Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Hacker targeting computers, possible keylogger/backdoor


  • This topic is locked This topic is locked
4 replies to this topic

#1 The Original Sin

The Original Sin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 10 January 2010 - 02:52 AM

A malicious hacker has been targeting me for months now. I changed my psychical address and started to use a new computer and there was no problems for a while, but now they suddenly gained access to accounts of mine. (Before it was just a game account (where they stripped me of everything, including the money spent on the account)). However, now they are going further and I fear that my computer is in danger (they now hacked my msn).


===================================



DDS (Ver_09-12-01.01) - NTFSx86
Run by anon1 at 23:14:44.78 on Sat 01/09/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.844 [GMT -8:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\uTorrent2\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\Explorer.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Steam\steamapps\common\prince of persia the warrior within\asx-pop2\asx-p4-pop2.exe
c:\program files\steam\steamapps\common\prince of persia the warrior within\PrinceOfPersia.exe
c:\program files\steam\steamapps\common\prince of persia the warrior within\POP2.exe
C:\Program Files\Steam\steamapps\common\prince of persia the warrior within\popwarriortrain6\asx-p6-pop2.exe
C:\Nexon\Mabinogi\client.exe
C:\Users\anon1\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\anon1\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090709
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090709
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\MPK.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [uTorrent] "c:\program files\utorrent2\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2009-10-12 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-9 36112]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-8-27 566872]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-8 111616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-9 280392]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1

\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-01-10 06:48:54 179200 ---h-tw- c:\windows\system32\32704f4.dll
2010-01-10 06:48:54 179200 ---h-tw- c:\windows\system32\182273bb.dll
2010-01-08 23:09:27 179200 ---h-tw- c:\windows\system32\dcc329c.dll
2010-01-08 23:09:27 179200 ---h-tw- c:\windows\system32\8847e70.dll
2010-01-08 19:43:14 0 d-----w- c:\users\anon1\appdata\roaming\AccurateRip
2010-01-08 19:43:13 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-01-08 19:43:13 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2010-01-08 19:43:13 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-01-08 19:43:00 0 d-----w- c:\program files\Illustrate
2010-01-07 01:57:13 0 d-----w- c:\program files\Compare It!
2010-01-06 05:38:42 282096429 ----a-w- c:\windows\MEMORY.DMP
2010-01-03 21:51:40 0 d-----w- c:\users\anon1\appdata\roaming\Braid
2010-01-03 18:37:25 689 ----a-w- c:\windows\system32\runrefog.lnk
2010-01-03 18:37:25 689 ----a-w- c:\windows\system32\runkgb.lnk
2010-01-03 18:37:22 0 d-sh--w- c:\windows\system32\MPK
2010-01-03 18:37:22 0 d-sh--w- c:\programdata\MPK
2010-01-02 02:20:54 0 d-----w- c:\programdata\2DBoy
2010-01-02 01:58:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-02 01:58:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-02 01:58:24 0 d-----w- c:\program files\OpenAL
2010-01-02 01:57:24 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-02 01:45:55 0 d-----w- c:\program files\common files\Steam
2009-12-31 21:35:22 0 d-----w- c:\program files\Darwinia
2009-12-31 21:13:04 0 d-----w- c:\program files\Cinemaware Marquee
2009-12-26 10:42:03 59952 ----a-w- c:\windows\system32\vnetinst.dll
2009-12-26 10:42:03 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2009-12-26 10:41:58 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2009-12-26 10:41:53 395824 ----a-w- c:\windows\system32\vmnat.exe
2009-12-26 10:41:53 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2009-12-26 10:41:49 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2009-12-26 10:41:49 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2009-12-26 10:41:49 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2009-12-26 10:41:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
2009-12-26 10:40:15 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2009-12-26 10:39:03 1024 ----a-w- C:\.rnd
2009-12-26 10:38:43 0 d-----w- c:\program files\common files\VMware
2009-12-26 10:38:31 0 d-----w- c:\programdata\VMware
2009-12-26 10:38:14 0 d-----w- c:\program files\VMware
2009-12-23 05:13:45 121653 ----a-w- C:\fraglist.htm
2009-12-23 05:04:00 0 d-----w- c:\windows\UltraDefrag
2009-12-16 06:30:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-16 06:30:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-16 06:30:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-15 14:38:47 1806 ----a-w- c:\windows\TSearch.INI
2009-12-15 09:22:05 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-12-15 09:22:04 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-12-14 03:55:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

==================== Find3M ====================

2009-12-31 21:58:07 92804 ----a-w- c:\windows\fonts\Strayhorn_MT.ttf
2009-12-26 10:42:37 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-26 10:42:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-26 10:42:11 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-04 14:03:06 11776 ----a-w- c:\windows\system32\bootexctrl.exe
2009-12-04 14:03:06 11264 ----a-w- c:\windows\system32\defrag_native.exe
2009-12-04 14:02:58 9728 ----a-w- c:\windows\system32\wgx.dll
2009-12-04 14:02:56 28672 ----a-w- c:\windows\system32\udefrag.exe
2009-12-04 14:02:54 18432 ----a-w- c:\windows\system32\lua5.1a_gui.exe
2009-12-04 14:02:54 13824 ----a-w- c:\windows\system32\lua5.1a.exe
2009-12-04 14:02:54 132608 ----a-w- c:\windows\system32\lua5.1a.dll
2009-12-04 14:02:44 29184 ----a-w- c:\windows\system32\udefrag.dll
2009-12-04 14:02:42 47616 ----a-w- c:\windows\system32\udefrag-kernel.dll
2009-12-04 14:02:38 8704 ----a-w- c:\windows\system32\hibernate4win.exe
2009-12-04 14:02:36 33280 ----a-w- c:\windows\system32\zenwinx.dll
2009-11-19 19:23:37 37837 ----a-w- c:\windows\DIIUnin.dat
2009-11-19 19:21:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-11-19 19:21:18 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-11-19 19:21:18 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-11-19 00:39:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-19 00:39:32 249856 ------w- c:\windows\Setup1.exe
2009-11-18 20:05:11 94208 ----a-w- c:\windows\DIIUnin.exe
2009-11-18 20:05:11 2829 ----a-w- c:\windows\DIIUnin.pif
2009-11-16 00:15:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-02 18:30:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11:14 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-22 11:22:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2009-10-12 10:09:16 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-09 03:34:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:15:35.31 ===============

Attached Files


Edited by The Original Sin, 10 January 2010 - 02:56 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 PM

Posted 16 January 2010 - 12:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 The Original Sin

The Original Sin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 16 January 2010 - 10:17 PM

I am mostly just worried about a possibility of being keylogged since there is a hacker who has already targetted me in the past and has targetted me again. However, they have been (mostly) silent recently. At least they have not done much noticeable.

First time the problem came up, I reformatted my computer and switched computers.
Second time the hacker appeared, I posted this thread.
After that, I updated once and installed a few programs.

==============================

OTL logfile created on: 1/16/2010 7:04:03 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\anon1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.50 Gb Total Space | 4.39 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 2.67 Gb Free Space | 17.81% Space Free | Partition Type: NTFS
Drive E: | 4.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANON1-PC
Current User Name: anon1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/16 19:03:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\anon1\Downloads\OTL.exe
PRC - [2010/01/13 18:36:14 | 01,141,496 | ---- | M] () -- C:\Nexon\Mabinogi\Mabinogi.exe
PRC - [2010/01/12 00:19:51 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/04 21:00:26 | 01,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/12/27 22:37:22 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent2\uTorrent.exe
PRC - [2009/10/22 04:44:24 | 00,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:44:18 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/10/22 04:44:08 | 00,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:43:30 | 00,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2009/10/22 03:47:54 | 00,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/04/23 05:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/29 21:50:06 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 21:50:06 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/08 07:36:42 | 02,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/12/18 10:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 01:58:20 | 00,026,112 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/12/18 01:58:18 | 03,810,304 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/12/18 01:55:32 | 02,809,856 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/08/03 15:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/06/23 04:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/05/04 01:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 01:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 01:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 01:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/05 23:58:24 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/05 23:58:14 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/05 23:58:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/22 14:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 17:23:20 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/08/27 01:22:30 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2007/08/27 01:22:22 | 00,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2007/08/27 01:22:18 | 00,345,432 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2007/03/21 10:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 10:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 15:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 19:03:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\anon1\Downloads\OTL.exe
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/22 04:44:24 | 00,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:44:18 | 00,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:44:08 | 00,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 00,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 00,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 17:04:16 | 00,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/22 13:30:00 | 03,067,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/29 21:50:06 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/18 10:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/18 01:58:20 | 00,026,112 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/06/23 04:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2008/03/24 04:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/20 18:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/27 01:22:30 | 00,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2007/08/27 01:22:22 | 00,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2007/08/27 01:22:18 | 00,345,432 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/08/27 01:21:36 | 01,471,840 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2007/03/21 10:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (EagleNT)
DRV - [2009/11/15 16:15:50 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/22 04:45:02 | 00,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 04:45:00 | 00,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 04:45:00 | 00,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:44:58 | 00,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 03:47:52 | 00,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:32 | 00,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 00,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 00,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/12/18 01:57:10 | 01,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/18 01:55:10 | 00,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 15:16:40 | 00,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/23 04:45:44 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 04:45:40 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 04:45:40 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 04:45:40 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/06/23 04:45:38 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/04 01:25:24 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/05 23:58:44 | 00,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/05 23:58:12 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/15 17:27:02 | 00,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 18:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:23:25 | 00,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 18:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 08:51:00 | 00,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/14 00:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/09/06 08:43:26 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 08:35:16 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 08:35:14 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 08:35:12 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/27 01:23:34 | 01,126,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/08/27 01:23:34 | 00,203,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2007/08/27 01:23:32 | 00,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/08/27 01:23:32 | 00,036,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2007/08/27 01:23:28 | 00,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3090709
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3090709
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\S-1-5-21-893639823-3997472378-3842965372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\S-1-5-21-893639823-3997472378-3842965372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.shinsen-subs.org/|https://login.yahoo.com/config/login_verify2?&.src=ym|http://www.crunchyroll.com/|http://pwi-forum.perfectworld.com/showthread.php?t=136781|http://www.onemanga.com/recent/|http://www.gamefaqs.com/|about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: suncult@sf.net:1.2.200902

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 00:19:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 00:19:54 | 00,000,000 | ---D | M]

[2009/10/11 05:59:00 | 00,000,000 | ---D | M] -- C:\Users\anon1\AppData\Roaming\Mozilla\Extensions
[2010/01/16 15:56:45 | 00,000,000 | ---D | M] -- C:\Users\anon1\AppData\Roaming\Mozilla\Firefox\Profiles\qawn951m.default\extensions
[2009/12/15 22:30:24 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\anon1\AppData\Roaming\Mozilla\Firefox\Profiles\qawn951m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/11 22:41:43 | 00,000,000 | ---D | M] -- C:\Users\anon1\AppData\Roaming\Mozilla\Firefox\Profiles\qawn951m.default\extensions\FasterFox_Lite@BigRedBrent
[2009/10/15 10:05:35 | 00,000,000 | ---D | M] -- C:\Users\anon1\AppData\Roaming\Mozilla\Firefox\Profiles\qawn951m.default\extensions\suncult@sf.net
[2010/01/16 18:59:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/30 14:34:05 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000..\Run: [uTorrent] C:\Program Files\uTorrent2\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MPK\MPK.exe) - C:\Windows\System32\MPK\MPK.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\anon1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\anon1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 00:29:26 | 00,000,040 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{56eb6144-d245-11de-8364-00219be98120}\Shell - "" = AutoRun
O33 - MountPoints2\{56eb6144-d245-11de-8364-00219be98120}\Shell\AutoRun\command - "" = F:\Startup.exe -- [2008/09/02 03:22:56 | 00,155,648 | R--- | M] ()
O33 - MountPoints2\{859e4d5d-d47a-11de-b8a8-00219be98120}\Shell - "" = AutoRun
O33 - MountPoints2\{859e4d5d-d47a-11de-b8a8-00219be98120}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{b0d2d016-b620-11de-b90a-00219be98120}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{b0d2d016-b620-11de-b90a-00219be98120}\Shell\Install\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\.\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 15:56:20 | 00,000,000 | ---D | C] -- C:\illusion
[2010/01/15 18:46:25 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Roaming\dvdcss
[2010/01/15 18:40:12 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Roaming\vlc
[2010/01/15 18:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/01/14 17:10:38 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Local\Steve_Emmons
[2010/01/14 17:09:00 | 00,000,000 | ---D | C] -- C:\Program Files\Steve Emmons
[2010/01/14 17:03:07 | 00,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2010/01/14 17:03:06 | 00,000,000 | ---D | C] -- C:\Users\anon1\Documents\PassMark
[2010/01/14 17:03:04 | 00,000,000 | ---D | C] -- C:\Program Files\BatteryMon
[2010/01/13 01:17:19 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 01:17:19 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/08 11:43:14 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Roaming\AccurateRip
[2010/01/08 11:43:00 | 00,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2010/01/06 17:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Compare It!
[2010/01/03 13:51:40 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Roaming\Braid
[2010/01/03 10:37:22 | 00,000,000 | -HSD | C] -- C:\Windows\System32\MPK
[2010/01/03 10:37:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\MPK
[2010/01/01 18:20:54 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Local\2DBoy
[2010/01/01 18:20:54 | 00,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/01/01 18:03:43 | 00,000,000 | ---D | C] -- C:\Users\anon1\Documents\Osmos
[2010/01/01 17:58:24 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/01/01 17:58:24 | 00,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/01/01 17:58:24 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/01/01 17:57:24 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/01/01 17:45:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/12/31 13:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\Darwinia
[2009/12/31 13:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Cinemaware Marquee
[2009/12/26 02:55:37 | 00,000,000 | ---D | C] -- C:\Users\anon1\Documents\Virtual Machines
[2009/12/26 02:53:07 | 00,000,000 | ---D | C] -- C:\Users\anon1\AppData\Roaming\VMware
[2009/12/26 02:42:03 | 00,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2009/12/26 02:42:03 | 00,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys
[2009/12/26 02:41:58 | 00,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2009/12/26 02:41:53 | 00,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2009/12/26 02:41:53 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2009/12/26 02:41:49 | 00,051,248 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2009/12/26 02:41:49 | 00,036,400 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2009/12/26 02:41:49 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2009/12/26 02:41:38 | 00,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2009/12/26 02:40:15 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2009/12/26 02:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2009/12/26 02:38:31 | 00,000,000 | ---D | C] -- C:\ProgramData\VMware
[2009/12/26 02:38:14 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/12/22 21:04:00 | 00,000,000 | ---D | C] -- C:\Windows\UltraDefrag

========== Files - Modified Within 30 Days ==========

[2010/01/16 19:09:05 | 02,097,152 | -HS- | M] () -- C:\Users\anon1\NTUSER.DAT
[2010/01/16 17:44:47 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 17:44:47 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 16:23:52 | 00,000,870 | ---- | M] () -- C:\Users\anon1\Desktop\@Home Mate.lnk
[2010/01/16 16:03:23 | 00,001,772 | ---- | M] () -- C:\Users\anon1\Desktop\@ふぉーむメイト.lnk
[2010/01/16 15:51:42 | 00,695,108 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/16 15:51:42 | 00,589,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/16 15:51:42 | 00,102,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/16 15:44:47 | 00,274,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/16 15:44:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/16 15:44:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/16 15:42:10 | 00,524,288 | -HS- | M] () -- C:\Users\anon1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/16 15:42:10 | 00,065,536 | -HS- | M] () -- C:\Users\anon1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/16 15:42:06 | 04,131,663 | -H-- | M] () -- C:\Users\anon1\AppData\Local\IconCache.db
[2010/01/15 18:39:29 | 00,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/14 17:03:05 | 00,000,774 | ---- | M] () -- C:\Users\Public\Desktop\BatteryMon.lnk
[2010/01/13 18:35:42 | 00,001,314 | ---- | M] () -- C:\Users\anon1\Desktop\Mabinogi Homepage.lnk
[2010/01/13 18:35:42 | 00,000,690 | ---- | M] () -- C:\Users\anon1\Desktop\Mabinogi.lnk
[2010/01/09 23:50:21 | 00,002,493 | ---- | M] () -- C:\Users\anon1\Desktop\Attach.zip
[2010/01/08 13:09:27 | 00,000,412 | ---- | M] () -- C:\Users\anon1\Desktop\DarkbladesMusic.xspf
[2010/01/08 11:43:13 | 00,015,341 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/01/08 11:42:52 | 00,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/01/08 11:42:44 | 05,640,880 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/01/08 02:00:05 | 00,030,208 | ---- | M] () -- C:\Users\anon1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 04:01:03 | 00,066,584 | ---- | M] () -- C:\Users\anon1\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/05 21:38:42 | 28,209,6429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/04 23:38:11 | 00,001,744 | ---- | M] () -- C:\Users\anon1\Desktop\Prince of Persia The Two Thrones.lnk
[2010/01/04 20:38:03 | 00,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/01/03 10:37:25 | 00,000,689 | ---- | M] () -- C:\Windows\System32\runrefog.lnk
[2010/01/03 10:37:25 | 00,000,689 | ---- | M] () -- C:\Windows\System32\runkgb.lnk
[2010/01/01 17:58:24 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/01/01 17:58:24 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010/01/01 17:56:47 | 00,001,744 | ---- | M] () -- C:\Users\anon1\Desktop\Star Wars Knights of the Old Republic.lnk
[2010/01/01 17:54:42 | 00,001,744 | ---- | M] () -- C:\Users\anon1\Desktop\World of Goo.lnk
[2009/12/26 03:59:52 | 25,018,94144 | ---- | M] () -- C:\Users\anon1\Desktop\X15-65732.iso
[2009/12/26 02:39:03 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/12/26 02:38:57 | 00,001,898 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2009/12/26 02:17:22 | 00,001,839 | ---- | M] () -- C:\Users\anon1\Desktop\MojoPac (RingCube).lnk
[2009/12/24 12:55:53 | 00,001,806 | ---- | M] () -- C:\Windows\TSearch.INI
[2009/12/24 08:46:19 | 00,000,758 | ---- | M] () -- C:\Users\Public\Desktop\UltraDefrag.lnk
[2009/12/22 21:13:45 | 00,121,653 | ---- | M] () -- C:\fraglist.htm
[2009/12/22 18:35:25 | 00,000,674 | ---- | M] () -- C:\Users\anon1\Desktop\HideToolz.exe - Shortcut.lnk

========== Files Created - No Company Name ==========

[2010/01/16 16:23:52 | 00,000,870 | ---- | C] () -- C:\Users\anon1\Desktop\@Home Mate.lnk
[2010/01/16 16:03:22 | 00,001,772 | ---- | C] () -- C:\Users\anon1\Desktop\@ふぉーむメイト.lnk
[2010/01/15 18:39:29 | 00,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/14 17:03:05 | 00,000,774 | ---- | C] () -- C:\Users\Public\Desktop\BatteryMon.lnk
[2010/01/13 18:35:42 | 00,001,314 | ---- | C] () -- C:\Users\anon1\Desktop\Mabinogi Homepage.lnk
[2010/01/13 18:35:42 | 00,000,690 | ---- | C] () -- C:\Users\anon1\Desktop\Mabinogi.lnk
[2010/01/09 23:50:21 | 00,002,493 | ---- | C] () -- C:\Users\anon1\Desktop\Attach.zip
[2010/01/08 12:32:38 | 00,000,412 | ---- | C] () -- C:\Users\anon1\Desktop\DarkbladesMusic.xspf
[2010/01/08 11:43:13 | 05,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/01/08 11:43:13 | 00,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/01/08 11:43:13 | 00,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/01/05 21:38:42 | 28,209,6429 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/04 23:38:11 | 00,001,744 | ---- | C] () -- C:\Users\anon1\Desktop\Prince of Persia The Two Thrones.lnk
[2010/01/03 10:37:25 | 00,000,689 | ---- | C] () -- C:\Windows\System32\runrefog.lnk
[2010/01/03 10:37:25 | 00,000,689 | ---- | C] () -- C:\Windows\System32\runkgb.lnk
[2010/01/01 17:56:47 | 00,001,744 | ---- | C] () -- C:\Users\anon1\Desktop\Star Wars Knights of the Old Republic.lnk
[2010/01/01 17:54:42 | 00,001,744 | ---- | C] () -- C:\Users\anon1\Desktop\World of Goo.lnk
[2010/01/01 17:45:09 | 00,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/12/26 03:03:22 | 25,018,94144 | ---- | C] () -- C:\Users\anon1\Desktop\X15-65732.iso
[2009/12/26 02:39:03 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/12/26 02:38:57 | 00,001,898 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2009/12/22 21:13:45 | 00,121,653 | ---- | C] () -- C:\fraglist.htm
[2009/12/22 21:04:01 | 00,000,758 | ---- | C] () -- C:\Users\Public\Desktop\UltraDefrag.lnk
[2009/12/22 18:35:25 | 00,000,674 | ---- | C] () -- C:\Users\anon1\Desktop\HideToolz.exe - Shortcut.lnk
[2009/12/15 06:38:47 | 00,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2009/12/15 01:22:05 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/12/04 06:02:54 | 00,132,608 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2009/11/18 12:07:06 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/11/18 12:07:06 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/11/18 12:07:06 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/11/15 16:15:49 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/12 08:43:24 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/12 02:01:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/11 00:50:17 | 00,025,070 | ---- | C] () -- C:\Users\anon1\AppData\Roaming\nvModes.dat
[2009/10/11 00:50:17 | 00,025,070 | ---- | C] () -- C:\Users\anon1\AppData\Roaming\nvModes.001
[2009/10/10 22:57:58 | 00,030,208 | ---- | C] () -- C:\Users\anon1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/09 14:50:07 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/09 14:50:06 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/08 19:41:32 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/07/08 19:41:32 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/07/08 19:41:32 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/07/08 19:41:32 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/07/08 19:41:32 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/07/08 19:41:29 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17
< End of report >




OTL Extras logfile created on: 1/16/2010 7:04:03 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\anon1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.50 Gb Total Space | 4.39 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 2.67 Gb Free Space | 17.81% Space Free | Partition Type: NTFS
Drive E: | 4.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANON1-PC
Current User Name: anon1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24350446-5ED3-4195-90D2-5119BD3B60D8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4D74C2C1-1845-415A-A5DF-6713F18EE40E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe |
"{4E2AFC03-741C-4452-A424-6A16D98F3FF6}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{579280AE-2C23-4FD9-9EFA-8237501FB0AD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{6B94147C-CE1F-4C8E-997F-EBF38DB8495F}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{7494EBB6-A48F-4CF5-B41F-EB6E532D39AD}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{881C838F-0B67-456C-8678-906E8E46C875}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{8BFFC506-A56A-459D-8D53-30EBFBF32BB4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{A5BC15D7-13D5-47B1-B55A-328841004079}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{ADD07B30-5F68-4683-BBA7-AC9D669FC8E8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{B1BBCC7C-1E12-4654-9157-2600351CE1B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe |
"{B1DF5BBF-724D-4E37-8411-7DEFAB71DE36}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{B35CACB2-EF95-490E-93C4-FD4B5172F176}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BF5DC34B-38B8-4474-BF5B-A69DE3F0CF3B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\swkotor\swkotor.exe |
"{C27AE889-D510-4395-A9F9-D0F407FD95F4}" = protocol=6 | dir=in | app=c:\program files\utorrent2\utorrent.exe |
"{F62AFBAA-EED0-45B9-87A4-58FD16B50117}" = protocol=17 | dir=in | app=c:\program files\utorrent2\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}" = Battery Alarm
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA05440-A429-4A60-84C9-16919C12876F}_is1" = Cabal Online 8.6.30.1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BatteryMon_is1" = BatteryMon V2.1
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Compare It!_is1" = Compare It!
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DC-Bass Source" = DC-Bass Source 1.1.1
"Diablo II" = Diablo II
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"iCall_is1" = iCall
"IDA Pro Free_is1" = IDA Pro Free v4.9
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"LUNA_US_090414" = LUNA Online v1.0.0
"Mabinogi" = Mabinogi
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PSXMemTool" = PSXMemTool 1.20b (remove only)
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"ST6UNST #1" = Hero Editor V0.96
"ST6UNST #2" = Hero Editor V1.03
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 22000" = World of Goo
"Steam App 32370" = Star Wars: Knights of the Old Republic
"TmPcc" = Trend Micro PC-cillin Internet Security
"UltraDefrag" = Ultra Defragmenter
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"VMware_Player" = VMware Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-893639823-3997472378-3842965372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2010 2:04:59 AM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application Steam.exe, version 1.0.0.0, time stamp 0x4aaadaf8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x430, application start time 0x01ca8ca442e745d8.

Error - 1/4/2010 4:50:11 PM | Computer Name = anon1-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2010 3:16:01 AM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9,
faulting module swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9, exception
code 0xc0000005, fault offset 0x002715c6, process id 0xce4, application start time
0x01ca8dc4f84b3998.

Error - 1/5/2010 3:23:45 AM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9,
faulting module swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9, exception
code 0xc0000005, fault offset 0x002715c6, process id 0x105c, application start time
0x01ca8dd6fb8bb968.

Error - 1/5/2010 3:25:49 AM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9,
faulting module swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9, exception
code 0xc0000005, fault offset 0x002715c6, process id 0x7f4, application start time
0x01ca8dd8177b6848.

Error - 1/5/2010 3:30:01 AM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9,
faulting module swkotor.exe, version 1.0.3.0, time stamp 0x402bc2d9, exception
code 0xc0000005, fault offset 0x002715c6, process id 0x1768, application start time
0x01ca8dd85e25c518.

Error - 1/5/2010 7:46:59 PM | Computer Name = anon1-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/6/2010 1:39:36 AM | Computer Name = anon1-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/6/2010 10:02:57 PM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application wincmp3.exe, version 4.1.0.2171, time stamp 0x49e03268,
faulting module wincmp3.exe, version 4.1.0.2171, time stamp 0x49e03268, exception
code 0xc0000005, fault offset 0x000b2de5, process id 0x13a4, application start time
0x01ca8f3cc029a1cb.

Error - 1/6/2010 10:03:02 PM | Computer Name = anon1-PC | Source = Application Error | ID = 1000
Description = Faulting application wincmp3.exe, version 4.1.0.2171, time stamp 0x49e03268,
faulting module wincmp3.exe, version 4.1.0.2171, time stamp 0x49e03268, exception
code 0xc0000005, fault offset 0x000b2de5, process id 0x13a4, application start time
0x01ca8f3cc029a1cb.

[ Media Center Events ]
Error - 1/10/2010 9:02:04 PM | Computer Name = anon1-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/10/2010 9:02:04 PM | Computer Name = anon1-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/10/2010 9:02:05 PM | Computer Name = anon1-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/10/2010 9:02:05 PM | Computer Name = anon1-PC | Source = Media Center Guide | ID = 0
Description = Event Info: COMException trying to call ehepgdat. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.Helper.EhepgdatHelper

Error - 1/10/2010 9:02:05 PM | Computer Name = anon1-PC | Source = Media Center Guide | ID = 0
Description = Event Info: Error reprocessing guide: System.Runtime.InteropServices.COMException
(0x80070422): Retrieving the COM class factory for component with CLSID {4B635ECB-0887-4015-8CA6-D621362F98D1}
failed due to the following error: 80070422. at Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()

at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) at Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry[T](EhepgdatCaller`1
x) at Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Process: DefaultDomain Object
Name: Media Center Guide

[ System Events ]
Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/11/2009 3:17:41 AM | Computer Name = anon1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 10/11/2009 5:54:18 AM | Computer Name = anon1-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 PM

Posted 16 January 2010 - 10:50 PM

Hi,

please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 PM

Posted 23 January 2010 - 08:25 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users