:02 | 00,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/08 14:38:45 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:49 | 00,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 01,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 17:28:22 | 04,756,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/03 13:18:44 | 00,033,256 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/06/29 17:32:54 | 00,372,584 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2007/06/29 17:32:52 | 00,254,440 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2007/06/29 17:32:52 | 00,062,056 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2007/04/09 07:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/16 04:05:48 | 00,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 00:11:04 | 00,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 14:13:58 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/17 18:27:30 | 00,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/11 18:10:40 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 18:10:40 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/11/11 18:10:40 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 18:10:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 18:10:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 15:43:52 | 00,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\S-1-5-21-520137892-862542877-540573516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\S-1-5-21-520137892-862542877-540573516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: google-wave@chad.smith:0.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {992791ee-61dc-7b98-a8fd-dc49b7deeee9}:3.2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 19:58:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 11:54:41 | 00,000,000 | ---D | M]

[2009/10/24 00:39:11 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Extensions
[2010/01/14 22:03:37 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/03 09:52:44 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/08 18:38:14 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (PDF Download) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/12/18 10:31:58 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (TryAgain) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}
[2009/12/02 09:41:44 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/08 18:38:15 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/24 00:39:16 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/24 00:39:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{dd6bfa32-1198-4217-a0e9-1acab501a6e9}
[2010/01/12 11:25:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/18 10:31:58 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/24 00:39:21 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\dave2x@download
[2009/12/14 17:19:10 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\google-wave@chad.smith
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\piraton@enchufados.net
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\videodowloader@videodownloader.net
[2010/01/14 22:03:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/03 23:59:07 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
[2007/04/03 23:58:52 | 00,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
[2007/07/31 17:44:28 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/03 23:58:59 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Mirar) - {9C96EE1A-E306-4063-AB5E-C5279399171B} - C:\Windows\System32\winak77.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Mirar) - {9C96EE1A-E306-4063-AB5E-C5279399171B} - C:\Windows\System32\winak77.dll File not found
O3 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [Google Update] C:\Users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [prunnet] C:\Windows\System32\prunnet.exe File not found
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Moondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 23:37:16 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 23:37:16 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/08 20:49:53 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/01/08 20:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/08 19:43:20 | 00,000,000 | ---D | C] -- C:\Users\Moondi\AppData\Roaming\QuickScan
[2010/01/08 19:21:01 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/01/08 19:20:58 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/01/07 19:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/07 14:36:24 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/01/07 14:36:24 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/01/07 14:36:24 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/01/07 14:36:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/01/07 14:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/05 14:45:39 | 00,000,000 | ---D | C] -- C:\Users\Moondi\Desktop\GooredFix Backups
[2009/12/29 20:30:57 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/29 20:30:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/29 20:26:20 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/29 20:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/24 11:17:08 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/24 11:17:08 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/24 11:17:08 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/24 11:13:43 | 00,000,000 | ---D | C] -- C:\b8045f60b0742ed4ab
[2009/12/24 11:04:37 | 00,000,000 | ---D | C] -- C:\Windows_7_Loader_v1.7
[2009/12/24 11:02:44 | 00,000,000 | ---D | C] -- C:\RemoveWAT-12-24
[2004/04/23 16:06:25 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2004/04/23 16:06:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2003/09/08 08:09:54 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp70.dll
[2003/09/08 08:09:54 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr70.dll

========== Files - Modified Within 30 Days ==========

[2010/01/15 17:59:26 | 04,194,304 | -HS- | M] () -- C:\Users\Moondi\NTUSER.DAT
[2010/01/15 17:07:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000UA.job
[2010/01/15 17:00:00 | 00,000,296 | ---- | M] () -- C:\Windows\tasks\tnaaarhs.job
[2010/01/15 16:15:23 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/15 16:15:23 | 00,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/15 16:15:23 | 00,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/14 23:07:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000Core.job
[2010/01/14 12:08:12 | 00,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 12:08:12 | 00,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 12:00:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/14 12:00:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/14 12:00:29 | 20,057,45664 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 23:11:45 | 02,540,324 | -H-- | M] () -- C:\Users\Moondi\AppData\Local\IconCache.db
[2010/01/11 12:00:20 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/01/10 00:17:01 | 00,041,472 | ---- | M] () -- C:\Users\Moondi\Desktop\GULU RAI RESUME-1_edit.doc
[2010/01/08 19:29:01 | 00,001,489 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010/01/08 18:52:31 | 00,003,584 | ---- | M] () -- C:\Users\Moondi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 14:38:45 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/01/08 01:02:54 | 00,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 23:43:15 | 00,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/01/07 23:43:15 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/01/07 23:37:28 | 00,005,896 | ---- | M] () -- C:\Users\Moondi\Desktop\Windows Compatibility Report.htm
[2010/01/07 19:34:36 | 00,002,037 | ---- | M] () -- C:\Users\Moondi\Desktop\HijackThis.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 14:36:50 | 00,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/07 11:54:44 | 00,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 11:53:17 | 00,104,918 | ---- | M] () -- C:\Users\Moondi\Desktop\bookmarks-2010-01-07.json
[2010/01/05 16:22:12 | 00,000,400 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/12/31 18:54:57 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/12/29 20:26:16 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/28 23:49:50 | 00,000,320 | ---- | M] () -- C:\Windows\wininit.ini
[2009/12/25 01:03:36 | 73,535,4880 | ---- | M] () -- C:\Users\Moondi\Desktop\xscr-edu.avi
[2009/12/24 11:05:25 | 00,000,000 | RHS- | M] () -- C:\winx.ld
[2009/12/24 11:05:23 | 00,203,836 | RHS- | M] () -- C:\grldr
[2009/12/19 16:41:32 | 09,730,157 | ---- | M] () -- C:\Users\Moondi\Desktop\Sunset Rubdown - Idiot Heart.mp3

========== Files Created - No Company Name ==========

[2010/01/09 23:58:33 | 00,041,472 | ---- | C] () -- C:\Users\Moondi\Desktop\GULU RAI RESUME-1_edit.doc
[2010/01/07 23:37:28 | 00,005,896 | ---- | C] () -- C:\Users\Moondi\Desktop\Windows Compatibility Report.htm
[2010/01/07 19:34:36 | 00,002,037 | ---- | C] () -- C:\Users\Moondi\Desktop\HijackThis.lnk
[2010/01/07 14:36:50 | 00,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/07 11:54:44 | 00,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 11:53:17 | 00,104,918 | ---- | C] () -- C:\Users\Moondi\Desktop\bookmarks-2010-01-07.json
[2010/01/05 16:22:15 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/05 16:22:12 | 00,000,400 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/01/04 20:30:45 | 73,535,4880 | ---- | C] () -- C:\Users\Moondi\Desktop\xscr-edu.avi
[2009/12/31 18:54:57 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/12/31 18:54:57 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/12/29 20:26:16 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/24 11:05:25 | 00,000,000 | RHS- | C] () -- C:\winx.ld
[2009/12/24 11:05:22 | 00,203,836 | RHS- | C] () -- C:\grldr
[2009/12/06 19:51:45 | 00,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2009/12/06 19:48:53 | 00,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2009/10/24 18:32:22 | 00,003,584 | ---- | C] () -- C:\Users\Moondi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 15:44:04 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/02/09 23:34:19 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/09 17:54:21 | 00,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008/01/03 17:18:09 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/01/03 17:17:55 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2007/11/10 18:20:13 | 00,001,489 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2007/11/10 18:20:12 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2007/11/07 00:15:58 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007/07/10 12:34:04 | 00,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/05/28 21:20:52 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/04/18 02:02:26 | 00,000,000 | ---- | C] () -- C:\Users\Moondi\AppData\Roaming\wklnhst.dat
[2007/04/11 18:27:55 | 00,031,007 | ---- | C] () -- C:\Users\Moondi\AppData\Roaming\UserTile.png
[2007/04/05 15:14:05 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/03/28 02:53:14 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/27 02:55:48 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/03/23 19:39:50 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/23 19:39:30 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/23 12:08:20 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/23 12:08:20 | 00,000,320 | ---- | C] () -- C:\Windows\wininit.ini
[2007/03/23 11:54:52 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/28 15:24:12 | 00,654,848 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 18:49:36 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/01 14:54:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 14:52:38 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/07 17:32:46 | 03,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005/11/04 21:57:14 | 00,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2003/08/07 14:01:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >



EXTRAS.txt


OTL Extras logfile created on: 15/01/2010 5:55:35 PM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Moondi\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 14.27 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.75 Gb Total Space | 49.34 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOP-VISTA
Current User Name: Moondi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}" = NDAS Software 3.20.1523
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18C9716F-C906-441F-BA66-CABAA5CB2DCE}" = Adobe XMP Panels CS4
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}" = Motorola Software Update
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49062DAB-7009-4EBD-903A-830B283407C4}" = TMPGEnc DVD Author 1.5
"{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{685C742F-B837-42A7-80B5-98CF94F621AE}" = MCE 2005 STB Controller
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{796CE7A8-37DD-54B3-75CF-E188739B918F}" = TweetDeck
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{967D588C-9B96-40C9-A222-DCD6922563CA}" = Apple Mobile Device Support
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C96EE1A-E306-4063-AB5E-C5279399171B}" = Mirar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9D12B96-3C60-4443-8C03-2CDF5EB3D04E}" = Adobe Setup
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE787736-66F0-4BD9-884B-E4BCA3661646}" = Adobe ExtendScript Toolkit CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFF110A5-82A4-45FC-873D-F5C6D7B57914}" = The Panorama Factory V5 m32 Edition
"{E0219810-16E4-437D-9165-93D7B22524F9}" = iTunes
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF854C54-098E-449B-8B1E-D72684240890}" = Adobe Creative Suite 3 Production Premium
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC19BA02-E1E3-40E0-9FA9-6CEAA62C60C6}" = ResizeMyPhotos
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_82f0ac8b8eab2e882b5e91c7c7bda88" = Add or Remove Adobe Creative Suite 3 Production Premium
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Aleo Flash Slideshow Gallery Maker_is1" = Aleo Flash Slideshow Gallery Maker 1.6
"Allok Video Joiner_is1" = Allok Video Joiner 2.2.0
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 4.7.1202
"Amara - Flash Slide Show Builder" = Amara - Flash Slide Show Builder
"AnvSoft Photo Flash Maker Free" = AnvSoft Photo Flash Maker Free 5.10
"Audacity_is1" = Audacity 1.2.6
"Autopano Giga" = Autopano Giga
"Avid Liquid 7.20" = Avid Liquid 7.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CDisplayEx_is1" = CDisplayEx 1.4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Emicsoft M2TS Converter_is1" = Emicsoft M2TS Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FLVPlayer" = FLV Player 1.3.3
"FTP Commander" = FTP Commander
"Google Desktop" = Google Desktop
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"I8kfanGUI" = I8kfanGUI V3.1
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"IsoBuster_is1" = IsoBuster 2.0
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaJoin" = MediaJoin
"mIRC" = mIRC
"Movie Looks Vegas HD" = Movie Looks Vegas HD
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"My Screen Recorder Pro_is1" = My Screen Recorder Pro 2.60
"NewsLeecher_is1" = NewsLeecher v3.8 Final
"oggcodecs" = FLAC codecs
"PanoramaStudio2Pro" = PanoramaStudio 2.0 Pro (uninstall)
"PowerISO" = PowerISO
"PrimoPDF3.1" = PrimoPDF
"QuickPar" = QuickPar 0.9
"Recuva" = Recuva (remove only)
"Riva Producer Lite_is1" = Riva Producer Lite
"rmgpdfiwkszle" = RON Tool Banners4u
"Save Flash" = Save Flash 4.1
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.1 for Windows
"Security Task Manager" = Security Task Manager 1.7h
"ST6UNST #1" = Meracl ImageMap Generator v3.5.3
"SUPER " = SUPER Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Transcode360" = Transcode 360 for Windows Vista
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 0.9.10.2 (beta)
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"VLC media player" = VideoLAN VLC media player 0.8.6a
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WildTangent dell Master Uninstall" = Dell Games
"Winamp" = Winamp
"WinFF_is1" = WinFF 0.32
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/01/2010 8:34:53 PM | Computer Name = LAPTOP-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 14/01/2010 1:34:52 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14/01/2010 1:35:05 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Adobe\Adobe
Fireworks CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll".Error in manifest or policy file "C:\Program Files\Adobe\Adobe Fireworks
CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14/01/2010 1:39:05 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 14/01/2010 1:03:34 PM | Computer Name = LAPTOP-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 14/01/2010 1:05:23 PM | Computer Name = LAPTOP-VISTA | Source = VSS | ID = 8193
Description =

Error - 14/01/2010 7:53:18 PM | Computer Name = LAPTOP-VISTA | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89db07 Faulting module name: EXCEL.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89db07 Exception code: 0xc0000005 Fault offset: 0x00025282 Faulting process
id: 0x1cac Faulting application start time: 0x01ca9574b26108e0 Faulting application
path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Faulting module path:
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Report Id: fc480160-0167-11df-b14e-0015c5777448

Error - 15/01/2010 2:30:25 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 15/01/2010 2:30:38 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Adobe\Adobe
Fireworks CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll".Error in manifest or policy file "C:\Program Files\Adobe\Adobe Fireworks
CS4\Configuration\Win\Shared\AdobeAIR\SDK\runtime\Adobe AIR\Versions\1.0\Adobe
AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 15/01/2010 2:34:35 AM | Computer Name = LAPTOP-VISTA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ Broadcom Wireless LAN Events ]
Error - 13/08/2009 2:48:39 AM | Computer Name = LAPTOP-VISTA | Source = WLAN-Tray | ID = 0
Description = 02:48:38, Thu, Aug 13, 09 Error - Unable to gain access to user store


Error - 16/10/2009 12:33:59 PM | Computer Name = LAPTOP-VISTA | Source = WLAN-Tray | ID = 0
Description = 12:33:55, Fri, Oct 16, 09 Error - Unable to gain access to user store


Error - 09/12/2009 8:26:51 PM | Computer Name = LAPTOP-VISTA | Source = WLAN-Tray | ID = 0
Description = 19:26:51, Wed, Dec 09, 09 Error - Unable to gain access to user store


Error - 15/12/2009 7:59:19 PM | Computer Name = LAPTOP-VISTA | Source = WLAN-Tray | ID = 0
Description = 18:59:19, Tue, Dec 15, 09 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 30/11/2007 8:42:39 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 13/12/2007 8:51:43 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 19/12/2007 10:44:46 AM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/12/2007 5:11:34 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/12/2007 7:40:11 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/12/2007 3:01:29 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 18/04/2008 1:05:22 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 13/08/2008 11:54:41 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 24/06/2009 3:31:34 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/09/2009 3:25:19 PM | Computer Name = LAPTOP-VISTA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 26/09/2007 11:58:11 AM | Computer Name = LAPTOP-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 451 seconds with 180 seconds of active time. This session ended with a crash.

Error - 05/02/2008 1:59:28 AM | Computer Name = LAPTOP-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3942 seconds with 780 seconds of active time. This session ended with a
crash.

Error - 25/02/2008 7:04:05 PM | Computer Name = LAPTOP-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2999 seconds with 240 seconds of active time. This session ended with a
crash.

Error - 13/04/2008 7:37:42 PM | Computer Name = LAPTOP-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 370 seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/12/2009 2:34:25 PM | Computer Name = LAPTOP-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3128
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/08/2009 2:41:36 PM | Computer Name = LAPTOP-VISTA | Source = LSM | ID = 1048
Description =

Error - 12/08/2009 2:41:47 PM | Computer Name = LAPTOP-VISTA | Source = DCOM | ID = 10005
Description =

Error - 12/08/2009 2:42:05 PM | Computer Name = LAPTOP-VISTA | Source = DCOM | ID = 10005
Description =

Error - 12/08/2009 2:42:09 PM | Computer Name = LAPTOP-VISTA | Source = DCOM | ID = 10005
Description =

Error - 12/08/2009 2:42:26 PM | Computer Name = LAPTOP-VISTA | Source = DCOM | ID = 10005
Description =

Error - 12/08/2009 2:42:43 PM | Computer Name = LAPTOP-VISTA | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/08/2009 2:42:43 PM | Computer Name = LAPTOP-VISTA | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 12/08/2009 2:42:43 PM | Computer Name = LAPTOP-VISTA | Source = Service Control Manager | ID = 7001
Description = The Windows Media Center Extender Service service depends on the Function
Discovery Provider Host service which failed to start because of the following
error: %%1068

Error - 12/08/2009 2:42:43 PM | Computer Name = LAPTOP-VISTA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ndasfat SCDEmu spldr Wanarpv6

Error - 13/08/2009 2:37:09 AM | Computer Name = LAPTOP-VISTA | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 15 January 2010 - 06:19 PM

Hi,

please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 12:23 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 00:23:47
Windows 6.1.7600
Running: fzo6mlr6.exe; Driver: C:\Users\Moondi\AppData\Local\Temp\uxrcyfob.sys


---- System - GMER 1.0.15 ----

SSDT 92CE9814 ZwCreateThread
SSDT 92CE9800 ZwOpenProcess
SSDT 92CE9805 ZwOpenThread
SSDT 92CE980F ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C31AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C31104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C313F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C19634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C19898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C311DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C31958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C316F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C31F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C321A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C91579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB5F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CBD84C 4 Bytes [14, 98, CE, 92] {ADC AL, 0x98; INTO ; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82CBD9E8 4 Bytes [00, 98, CE, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82CBDA08 4 Bytes [05, 98, CE, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CBDCB8 4 Bytes [0F, 98, CE, 92] {SETS DH; XCHG EDX, EAX}
.text peauth.sys 9A817C9D 28 Bytes [15, 9A, 19, 2C, 53, A4, ED, ...]
.text peauth.sys 9A817CC1 28 Bytes [15, 9A, 19, 2C, 53, A4, ED, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[740] ole32.dll!CoCreateInstance 76D957FC 5 Bytes JMP 009F000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe[1396] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7408250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74082494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74065624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74078573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74074D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74078819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7407907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7407E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74074C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [722311EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2948] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3896] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[5844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75375D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86115618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C3100 series@ChangeID 105635765
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C3100 series@Attributes 512
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1169

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 16 January 2010 - 06:20 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 01:23 PM

ugh, thanks for the info. I think for now I'll change my passwords and try cleaning things out first. Combofix log pasted below:


ComboFix 10-01-16.01 - Moondi 16/01/2010 12:50:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2550.1239 [GMT -5:00]
Running from: c:\users\Moondi\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-520137892-862542877-540573516-500
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\users\Moondi\AppData\Roaming\IUpd721
c:\users\Moondi\AppData\Roaming\IUpd721\Logs\scns.log
c:\users\Moondi\AppData\Roaming\Microsoft\Windows\Cookies\Index_05970870.dat
c:\users\Moondi\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_05970870.dat
c:\windows\32slwga.dll
c:\windows\64slwga.dll
c:\windows\system32\j4
c:\windows\system32\twain_32.dll
c:\windows\system32\vos
c:\windows\Tasks\tnaaarhs.job

.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 18:03 . 2010-01-16 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 04:37 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 04:37 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 16:25 . 2010-01-11 22:33 789320 ----a-w- c:\users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-12 16:25 . 2010-01-11 22:32 698184 ----a-w- c:\users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-09 05:15 . 2010-01-09 05:15 3819182 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{56897159-13FF-77B9-E3C4-2F0D00C68A49}-ComboFix.exe
2010-01-09 01:49 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-09 01:49 . 2010-01-09 01:49 -------- d-----w- c:\program files\Panda Security
2010-01-09 00:43 . 2010-01-09 00:59 -------- d-----w- c:\users\Moondi\AppData\Roaming\QuickScan
2010-01-09 00:20 . 2010-01-09 00:20 -------- d-----w- c:\program files\Security Task Manager
2010-01-08 00:34 . 2010-01-08 00:34 -------- d-----w- c:\program files\Trend Micro
2010-01-07 19:36 . 2010-01-08 19:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-07 19:36 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-07 19:36 . 2010-01-07 19:36 -------- d-----w- c:\programdata\Avira
2010-01-07 19:36 . 2010-01-07 19:36 -------- d-----w- c:\program files\Avira
2010-01-05 21:22 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-05 21:22 . 2010-01-05 21:22 400 ---ha-w- C:\aaw7boot.cmd
2009-12-30 01:30 . 2009-12-30 01:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-30 01:30 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-30 01:30 . 2009-12-30 01:30 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-30 01:30 . 2009-12-30 01:30 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-30 01:30 . 2009-12-30 01:30 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-30 01:30 . 2009-12-30 01:30 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-30 01:30 . 2009-12-30 01:30 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-30 01:30 . 2009-12-30 01:30 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-30 01:29 . 2010-01-07 19:30 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-30 01:29 . 2009-12-30 01:29 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-30 01:29 . 2009-12-30 01:29 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-30 01:29 . 2009-12-30 01:29 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-30 01:29 . 2009-12-30 01:29 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-30 01:29 . 2009-12-30 01:29 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-30 01:29 . 2009-12-30 01:29 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-30 01:26 . 2009-12-30 01:26 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-30 01:26 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-30 01:25 . 2009-12-30 01:25 -------- d-----w- c:\program files\Lavasoft
2009-12-24 16:13 . 2009-12-24 16:13 -------- d-----w- C:\b8045f60b0742ed4ab
2009-12-24 16:04 . 2009-12-24 16:04 -------- d-----w- C:\Windows_7_Loader_v1.7
2009-12-24 16:02 . 2009-12-24 16:02 -------- d-----w- C:\RemoveWAT-12-24
2009-12-21 19:51 . 2009-12-21 19:51 98304 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{C648BAA2-B842-357C-D5BF-B106E58AE029}-nssdbm3.dll
2009-12-21 19:51 . 2009-12-21 19:51 249856 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{B57E69C8-7B75-6EDD-2082-5AED160C8C64}-freebl3.dll
2009-12-21 19:51 . 2009-12-21 19:51 155648 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{2CC79A44-6FA7-16D3-A00F-A53DB3AEEBDA}-softokn3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 06:43 . 2007-04-05 19:36 -------- d-----w- c:\users\Moondi\AppData\Roaming\Azureus
2010-01-13 06:57 . 2007-06-12 23:59 -------- d-----w- c:\programdata\Microsoft Help
2010-01-09 00:40 . 2010-01-09 00:21 -------- d-----w- c:\programdata\SecTaskMan
2010-01-09 00:29 . 2007-11-10 23:20 1489 --sha-w- c:\windows\system32\mmf.sys
2010-01-08 21:32 . 2007-04-02 23:47 -------- d-----w- c:\program files\FTP Commander
2010-01-08 06:02 . 2008-12-05 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 00:17 . 2008-09-24 22:41 -------- d-----w- c:\program files\NewsLeecher
2010-01-07 21:07 . 2008-12-05 01:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2008-12-05 01:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 01:25 . 2008-12-04 17:42 -------- d-----w- c:\programdata\Lavasoft
2009-12-30 01:24 . 2007-04-02 23:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 16:17 . 2007-03-23 16:54 -------- d-----w- c:\program files\Java
2009-12-07 15:50 . 2009-10-26 00:27 129096 ----a-w- c:\users\Moondi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 00:50 . 2009-12-07 00:50 27648 ----a-r- c:\users\Moondi\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2009-12-07 00:50 . 2009-12-07 00:50 51712 ----a-r- c:\users\Moondi\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2009-12-07 00:50 . 2009-12-07 00:50 51712 ----a-r- c:\users\Moondi\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2009-12-07 00:50 . 2009-12-07 00:50 51712 ----a-r- c:\users\Moondi\AppData\Roaming\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2009-12-07 00:50 . 2009-12-07 00:50 -------- d-----w- c:\program files\Final Draft Tagger
2009-12-07 00:50 . 2007-04-02 23:52 -------- d-----w- c:\program files\Final Draft 7
2009-12-06 20:20 . 2008-08-26 17:57 -------- d-----w- c:\programdata\DVD Shrink
2009-12-06 02:05 . 2009-12-06 02:05 -------- d-----w- c:\programdata\Azureus
2009-12-06 02:03 . 2009-12-06 02:03 -------- d-----w- c:\program files\Vuze
2009-12-06 01:54 . 2007-04-02 23:46 -------- d-----w- c:\program files\Azureus
2009-11-26 17:08 . 2009-11-26 16:46 419840 ----a-w- c:\windows\system32\systemcplx64.dll
2009-11-26 17:08 . 2009-11-26 16:46 409088 ----a-w- c:\windows\system32\systemcplx86.dll
2009-11-03 01:42 . 2009-10-02 18:16 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 08:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 05:52 . 2009-10-24 05:52 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2003-11-03 21:07 . 2004-04-23 21:06 499712 ----a-w- c:\program files\msvcp71.dll
2003-11-03 21:07 . 2004-04-23 21:06 348160 ----a-w- c:\program files\msvcr71.dll
2003-05-30 13:22 . 2003-09-08 13:09 344064 ----a-r- c:\program files\msvcr70.dll
2002-01-05 07:40 . 2003-09-08 13:09 487424 ----a-w- c:\program files\msvcp70.dll
2007-05-16 01:07 . 2007-05-16 01:07 135168 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2009-08-18 20:43 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-08-18 20:43 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-08-18 20:43 216064 --sha-r- c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Moondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-23 50688]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2007-6-29 236520]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-3-23 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
2007-02-16 16:58 856064 ----a-w- c:\program files\I8kfanGUI\I8kfanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 12:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-06 04:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29/12/2009 8:30 PM 64288]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [09/02/2008 5:57 PM 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29/06/2007 5:32 PM 62056]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [08/01/2010 8:49 PM 28552]
R1 fanio;FanIO driver;c:\windows\System32\drivers\fanio.sys [02/04/2007 8:25 PM 14464]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [09/02/2008 5:58 PM 372584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 6:52 PM 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/01/2010 2:36 PM 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/10/2008 10:56 AM 809296]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 8:19 AM 1181328]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe --> c:\windows\runservice.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:29]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:29]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:29]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:29]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 01:29]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000Core.job
- c:\users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 17:05]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000UA.job
- c:\users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: facebook.com\www
TCP: {174D5973-C2F1-4B80-B18D-993EFBEE77AD} = 199.166.210.2,199.166.210.5
TCP: {F1E38240-D414-411A-B7DA-DF9B19CEB8E2} = 199.166.210.2,199.166.210.5
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.ca/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Moondi\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe
AddRemove-oggcodecs - c:\program files\illiminable\oggcodecs\uninst.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll USBPORT.SYS usbuhci.sys >>UNKNOWN [0x8611F618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x6943624f
SecurityProcedure -> 0x64
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-16 13:11:00
ComboFix-quarantined-files.txt 2010-01-16 18:10

Pre-Run: 19,505,111,040 bytes free
Post-Run: 19,560,603,648 bytes free

- - End Of File - - 4112040E77BD16B4567AA3651BB95DAE



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 16 January 2010 - 01:57 PM

Hi,

it seems ComboFix did not see the infection, please try TDSSKiller instead:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 02:03 PM

14:02:35:079 5820 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:02:35:080 5820 ================================================================================
14:02:35:080 5820 SystemInfo:

14:02:35:080 5820 OS Version: 6.1.7600 ServicePack: 0.0
14:02:35:080 5820 Product type: Workstation
14:02:35:080 5820 ComputerName: LAPTOP-VISTA
14:02:35:082 5820 UserName: Moondi
14:02:35:082 5820 Windows directory: C:\Windows
14:02:35:082 5820 Processor architecture: Intel x86
14:02:35:082 5820 Number of processors: 2
14:02:35:082 5820 Page size: 0x1000
14:02:35:084 5820 Boot type: Normal boot
14:02:35:084 5820 ================================================================================
14:02:35:133 5820 UnloadDriverW: NtUnloadDriver error 2
14:02:35:133 5820 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:02:35:144 5820 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:02:35:256 5820 UtilityInit: KLMD drop and load success
14:02:35:256 5820 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:02:35:256 5820 UtilityInit: KLMD open success
14:02:35:256 5820 UtilityInit: Initialize success
14:02:35:256 5820
14:02:35:257 5820 Scanning Services ...
14:02:35:257 5820 CreateRegParser: Registry parser init started
14:02:35:257 5820 CreateRegParser: DisableWow64Redirection error
14:02:35:257 5820 wfopen_ex: Trying to open file C:\Windows\system32\config\system
14:02:35:258 5820 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
14:02:35:258 5820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:02:35:258 5820 wfopen_ex: Trying to KLMD file open
14:02:35:258 5820 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
14:02:35:258 5820 wfopen_ex: File opened ok (Flags 2)
14:02:35:277 5820 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 15D1488
14:02:35:277 5820 wfopen_ex: Trying to open file C:\Windows\system32\config\software
14:02:35:277 5820 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
14:02:35:277 5820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:02:35:277 5820 wfopen_ex: Trying to KLMD file open
14:02:35:277 5820 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
14:02:35:277 5820 wfopen_ex: File opened ok (Flags 2)
14:02:35:303 5820 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 15D14B0
14:02:35:303 5820 CreateRegParser: EnableWow64Redirection error
14:02:35:303 5820 CreateRegParser: RegParser init completed
14:02:36:419 5820 GetAdvancedServicesInfo: Raw services enum returned 504 services
14:02:36:426 5820 fclose_ex: Trying to close file C:\Windows\system32\config\system
14:02:36:426 5820 fclose_ex: Trying to close file C:\Windows\system32\config\software
14:02:36:427 5820
14:02:36:427 5820 Scanning Kernel memory ...
14:02:36:427 5820 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:02:36:428 5820 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 861EFDB8
14:02:36:428 5820 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
14:02:36:428 5820
14:02:36:428 5820 DetectCureTDL3: DEVICE_OBJECT: 8690F700
14:02:36:428 5820 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690F700
14:02:36:428 5820 DetectCureTDL3: DEVICE_OBJECT: 8690F2C0
14:02:36:428 5820 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690F2C0
14:02:36:428 5820 KLMD_ReadMem: Trying to ReadMemory 0x8690F2C0[0x38]
14:02:36:428 5820 DetectCureTDL3: DRIVER_OBJECT: 865099C0
14:02:36:428 5820 KLMD_ReadMem: Trying to ReadMemory 0x865099C0[0xA8]
14:02:36:428 5820 KLMD_ReadMem: Trying to ReadMemory 0x8686BA40[0x1E]
14:02:36:428 5820 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:02:36:428 5820 DetectCureTDL3: IrpHandler (0) addr: 95DA0A02
14:02:36:428 5820 DetectCureTDL3: IrpHandler (1) addr: 82D07437
14:02:36:428 5820 DetectCureTDL3: IrpHandler (2) addr: 95DA0A7A
14:02:36:428 5820 DetectCureTDL3: IrpHandler (3) addr: 95DA0AF2
14:02:36:428 5820 DetectCureTDL3: IrpHandler (4) addr: 95DA0AF2
14:02:36:428 5820 DetectCureTDL3: IrpHandler (5) addr: 82D07437
14:02:36:428 5820 DetectCureTDL3: IrpHandler (6) addr: 82D07437
14:02:36:428 5820 DetectCureTDL3: IrpHandler (7) addr: 82D07437
14:02:36:428 5820 DetectCureTDL3: IrpHandler (8) addr: 82D07437
14:02:36:428 5820 DetectCureTDL3: IrpHandler (9) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (10) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (11) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (12) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (13) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (14) addr: 95DA05FE
14:02:36:429 5820 DetectCureTDL3: IrpHandler (15) addr: 95D93656
14:02:36:429 5820 DetectCureTDL3: IrpHandler (16) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (17) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (18) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (19) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (20) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (21) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (22) addr: 95D9E9BA
14:02:36:429 5820 DetectCureTDL3: IrpHandler (23) addr: 95D9B88E
14:02:36:429 5820 DetectCureTDL3: IrpHandler (24) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (25) addr: 82D07437
14:02:36:429 5820 DetectCureTDL3: IrpHandler (26) addr: 82D07437
14:02:36:429 5820 KLMD_ReadMem: Trying to ReadMemory 0x95D95EA2[0x400]
14:02:36:429 5820 TDL3_StartIoHookDetect: CheckParameters: 4, 95D9A000, 0
14:02:36:429 5820 TDL3_FileDetect: Processing driver: USBSTOR
14:02:36:429 5820 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:36:429 5820 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:02:36:479 5820 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:02:36:479 5820
14:02:36:479 5820 DetectCureTDL3: DEVICE_OBJECT: 861F0030
14:02:36:479 5820 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861F0030
14:02:36:479 5820 DetectCureTDL3: DEVICE_OBJECT: 85D3B918
14:02:36:480 5820 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D3B918
14:02:36:480 5820 DetectCureTDL3: DEVICE_OBJECT: 8544F610
14:02:36:480 5820 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8544F610
14:02:36:480 5820 KLMD_ReadMem: Trying to ReadMemory 0x8544F610[0x38]
14:02:36:480 5820 DetectCureTDL3: DRIVER_OBJECT: 86371E90
14:02:36:480 5820 KLMD_ReadMem: Trying to ReadMemory 0x86371E90[0xA8]
14:02:36:480 5820 KLMD_ReadMem: Trying to ReadMemory 0x8544D028[0x38]
14:02:36:480 5820 KLMD_ReadMem: Trying to ReadMemory 0x85D17F38[0xA8]
14:02:36:480 5820 KLMD_ReadMem: Trying to ReadMemory 0x85407608[0x1A]
14:02:36:480 5820 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:02:36:480 5820 DetectCureTDL3: IrpHandler (0) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (1) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (2) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (3) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (4) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (5) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (6) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (7) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (8) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (9) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (10) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (11) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (12) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (13) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (14) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (15) addr: 86122618
14:02:36:480 5820 DetectCureTDL3: IrpHandler (16) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (17) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (18) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (19) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (20) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (21) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (22) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (23) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (24) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (25) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: IrpHandler (26) addr: 86122618
14:02:36:481 5820 DetectCureTDL3: All IRP handlers pointed to one addr: 86122618
14:02:36:481 5820 KLMD_ReadMem: Trying to ReadMemory 0x86122618[0x400]
14:02:36:481 5820 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
14:02:36:481 5820 Driver "atapi" Irp handler infected by TDSS rootkit ... 14:02:36:482 5820 KLMD_WriteMem: Trying to WriteMemory 0x8612267D[0xD]
14:02:36:482 5820 cured
14:02:36:482 5820 KLMD_ReadMem: Trying to ReadMemory 0x861224BF[0x400]
14:02:36:482 5820 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
14:02:36:482 5820 Driver "atapi" StartIo handler infected by TDSS rootkit ... 14:02:36:483 5820 TDL3_StartIoHookCure: Number of patches 1
14:02:36:483 5820 KLMD_WriteMem: Trying to WriteMemory 0x861225B6[0x6]
14:02:36:483 5820 cured
14:02:36:483 5820 TDL3_FileDetect: Processing driver: atapi
14:02:36:483 5820 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
14:02:36:483 5820 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys
14:02:36:503 5820 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected
14:02:36:503 5820 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 14:02:36:503 5820 TDL3_FileCure: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
14:02:38:287 5820 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys:21584, checking..
14:02:38:309 5820 ValidateDriverFile: Stage 1 passed
14:02:38:311 5820 ValidateDriverFile: Stage 2 passed
14:02:38:371 5820 DigitalSignVerifyByHandle: Embedded DS result: 00000000
14:02:38:371 5820 ValidateDriverFile: Stage 3 passed
14:02:38:371 5820 FileCallback: File validated successfully, restore information prepared
14:02:40:313 5820 FindDriverFileBackup: Backup copy found in DriverStore
14:02:40:313 5820 TDL3_FileCure: Backup copy found, using it..
14:02:40:327 5820 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tskEED1.tmp
14:02:40:739 5820 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskEED1.tmp, system32\drivers\atapi.sys)
14:02:40:766 5820 TDL3_FileCure: KLMD jobs schedule success
14:02:40:766 5820 will be cured on next reboot
14:02:40:766 5820 UtilityBootReinit: Reboot required for cure complete..
14:02:40:768 5820 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
14:02:40:778 5820 UtilityBootReinit: KLMD drop success
14:02:40:779 5820 KLMD_ApplyPendList: Pending buffer(10C7_3186, 616) dropped successfully
14:02:40:779 5820 UtilityBootReinit: Cure on reboot scheduled successfully
14:02:40:779 5820
14:02:40:779 5820 Completed
14:02:40:779 5820
14:02:40:779 5820 Results:
14:02:40:779 5820 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
14:02:40:779 5820 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:02:40:779 5820 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:02:40:779 5820
14:02:40:780 5820 UnloadDriverW: NtUnloadDriver error 1
14:02:40:780 5820 KLMD_Unload: UnloadDriverW(klmd21) error 1
14:02:40:781 5820 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:02:40:781 5820 UtilityDeinit: KLMD(ARK) unloaded successfully


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 16 January 2010 - 02:08 PM

Hi,

TDSSKiller got the rootkit. smile.gif Are you still getting redirected?

Please provide a new log from OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 02:23 PM

I *think* the redirect problem is fixed. Haven't had it happen since the TDSS Killer. Here's the OTL.txt scan, for some reason the Extras.txt log didn't come up this time....

OTL.txt


OTL logfile created on: 16/01/2010 2:19:29 PM - Run 3
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Moondi\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 18.24 Gb Free Space | 18.29% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.75 Gb Total Space | 49.34 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOP-VISTA
Current User Name: Moondi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 17:34:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Moondi\Downloads\OTL.exe
PRC - [2009/12/29 20:29:38 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/29 20:29:37 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 23:02:12 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Moondi\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2009/09/04 12:16:54 | 00,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/03 00:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/13 20:14:43 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/07/13 20:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:21 | 00,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009/06/16 17:45:22 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/16 17:45:20 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/06/16 17:45:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/05/22 18:34:34 | 00,851,968 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 23:01:49 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/16 11:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/07/31 17:11:06 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/29 17:32:52 | 00,236,520 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndasmgmt.exe
PRC - [2007/05/02 18:00:36 | 00,055,368 | ---- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/02/08 00:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/11/27 17:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2006/11/27 17:56:02 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2006/11/27 17:55:48 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2006/11/17 18:27:32 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/12 02:19:46 | 00,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/08 19:47:14 | 01,066,528 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/01/15 17:34:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Moondi\Downloads\OTL.exe
MOD - [2009/07/13 20:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LicCtrlService)
SRV - [2009/12/29 20:29:37 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 20:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/22 18:34:34 | 00,851,968 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/26 14:16:31 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/15 18:48:06 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/31 17:44:34 | 00,501,048 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/31 17:11:06 | 00,106,496 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/06/29 17:32:52 | 00,236,520 | ---- | M] (XIMETA, Inc.) [Auto | Stopped] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2007/05/15 20:07:37 | 01,831,936 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/02/08 00:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006/11/27 17:56:04 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/07 13:27:02 | 00,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/16 14:02:40 | 00,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\tskEED1.tmp -- (atapi)
DRV - [2010/01/08 14:38:45 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/13 20:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:11 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 18:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:49 | 00,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/13 17:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 01,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 17:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 15:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 17:28:22 | 04,756,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/03 13:18:44 | 00,033,256 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/06/29 17:32:54 | 00,372,584 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2007/06/29 17:32:52 | 00,254,440 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2007/06/29 17:32:52 | 00,062,056 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2007/04/09 07:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/16 04:05:48 | 00,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 00:11:04 | 00,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 14:13:58 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/17 18:27:30 | 00,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/11 18:10:40 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 18:10:40 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/11/11 18:10:40 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 18:10:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 18:10:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 15:43:52 | 00,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\S-1-5-21-520137892-862542877-540573516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-520137892-862542877-540573516-1000\S-1-5-21-520137892-862542877-540573516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: google-wave@chad.smith:0.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {992791ee-61dc-7b98-a8fd-dc49b7deeee9}:3.2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 19:58:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 11:54:41 | 00,000,000 | ---D | M]

[2009/10/24 00:39:11 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Extensions
[2010/01/16 13:21:00 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/03 09:52:44 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/08 18:38:14 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (PDF Download) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/12/18 10:31:58 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/10/24 00:39:14 | 00,000,000 | ---D | M] (TryAgain) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}
[2010/01/16 12:26:12 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/08 18:38:15 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/24 00:39:16 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/24 00:39:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{dd6bfa32-1198-4217-a0e9-1acab501a6e9}
[2010/01/12 11:25:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/18 10:31:58 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/24 00:39:21 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\dave2x@download
[2009/12/14 17:19:10 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\google-wave@chad.smith
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\piraton@enchufados.net
[2009/10/24 00:39:13 | 00,000,000 | ---D | M] -- C:\Users\Moondi\AppData\Roaming\Mozilla\Firefox\Profiles\dwtxdif8.default\extensions\videodowloader@videodownloader.net
[2010/01/16 13:21:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/03 23:59:07 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
[2007/04/03 23:58:52 | 00,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
[2007/07/31 17:44:28 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/03 23:58:59 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Mirar) - {9C96EE1A-E306-4063-AB5E-C5279399171B} - C:\Windows\System32\winak77.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Mirar) - {9C96EE1A-E306-4063-AB5E-C5279399171B} - C:\Windows\System32\winak77.dll File not found
O3 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [Google Update] C:\Users\Moondi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [prunnet] C:\Windows\System32\prunnet.exe File not found
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-520137892-862542877-540573516-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Moondi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-520137892-862542877-540573516-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-520137892-862542877-540573516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-520137892-862542877-540573516-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-520137892-862542877-540573516-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 14:02:40 | 00,031,752 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/01/16 14:02:11 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Users\Moondi\Desktop\TDSSKiller.exe
[2010/01/16 13:18:53 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/16 12:48:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/16 12:48:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/16 12:48:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/16 12:48:06 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/16 12:48:04 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/16 12:47:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/16 12:47:23 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/12 23:37:16 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 23:37:16 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/08 20:49:53 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/01/08 20:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/08 19:43:20 | 00,000,000 | ---D | C] -- C:\Users\Moondi\AppData\Roaming\QuickScan
[2010/01/08 19:21:01 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/01/08 19:20:58 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/01/07 19:34:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/07 14:36:24 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/01/07 14:36:24 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/01/07 14:36:24 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/01/07 14:36:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/01/07 14:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/05 14:45:39 | 00,000,000 | ---D | C] -- C:\Users\Moondi\Desktop\GooredFix Backups
[2009/12/29 20:30:57 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/29 20:30:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/29 20:26:20 | 00,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/29 20:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/24 11:17:08 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/24 11:17:08 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/24 11:17:08 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/24 11:13:43 | 00,000,000 | ---D | C] -- C:\b8045f60b0742ed4ab
[2009/12/24 11:04:37 | 00,000,000 | ---D | C] -- C:\Windows_7_Loader_v1.7
[2009/12/24 11:02:44 | 00,000,000 | ---D | C] -- C:\RemoveWAT-12-24
[2004/04/23 16:06:25 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2004/04/23 16:06:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2003/09/08 08:09:54 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp70.dll
[2003/09/08 08:09:54 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr70.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 14:19:36 | 04,194,304 | -HS- | M] () -- C:\Users\Moondi\NTUSER.DAT
[2010/01/16 14:07:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000UA.job
[2010/01/16 14:02:40 | 00,031,752 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/01/16 13:27:05 | 00,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 13:27:05 | 00,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 13:21:59 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/16 13:21:59 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 13:21:59 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 13:21:59 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 13:21:59 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/16 13:18:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/16 13:18:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/16 13:18:13 | 20,057,45664 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 13:05:07 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/16 12:46:43 | 03,827,010 | R--- | M] () -- C:\Users\Moondi\Desktop\ComboFix.exe
[2010/01/16 01:53:29 | 02,542,194 | -H-- | M] () -- C:\Users\Moondi\AppData\Local\IconCache.db
[2010/01/15 23:07:00 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-520137892-862542877-540573516-1000Core.job
[2010/01/15 16:15:23 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/15 16:15:23 | 00,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/15 16:15:23 | 00,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/13 08:44:14 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Users\Moondi\Desktop\TDSSKiller.exe
[2010/01/11 12:00:20 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/01/10 00:17:01 | 00,041,472 | ---- | M] () -- C:\Users\Moondi\Desktop\GULU RAI RESUME-1_edit.doc
[2010/01/08 19:29:01 | 00,001,489 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010/01/08 18:52:31 | 00,003,584 | ---- | M] () -- C:\Users\Moondi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 14:38:45 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/01/08 01:02:54 | 00,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/07 23:43:15 | 00,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/01/07 23:43:15 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/01/07 23:37:28 | 00,005,896 | ---- | M] () -- C:\Users\Moondi\Desktop\Windows Compatibility Report.htm
[2010/01/07 19:34:36 | 00,002,037 | ---- | M] () -- C:\Users\Moondi\Desktop\HijackThis.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 14:36:50 | 00,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/07 11:54:44 | 00,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 11:53:17 | 00,104,918 | ---- | M] () -- C:\Users\Moondi\Desktop\bookmarks-2010-01-07.json
[2010/01/05 16:22:12 | 00,000,400 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/12/31 18:54:57 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/12/29 20:26:16 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/28 23:49:50 | 00,000,320 | ---- | M] () -- C:\Windows\wininit.ini
[2009/12/25 01:03:36 | 73,535,4880 | ---- | M] () -- C:\Users\Moondi\Desktop\xscr-edu.avi
[2009/12/24 11:05:25 | 00,000,000 | RHS- | M] () -- C:\winx.ld
[2009/12/24 11:05:23 | 00,203,836 | RHS- | M] () -- C:\grldr
[2009/12/19 16:41:32 | 09,730,157 | ---- | M] () -- C:\Users\Moondi\Desktop\Sunset Rubdown - Idiot Heart.mp3
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/16 12:48:21 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/16 12:48:21 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/16 12:48:21 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/16 12:48:21 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/16 12:48:21 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/16 12:46:23 | 03,827,010 | R--- | C] () -- C:\Users\Moondi\Desktop\ComboFix.exe
[2010/01/16 12:13:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/16 12:13:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 12:13:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 12:13:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 12:13:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/09 23:58:33 | 00,041,472 | ---- | C] () -- C:\Users\Moondi\Desktop\GULU RAI RESUME-1_edit.doc
[2010/01/07 23:37:28 | 00,005,896 | ---- | C] () -- C:\Users\Moondi\Desktop\Windows Compatibility Report.htm
[2010/01/07 19:34:36 | 00,002,037 | ---- | C] () -- C:\Users\Moondi\Desktop\HijackThis.lnk
[2010/01/07 14:36:50 | 00,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/07 11:54:44 | 00,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 11:53:17 | 00,104,918 | ---- | C] () -- C:\Users\Moondi\Desktop\bookmarks-2010-01-07.json
[2010/01/05 16:22:15 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/05 16:22:12 | 00,000,400 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/01/04 20:30:45 | 73,535,4880 | ---- | C] () -- C:\Users\Moondi\Desktop\xscr-edu.avi
[2009/12/31 18:54:57 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/12/31 18:54:57 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/12/29 20:26:16 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/24 11:05:25 | 00,000,000 | RHS- | C] () -- C:\winx.ld
[2009/12/24 11:05:22 | 00,203,836 | RHS- | C] () -- C:\grldr
[2009/12/06 19:51:45 | 00,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2009/12/06 19:48:53 | 00,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2009/10/24 18:32:22 | 00,003,584 | ---- | C] () -- C:\Users\Moondi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 15:44:04 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/07/13 18:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:11:15 | 00,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/02/09 23:34:19 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/09 17:54:21 | 00,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008/01/03 17:18:09 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/01/03 17:17:55 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2007/11/10 18:20:13 | 00,001,489 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2007/11/10 18:20:12 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2007/11/07 00:15:58 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007/07/10 12:34:04 | 00,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/05/28 21:20:52 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/04/18 02:02:26 | 00,000,000 | ---- | C] () -- C:\Users\Moondi\AppData\Roaming\wklnhst.dat
[2007/04/11 18:27:55 | 00,031,007 | ---- | C] () -- C:\Users\Moondi\AppData\Roaming\UserTile.png
[2007/04/05 15:14:05 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/03/28 02:53:14 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/03/27 02:55:48 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/03/23 19:39:50 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/23 19:39:30 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/23 12:08:20 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/23 12:08:20 | 00,000,320 | ---- | C] () -- C:\Windows\wininit.ini
[2007/03/23 11:54:52 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/28 15:24:12 | 00,654,848 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 18:49:36 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/01 14:54:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 14:52:38 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/07 17:32:46 | 03,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005/11/04 21:57:14 | 00,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2003/08/07 14:01:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >


#12 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 02:30 PM

I just got a random popup in Firefox though, which I've been getting in addition to the Redirect since this all started. So the issue may not be fixed after all.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 16 January 2010 - 04:40 PM

Hi,

could you please provide a new scan with gmer as well then.

Your OTL log does look rather clean. Do you use an ads-blocker?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 cyclonebill

cyclonebill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 January 2010 - 05:41 PM

I have Adblock Plus built into FF...

I ran another gmer scan, while I was running it my computer restarted mid-scan on its own. So I re-started in Safe Mode and ran the scan again, the results of that scan are pasted below:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 17:36:24
Windows 6.1.7600
Running: wqg8xvi3.exe; Driver: C:\Users\Moondi\AppData\Local\Temp\uxrcyfob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82035AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82035104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820353F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820351DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82035958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820356F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82035F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820361A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82095579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820B9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749D250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749D2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749B5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749B56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749C8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749C4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749C50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749C51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749C66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749C82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749C8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749C907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749CE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749C4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\fastfat \Fat 8E5AF130

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:52 AM

Posted 16 January 2010 - 05:56 PM

Hi,

the rootkit infection is gone, but there may still be other infections present. (It could also have been just a popup)

Please run Malwarebytes to check for other malware:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users