Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My search engine results are hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 98mute

98mute

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 17 January 2010 - 02:30 AM

Hello. Last night I had some type of trojan problem. When I started my computer it would say "Worm.Win32.Netwky detected on your computer" and I'd have a difficult time doing much of anything after the computer would start. Sometimes it would just randomly turn off. Malwarebytes removed the trojan and I have since scanned my computer numerous times with every Spybot, adaware, malwarebytes and mcafee and nothing major has showed up since.

The only problem I am now having (at least that I can tell so far) is when I use any search engine online. Half of the time after I click something it doesn't send me to that page but instead sends me to a different link such as hxxp://www.sellto.us.com/default.aspx?MID=...amp;AffID=29816 and

hxxp://www.healthline.com/channel/quitting...7f.4b5254a0.b20

I work on the computer (I play poker online for a living) so these problems have been freaking me out. I am probably going to format my computer by tomorrow if I cannot get this fixed.

I am willing to give a 10 $ on any poker site you play at (if you play online at all) if you can help me fix this problem and assure me that my computer is safe.

I decided to run ComboFix in hopes that it would fix the problem but it has not removed it.

Here is my log:

ComboFix 10-01-16.02 - Ben 01/16/2010 16:57:04.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.3325.2439 [GMT -8:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
c:\$recycle.bin\S-1-5-21-3048029408-2322473973-943364903-500
C:\s
c:\windows\system32\oem4.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 01:02 . 2010-01-17 01:03 -------- d-----w- c:\users\Ben\AppData\Local\temp
2010-01-17 01:02 . 2010-01-17 01:02 -------- d-----w- c:\users\postgresuser\AppData\Local\temp
2010-01-17 01:02 . 2010-01-17 01:02 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-01-17 01:02 . 2010-01-17 01:02 -------- d-----w- c:\users\Guestt\AppData\Local\temp
2010-01-17 01:02 . 2010-01-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-17 00:28 . 2010-01-17 00:28 -------- d-----w- c:\program files\CCleaner
2010-01-16 12:31 . 2010-01-16 12:31 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2010-01-16 12:31 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 12:31 . 2010-01-16 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 12:31 . 2010-01-16 12:31 -------- d-----w- c:\programdata\Malwarebytes
2010-01-16 12:31 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 06:55 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 06:55 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 09:28 . 2010-01-10 09:28 159744 ----a-w- c:\users\Ben\AppData\Roaming\UB\DownLoadInst\liveupdate.exe
2010-01-10 09:25 . 2010-01-10 09:27 -------- d-----w- c:\users\Ben\AppData\Roaming\UB
2010-01-03 09:43 . 2010-01-14 06:02 -------- d-----w- C:\poker2010a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 00:28 . 2008-07-15 18:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 00:25 . 2008-07-07 23:27 -------- d-----w- c:\program files\Viewpoint
2010-01-16 23:11 . 2008-07-08 00:09 -------- d---a-w- c:\program files\Cake Poker
2010-01-16 03:29 . 2008-07-07 23:36 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-15 00:27 . 2008-07-15 18:39 8296 ----a-w- c:\users\Ben\AppData\Local\d3d9caps.dat
2010-01-13 11:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 02:10 . 2009-03-29 20:10 -------- d-----w- c:\program files\Bodog Hand Grabber
2010-01-07 09:09 . 2008-07-17 22:50 -------- d-----w- c:\users\Ben\AppData\Roaming\uTorrent
2009-12-29 09:59 . 2008-11-03 21:38 -------- d-----w- c:\users\Ben\AppData\Roaming\Skype
2009-12-23 08:59 . 2008-07-08 00:14 -------- d-----w- c:\program files\Bodog Poker
2009-12-21 15:45 . 2008-07-01 15:21 -------- d-----w- c:\program files\Google
2009-12-19 22:45 . 2008-08-19 23:31 -------- d-----w- c:\program files\McAfee
2009-12-13 00:43 . 2009-12-13 00:43 143976 ----a-w- c:\users\Ben\AppData\Roaming\Move Networks\uninstall.exe
2009-12-13 00:43 . 2009-12-13 00:43 -------- d-----w- c:\users\Ben\AppData\Roaming\Move Networks
2009-12-13 00:43 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Ben\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2009-12-11 08:34 . 2009-10-17 19:19 -------- d---a-w- c:\program files\DoylesRoom
2009-12-04 20:47 . 2009-12-04 20:47 -------- d-----w- c:\programdata\XHEO INC
2009-12-01 20:50 . 2008-07-01 15:21 -------- d-----w- c:\programdata\McAfee
2009-11-30 10:15 . 2009-09-21 09:19 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-21 06:40 . 2009-12-09 04:11 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 04:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 04:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 04:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 11:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 11:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 09:15 . 2009-06-22 09:15 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-10-21 19:55 . 2008-07-14 19:33 12156 ----a-w- c:\users\Guestt\AppData\Local\d3d9caps.dat
2008-07-01 18:01 . 2008-07-01 18:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-27 3883856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Smart Buddy.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Buddy.lnk
backup=c:\windows\pss\Smart Buddy.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tournament Shark.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tournament Shark.lnk
backup=c:\windows\pss\Tournament Shark.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-09-21 09:16 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-23 03:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 17:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 17:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif7,98,b8,8f,f0,35,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/4/2009 1:16 AM 64160]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 6:49 PM 93320]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [8/24/2009 6:51 AM 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/7/2008 3:27 PM 24652]
S2 gupdate1ca121dbe273f44;Google Update Service (gupdate1ca121dbe273f44);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2009 12:30 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1028432]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S3 B-Service;B-Service;c:\users\Ben\AppData\Roaming\Mikogo\B-Service.exe --> c:\users\Ben\AppData\Roaming\Mikogo\B-Service.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 6:33 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:18]

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 20:29]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 20:30]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 20:30]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UltimateBuddy - c:\program files\UltimateBuddy\UltimateBuddy.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 17:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Ben\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x86F9A8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82fa4d24
\Driver\ACPI -> acpi.sys @ 0x806a0d68
\Driver\atapi -> atapi.sys @ 0x807ac9b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-01-16 17:05:04
ComboFix-quarantined-files.txt 2010-01-17 01:04

Pre-Run: 138,474,811,392 bytes free
Post-Run: 139,086,397,440 bytes free

- - End Of File - - E33DEB3AA63D4A3C0E8C014C3E106578

Edited by Orange Blossom, 17 January 2010 - 12:05 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 98mute

98mute
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 17 January 2010 - 02:31 AM

I also did an OTS scan searching for
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

and here are my results

CODE
OTS logfile created on: 1/16/2010 5:41:48 PM - Run 1
OTS by OldTimer - Version 3.1.19.1     Folder = C:\Users\Ben\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 129.57 Gb Free Space | 58.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN-PC
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Ben\Desktop\OTS.exe -> [2010/01/16 17:40:32 | 00,632,320 | ---- | M] (OldTimer Tools)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
teamviewer_service.exe -> C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -> [2009/08/24 06:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe -> [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.)
aim6.exe -> C:\Program Files\AIM6\aim6.exe -> [2009/05/18 21:23:16 | 00,049,968 | ---- | M] (AOL LLC)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
aolsoftware.exe -> C:\Program Files\AIM6\aolsoftware.exe -> [2008/11/06 09:33:00 | 00,041,264 | ---- | M] (AOL LLC)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.)
ati2evxx.exe -> C:\Windows\System32\Ati2evxx.exe -> [2008/06/02 19:33:17 | 00,684,032 | ---- | M] (ATI Technologies Inc.)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/20 18:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation)
wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2008/01/20 18:34:48 | 00,142,336 | ---- | M] (Microsoft Corporation)
mobsync.exe -> C:\Windows\System32\mobsync.exe -> [2008/01/20 18:32:59 | 00,095,744 | ---- | M] (Microsoft Corporation)
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2007/09/17 10:56:08 | 00,124,200 | ---- | M] (CyberLink Corp.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
mom.exe -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> [2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.)
ccc.exe -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> [2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2007/05/11 05:26:44 | 04,452,352 | ---- | M] (Realtek Semiconductor)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)

[Modules - Safe List]
ots.exe -> C:\Users\Ben\Desktop\OTS.exe -> [2010/01/16 17:40:32 | 00,632,320 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(B-Service) B-Service [On_Demand | Stopped] ->  -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/21 01:15:51 | 01,028,432 | ---- | M] (Lavasoft)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Disabled | Stopped] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.)
(TeamViewer4) TeamViewer 4 [Auto | Running] -> C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -> [2009/08/24 06:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH)
(gupdate1ca121dbe273f44) Google Update Service (gupdate1ca121dbe273f44) [Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/07/31 12:30:17 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Auto | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/07/31 12:29:59 | 00,190,448 | ---- | M] (Google)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
(pgsql-8.3) PostgreSQL Database Server 8.3 [Auto | Stopped] -> C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -> [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group)
(iPod Service) iPod Service [On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.)
(Ati External Event Utility) Ati External Event Utility [Auto | Running] -> C:\Windows\System32\Ati2evxx.exe -> [2008/06/02 19:33:17 | 00,684,032 | ---- | M] (ATI Technologies Inc.)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 18:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation)
(stllssvr) stllssvr [On_Demand | Stopped] -> C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -> [2007/12/02 15:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.)
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\System32\drivers\mfehidk.sys -> [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfeavfk.sys -> [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mfesmfk.sys -> [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfebopk.sys -> [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mferkdk.sys -> [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\System32\drivers\Mpfp.sys -> [2009/07/16 11:32:26 | 00,130,424 | ---- | M] (McAfee, Inc.)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2009/05/04 01:16:13 | 00,064,160 | ---- | M] (Lavasoft AB)
(atapi) IDE Channel [Kernel | Boot | Running] -> C:\Windows\system32\drivers\atapi.sys -> [2009/04/10 22:32:26 | 00,019,944 | ---- | M] ()
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaapl.sys -> [2008/07/22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2008/06/02 22:22:55 | 03,695,104 | ---- | M] (ATI Technologies Inc.)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2008/06/02 22:22:55 | 03,695,104 | ---- | M] (ATI Technologies Inc.)
(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2008/04/21 22:17:28 | 02,016,256 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/20 18:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/20 18:32:53 | 00,031,288 | ---- | M] (LSI Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/20 18:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/20 18:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/20 18:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/20 18:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/20 18:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/20 18:32:51 | 00,089,656 | ---- | M] (LSI Logic)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/20 18:32:50 | 01,122,360 | ---- | M] (QLogic Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008/01/20 18:32:50 | 00,118,784 | ---- | M] (Intel Corporation)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/20 18:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/20 18:32:49 | 00,235,064 | ---- | M] (Intel Corporation)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/20 18:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/20 18:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/20 18:32:49 | 00,096,312 | ---- | M] (LSI Logic)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/20 18:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/20 18:32:48 | 00,342,584 | ---- | M] (Emulex)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/20 18:32:48 | 00,096,312 | ---- | M] (LSI Logic)
(nvraid) NVIDIA nForce RAID Driver    [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/20 18:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/20 18:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/20 18:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/20 18:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/20 18:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/20 18:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/20 18:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2008/01/02 20:13:18 | 01,044,984 | ---- | M] (Broadcom Corp.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/11/14 00:00:00 | 00,043,840 | ---- | M] (Sonic Solutions)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2007/05/11 05:26:46 | 01,773,536 | ---- | M] (Realtek Semiconductor Corp.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1e6032.sys -> [2007/04/29 00:42:24 | 00,228,224 | ---- | M] (Intel Corporation)
(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastor.sys -> [2007/04/26 02:41:38 | 00,304,920 | ---- | M] (Intel Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 00,204,048 | ---- | M] (McAfee, Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/12/24 18:00:02 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1       localhost
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 09:22:16 | 00,062,784 | ---- | M] (McAfee, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2010/01/16 04:09:30 | 00,764,912 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/11/23 10:26:38 | 00,204,048 | ---- | M] (McAfee, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/09 06:56:48 | 00,098,304 | ---- | M] (Dell Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 00,204,048 | ---- | M] (McAfee, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/09/04 10:08:30 | 00,935,288 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2009/10/03 01:45:05 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2008/03/11 09:44:42 | 00,016,384 | ---- | M] ( )
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008/04/21 22:17:26 | 00,166,424 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008/04/21 22:17:40 | 00,141,848 | ---- | M] (Intel Corporation)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.)
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2007/09/17 10:56:08 | 00,124,200 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008/04/21 22:17:30 | 00,133,656 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2007/05/11 05:26:44 | 04,452,352 | ---- | M] (Realtek Semiconductor)
"StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2008/01/21 11:17:18 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 18:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> C:\Program Files\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> [2009/05/18 21:23:16 | 00,049,968 | ---- | M] (AOL LLC)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 20:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"WMPNSCFG" -> C:\Program Files\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008/01/20 18:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2009/04/27 17:20:34 | 00,562,968 | ---- | M] (PokerStars)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{00000000-0000-0000-0000-000000000000}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{00000000-0000-0000-0000-000000000000}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{00000000-0000-0000-0000-000000000000}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key error.] -> File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}\\"MenuText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key error.] -> File not found
{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\\"MenuText" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{485818AC-B6B7-4B03-80DD-3147D3E38C1F}\\DhcpNameServer -> 192.168.0.1   (Broadcom 802.11g Network Adapter) ->
{C9D6E153-9065-4E30-A104-F4B749075D22}\\DhcpNameServer -> 192.168.2.1   (Intel(R) 82562V-2 10/100 Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/04/21 22:17:30 | 00,200,704 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 13:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 01:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/20 18:33:21 | 00,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/20 18:33:22 | 00,318,976 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/11/20 22:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/14/2010 8:31:36 PM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/14/2010 9:00:04 PM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/15/2010 11:31:14 PM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 7:34:32 AM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 7:37:59 AM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 7:41:25 AM Computer Name = BEN-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 7:43:57 AM Computer Name = Ben-PC | Source = EventSystem | ID = 4609 -> Description =
Application [ Error ] 1/16/2010 7:59:56 AM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 8:08:18 AM Computer Name = Ben-PC | Source = WinMgmt | ID = 10 -> Description =
Application [ Error ] 1/16/2010 8:26:41 AM Computer Name = Ben-PC | Source = EventSystem | ID = 4621 -> Description =
System [ Error ] 1/16/2010 7:44:33 AM Computer Name = Ben-PC | Source = Service Control Manager | ID = 7001 -> Description =
System [ Error ] 1/16/2010 7:45:25 AM Computer Name = Ben-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 1/16/2010 7:57:54 AM Computer Name = Ben-PC | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 1/16/2010 8:07:53 AM Computer Name = Ben-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 4:05:25 AM on 1/16/2010 was unexpected.
System [ Error ] 1/16/2010 3:02:22 PM Computer Name = Ben-PC | Source = netbt | ID = 4321 -> Description = The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.2.2.  The computer with the IP address 192.168.2.4 did not allow the name to be claimed by  this computer.
System [ Error ] 1/16/2010 7:35:49 PM Computer Name = Ben-PC | Source = disk | ID = 262151 -> Description = The device, \Device\Harddisk0\DR0, has a bad block.
System [ Error ] 1/16/2010 8:49:06 PM Computer Name = Ben-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 4:47:01 PM on 1/16/2010 was unexpected.
System [ Error ] 1/16/2010 8:56:11 PM Computer Name = Ben-PC | Source = Service Control Manager | ID = 7034 -> Description =
System [ Error ] 1/16/2010 8:56:13 PM Computer Name = Ben-PC | Source = Service Control Manager | ID = 7030 -> Description =
System [ Error ] 1/16/2010 9:03:09 PM Computer Name = Ben-PC | Source = Service Control Manager | ID = 7030 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Ben\Desktop\OTS.exe -> [2010/01/16 17:40:28 | 00,632,320 | ---- | C] (OldTimer Tools)
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/01/16 17:05:13 | 00,000,000 | -HSD | C]
temp -> C:\Users\Ben\AppData\Local\temp -> [2010/01/16 17:05:11 | 00,000,000 | ---D | C]
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/01/16 16:55:14 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/01/16 16:55:14 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/01/16 16:55:14 | 00,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\Windows\ERDNT -> [2010/01/16 16:54:56 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/01/16 16:54:36 | 00,000,000 | ---D | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/01/16 16:53:08 | 00,212,480 | ---- | C] (SteelWerX)
gmer -> C:\Users\Ben\Desktop\gmer -> [2010/01/16 16:44:19 | 00,000,000 | ---D | C]
CCleaner -> C:\Program Files\CCleaner -> [2010/01/16 16:28:01 | 00,000,000 | ---D | C]
jre-6u18-windows-i586.exe -> C:\Users\Ben\Desktop\jre-6u18-windows-i586.exe -> [2010/01/16 16:26:39 | 16,254,752 | ---- | C] (Sun Microsystems, Inc.)
Malwarebytes -> C:\Users\Ben\AppData\Roaming\Malwarebytes -> [2010/01/16 04:31:56 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/01/16 04:31:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/01/16 04:31:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/01/16 04:31:49 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/01/16 04:31:49 | 00,000,000 | ---D | C]
t2embed.dll -> C:\Windows\System32\t2embed.dll -> [2010/01/12 22:55:20 | 00,156,672 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\System32\fontsub.dll -> [2010/01/12 22:55:20 | 00,072,704 | ---- | C] (Microsoft Corporation)
UB -> C:\Users\Ben\AppData\Roaming\UB -> [2010/01/10 01:25:38 | 00,000,000 | ---D | C]
poker2010a -> C:\poker2010a -> [2010/01/03 01:43:12 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/01/16 17:44:00 | 00,000,880 | ---- | M] ()
NTUSER.DAT -> C:\Users\Ben\NTUSER.DAT -> [2010/01/16 17:42:03 | 02,621,440 | -HS- | M] ()
OTS.exe -> C:\Users\Ben\Desktop\OTS.exe -> [2010/01/16 17:40:32 | 00,632,320 | ---- | M] (OldTimer Tools)
Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/01/16 17:03:24 | 00,023,812 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/01/16 17:03:21 | 00,000,215 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/01/16 16:57:43 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/01/16 16:57:43 | 00,595,446 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/01/16 16:57:43 | 00,101,144 | ---- | M] ()
ComboFix.exe -> C:\Users\Ben\Desktop\ComboFix.exe -> [2010/01/16 16:53:06 | 03,827,053 | R--- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2010/01/16 16:51:40 | 00,000,868 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/01/16 16:49:18 | 00,000,876 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/01/16 16:49:10 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/01/16 16:49:10 | 00,003,616 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/01/16 16:49:09 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/01/16 16:49:04 | 00,067,584 | --S- | M] ()
gmer.zip -> C:\Users\Ben\Desktop\gmer.zip -> [2010/01/16 16:44:14 | 00,284,915 | ---- | M] ()
NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Ben\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms -> [2010/01/16 16:29:17 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf -> C:\Users\Ben\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf -> [2010/01/16 16:29:17 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Ben\AppData\Local\IconCache.db -> [2010/01/16 16:29:13 | 02,719,548 | -H-- | M] ()
CCleaner.lnk -> C:\Users\Ben\Desktop\CCleaner.lnk -> [2010/01/16 16:28:02 | 00,001,672 | ---- | M] ()
jre-6u18-windows-i586.exe -> C:\Users\Ben\Desktop\jre-6u18-windows-i586.exe -> [2010/01/16 16:26:48 | 16,254,752 | ---- | M] (Sun Microsystems, Inc.)
Shortcut to HoldemManager.exe.lnk -> C:\Users\Public\Desktop\Shortcut to HoldemManager.exe.lnk -> [2010/01/16 16:17:17 | 00,002,531 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/16 04:31:53 | 00,000,820 | ---- | M] ()
McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2010/01/15 01:06:17 | 00,000,336 | ---- | M] ()
12nl.jpg -> C:\Users\Ben\Desktop\12nl.jpg -> [2010/01/15 00:50:09 | 00,082,747 | ---- | M] ()
d3d9caps.dat -> C:\Users\Ben\AppData\Local\d3d9caps.dat -> [2010/01/14 16:27:07 | 00,008,296 | ---- | M] ()
camaro.jpg -> C:\Users\Ben\Desktop\camaro.jpg -> [2010/01/13 15:17:27 | 00,369,940 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2010/01/11 02:15:23 | 00,000,472 | ---- | M] ()
UB.lnk -> C:\Users\Ben\Desktop\UB.lnk -> [2010/01/10 01:28:46 | 00,000,781 | ---- | M] ()
01.jpg -> C:\Users\Ben\Desktop\01.jpg -> [2010/01/08 19:58:48 | 00,068,892 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
boywonder.docx -> C:\Users\Ben\Desktop\boywonder.docx -> [2010/01/02 04:00:47 | 00,018,856 | ---- | M] ()
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2010/01/01 01:00:05 | 00,000,328 | ---- | M] ()
omaha since november.bmp -> C:\Users\Ben\Desktop\omaha since november.bmp -> [2009/12/25 22:33:36 | 00,667,798 | ---- | M] ()
Bodog Poker.lnk -> C:\Users\Ben\Desktop\Bodog Poker.lnk -> [2009/12/23 00:59:42 | 00,001,683 | ---- | M] ()
Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2009/12/21 07:46:00 | 00,002,075 | ---- | M] ()

[Files - No Company Name]
PEV.exe -> C:\Windows\PEV.exe -> [2010/01/16 16:55:14 | 00,261,632 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/01/16 16:55:14 | 00,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/01/16 16:55:14 | 00,080,412 | ---- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/01/16 16:55:14 | 00,077,312 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/01/16 16:55:14 | 00,068,096 | ---- | C] ()
ComboFix.exe -> C:\Users\Ben\Desktop\ComboFix.exe -> [2010/01/16 16:53:00 | 03,827,053 | R--- | C] ()
gmer.zip -> C:\Users\Ben\Desktop\gmer.zip -> [2010/01/16 16:41:54 | 00,284,915 | ---- | C] ()
CCleaner.lnk -> C:\Users\Ben\Desktop\CCleaner.lnk -> [2010/01/16 16:28:02 | 00,001,672 | ---- | C] ()
IconCache.db -> C:\Users\Ben\AppData\Local\IconCache.db -> [2010/01/16 04:41:55 | 02,719,548 | -H-- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/16 04:31:53 | 00,000,820 | ---- | C] ()
12nl.jpg -> C:\Users\Ben\Desktop\12nl.jpg -> [2010/01/15 00:50:08 | 00,082,747 | ---- | C] ()
camaro.jpg -> C:\Users\Ben\Desktop\camaro.jpg -> [2010/01/13 15:17:19 | 00,369,940 | ---- | C] ()
UB.lnk -> C:\Users\Ben\Desktop\UB.lnk -> [2010/01/10 01:28:46 | 00,000,781 | ---- | C] ()
01.jpg -> C:\Users\Ben\Desktop\01.jpg -> [2010/01/08 20:01:14 | 00,068,892 | ---- | C] ()
boywonder.docx -> C:\Users\Ben\Desktop\boywonder.docx -> [2010/01/04 01:08:22 | 00,018,856 | ---- | C] ()
omaha since november.bmp -> C:\Users\Ben\Desktop\omaha since november.bmp -> [2009/12/25 22:38:18 | 00,667,798 | ---- | C] ()
Google Earth.lnk -> C:\Users\Public\Desktop\Google Earth.lnk -> [2009/12/21 07:46:00 | 00,002,075 | ---- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2009/10/11 21:19:46 | 00,178,176 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/09/10 21:40:57 | 00,117,248 | ---- | C] ()
atapi.sys -> C:\Windows\System32\drivers\atapi.sys -> [2009/09/10 21:40:40 | 00,019,944 | ---- | C] ()
presets.ini -> C:\Windows\System32\presets.ini -> [2009/07/01 21:21:08 | 00,000,024 | ---- | C] ()
{D0EE99B4-F6DD-4A8A-8258-C3427D3CD28D}_WiseFW.ini -> C:\Windows\{D0EE99B4-F6DD-4A8A-8258-C3427D3CD28D}_WiseFW.ini -> [2009/03/31 14:31:33 | 00,000,480 | ---- | C] ()
{873027A1-AA67-420E-8068-7B765CC6BE4A}_WiseFW.ini -> C:\Windows\{873027A1-AA67-420E-8068-7B765CC6BE4A}_WiseFW.ini -> [2009/03/12 02:03:20 | 00,000,470 | ---- | C] ()
HMHud.INI -> C:\Windows\HMHud.INI -> [2008/11/30 21:26:40 | 00,000,000 | ---- | C] ()
UltimateBuddy.INI -> C:\Windows\UltimateBuddy.INI -> [2008/07/07 17:29:40 | 00,000,000 | ---- | C] ()
igklg400.dll -> C:\Windows\System32\igklg400.dll -> [2008/07/01 10:02:16 | 01,953,696 | ---- | C] ()
igklg450.dll -> C:\Windows\System32\igklg450.dll -> [2008/07/01 10:02:16 | 01,533,360 | ---- | C] ()
igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2008/07/01 10:02:16 | 00,147,456 | ---- | C] ()
igmedcompkrn.dll -> C:\Windows\System32\igmedcompkrn.dll -> [2008/07/01 10:02:16 | 00,104,636 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2008/06/02 19:35:17 | 00,159,744 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 04:35:51 | 00,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 04:35:51 | 00,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 04:35:51 | 00,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 04:35:51 | 00,026,040 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/01 23:40:29 | 00,013,750 | ---- | C] ()

[File - Lop Check]
acccore -> C:\Users\Ben\AppData\Roaming\acccore -> [2008/07/07 16:39:46 | 00,000,000 | ---D | M]
Amazon -> C:\Users\Ben\AppData\Roaming\Amazon -> [2009/03/23 00:55:50 | 00,000,000 | ---D | M]
Microgaming -> C:\Users\Ben\AppData\Roaming\Microgaming -> [2008/10/04 10:13:44 | 00,000,000 | ---D | M]
TeamViewer -> C:\Users\Ben\AppData\Roaming\TeamViewer -> [2009/09/12 12:09:19 | 00,000,000 | ---D | M]
Template -> C:\Users\Ben\AppData\Roaming\Template -> [2008/07/24 01:03:10 | 00,000,000 | ---D | M]
UB -> C:\Users\Ben\AppData\Roaming\UB -> [2010/01/10 01:27:40 | 00,000,000 | ---D | M]
UltimateBet -> C:\Users\Ben\AppData\Roaming\UltimateBet -> [2009/08/30 08:33:14 | 00,000,000 | ---D | M]
uTorrent -> C:\Users\Ben\AppData\Roaming\uTorrent -> [2010/01/07 01:09:01 | 00,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\Windows\Tasks\Ad-Aware Update (Weekly).job -> [2010/01/11 02:15:23 | 00,000,472 | ---- | M] ()
McDefragTask.job -> C:\Windows\Tasks\McDefragTask.job -> [2010/01/15 01:06:17 | 00,000,336 | ---- | M] ()
McQcTask.job -> C:\Windows\Tasks\McQcTask.job -> [2010/01/01 01:00:05 | 00,000,328 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/01/16 16:36:09 | 00,032,572 | ---- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
UltimateHistory.exe -> C:\UltimateHistory.exe -> [2008/07/07 16:12:09 | 00,184,320 | ---- | M] ()
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\ERDNT\cache\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\drivers\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/20 18:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation)
< %systemdrive%\AHCIX86S.SYS  /md5 /s >
ahcix86s.sys : MD5=844A6734E8BB3530FB1444ED698087BD -> C:\ATI\SUPPORT\8-6_vista32_dd_ccc_wdm_enu_64789\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys -> [2008/04/02 11:40:48 | 00,175,632 | ---- | M] (AMD Technologies Inc.)
ahcix86s.sys : MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -> C:\ATI\SUPPORT\8-6_vista32_dd_ccc_wdm_enu_64789\Packages\Drivers\SBDrv\SB6xx\RAID\LH64A\ahcix86s.sys -> [2007/04/16 14:16:34 | 00,119,296 | ---- | M] (ATI Technologies Inc.)
< %systemdrive%\ATAPI.SYS  /md5 /s >
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\ERDNT\cache\atapi.sys -> [2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys -> [2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/20 18:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/20 18:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation)
atapi.sys : Unable to obtain MD5  -> C:\Windows\System32\drivers\atapi.sys -> [2009/04/10 22:32:26 | 00,019,944 | ---- | M] ()
< %systemdrive%\CNGAUDIT.DLL  /md5 /s >
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\ERDNT\cache\cngaudit.dll -> [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
< %systemdrive%\IASTOR.SYS  /md5 /s >
iastor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Drivers\storage\R154092\iastor.sys -> [2007/04/26 02:41:38 | 00,304,920 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\drivers\iaStor.sys -> [2007/04/26 02:41:38 | 00,304,920 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys -> [2007/04/26 02:41:38 | 00,304,920 | ---- | M] (Intel Corporation)
iaStor.sys : MD5=997E8F5939F2D12CD9F2E6B395724C16 -> C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys -> [2007/04/26 02:41:38 | 00,304,920 | ---- | M] (Intel Corporation)
< %systemdrive%\IASTORV.SYS  /md5 /s >
iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\drivers\iaStorV.sys -> [2008/01/20 18:32:49 | 00,235,064 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys -> [2008/01/20 18:32:49 | 00,235,064 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/20 18:32:49 | 00,235,064 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\ERDNT\cache\netlogon.dll -> [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\System32\netlogon.dll -> [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/20 18:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NVSTOR.SYS  /md5 /s >
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\drivers\nvstor.sys -> [2008/01/20 18:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/20 18:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/20 18:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/20 18:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\ERDNT\cache\scecli.dll -> [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\System32\scecli.dll -> [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
OTS cannot create restorepoints on Vista OSs!
< %systemroot%\system32\*.dll /lockedfiles >
ATIDEMGX.dll : Unable to obtain MD5  -> C:\Windows\System32\ATIDEMGX.dll -> [2008/06/02 19:35:30 | 00,413,696 | ---- | M] (Advanced Micro Devices, Inc.)
rsaenh.dll : Unable to obtain MD5  -> C:\Windows\System32\rsaenh.dll -> [2009/04/10 22:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation)
SLC.dll : Unable to obtain MD5  -> C:\Windows\System32\SLC.dll -> [2009/04/10 22:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation)
< %systemroot%\Tasks\*.job /lockedfiles >

[Alternate Data Streams]
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1CFFB598
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\DoylesRoom:MID
< End of report >



#3 98mute

98mute
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 17 January 2010 - 06:21 AM

well ive decided i am going to format the computer. im kinda freaked out that people might be able to get my passwords and it could pretty much ruin my life lol.

thanks

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 AM

Posted 23 January 2010 - 10:00 PM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users