Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware causing BSOD and Image hash file errors.


  • This topic is locked This topic is locked
16 replies to this topic

#1 chasmanchu

chasmanchu

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 07 March 2010 - 09:34 PM

Hi, and thank you for your time and expertise,
A few weeks back under a limited user account on my Vista 32bit PC protected with Viper and sunblet firewall I ran CCleaner and Viper popped up a blocking message and then seem to shutdown and I more or less loss control of my PC. I unplugged it, went into safe mode and did a system restore that was at least 7 days old. I then did a complete scan with Viper and then a complete scan with Windows Defender, both coming up clean. Next I turned on User Account Control. Then, thinking that Viper might be damaged in some way I uninstalled it and installed AVG free version 9. I thought everything was fine and then about a week later I got my first Blue Screen of Death. I upgraded the BIOS, download Speccy to monitor my hardware, where I noticed my graphics card was running over 70 Celcius, so I replaced it new card running at 37 to 39 C. Next I started reading the Event viewer and that is when I started to become concerned that somehow some malware was on my PC that was being missed by Viper and or AVG, WD and sunbelt firewall. I will list a few of these events but let first let you know that I ran spinrite at this point and my hard drive got a clean bill of health. Here are three of the events.
ONE: Computer: chasmanchuPC
Description:
The entry <C:\USERS\CHASMANCHU\APPDATA\LOCAL\MICROSOFT\WINDOWS\EXPLORER\ZZZZZZZZZZZZZ.ZZ> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details: A device attached to the system is not functioning. (0x8007001f)

TWO:Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Users\CHASMA~1\AppData\Local\temp\mbr.sys

Three: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Users\CHASMA~1\AppData\Local\temp\fwdcraow.sys

I am continuing to get periodic BSODs and lots of Events like above plus other disturbing events like “17 user registry handles leaked from…”
In our home we have four PCs in our network and we share one external hard drive for backups and various usb thumb drives. I am worried that my PC could or might be effecting the others.
Thanks,
Charlie


DDS (Ver_09-12-01.01) - NTFSx86
Run by chasmanchu at 18:16:34.22 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2316 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\chasmanchu\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258216234316
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chasma~1\appdata\roaming\mozilla\firefox\profiles\c7dzegjh.default\
FF - plugin: c:\users\chasmanchu\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-1-16 202928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-1-16 65576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]
S3 IYILHSR;IYILHSR;c:\users\chasma~1\appdata\local\temp\iyilhsr.exe --> c:\users\chasma~1\appdata\local\temp\IYILHSR.exe [?]
S3 NQDHANTAPEWQPLYBW;NQDHANTAPEWQPLYBW;c:\users\chasma~1\appdata\local\temp\nqdhantapewqplybw.exe --> c:\users\chasma~1\appdata\local\temp\NQDHANTAPEWQPLYBW.exe [?]
S3 OILX;OILX;c:\users\chasma~1\appdata\local\temp\oilx.exe --> c:\users\chasma~1\appdata\local\temp\OILX.exe [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]

=============== Created Last 30 ================

2010-03-07 23:10:30 20 ----a-w- c:\users\chasmanchu\defogger_reenable
2010-03-07 18:31:16 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-07 18:21:17 0 d-----w- C:\CFix14392C
2010-03-07 17:48:13 98816 ----a-w- c:\windows\sed.exe
2010-03-07 17:48:13 77312 ----a-w- c:\windows\MBR.exe
2010-03-07 17:48:13 261632 ----a-w- c:\windows\PEV.exe
2010-03-07 17:48:13 161792 ----a-w- c:\windows\SWREG.exe
2010-03-07 17:44:17 0 d-----w- C:\CFix
2010-03-07 05:48:31 334 ----a-w- c:\windows\Edit2
2010-03-07 01:28:22 0 d-----w- c:\users\chasma~1\appdata\roaming\Sunbelt
2010-03-07 00:59:42 3219344478 ----a-w- c:\windows\MEMORY.SAVEDMP
2010-03-03 02:16:21 0 d-----w- c:\programdata\NVIDIA
2010-03-03 01:13:21 0 d-----w- c:\windows\nvtmpinst
2010-02-28 04:34:09 0 d-----w- c:\program files\ProcessExplorer
2010-02-26 06:40:57 0 d-----w- C:\Intel
2010-02-25 23:59:14 0 d-----w- C:\My Pictures
2010-02-25 22:30:28 0 d-----w- c:\program files\Speccy
2010-02-24 08:30:18 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-19 07:35:53 0 d-----w- c:\programdata\WindowsSearch
2010-02-19 07:13:41 0 d-----w- c:\program files\AVG
2010-02-19 05:01:48 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-19 05:01:47 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-19 04:36:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-19 04:36:06 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

==================== Find3M ====================

2010-03-07 23:14:27 226138 ----a-w- c:\programdata\nvModes.dat
2010-03-07 03:15:14 94 ----a-w- c:\users\chasma~1\appdata\roaming\netstat.bat
2010-03-03 01:09:28 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-03 01:09:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-03 01:09:23 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 08:49:07 1664 ----a-w- c:\users\chasma~1\appdata\roaming\wklnhst.dat
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 22:02:22 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 23:56:41 98128 ----a-w- c:\users\chasma~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-10-27 17:16:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-06 02:47:35 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-23 06:19:00 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\mshist012009082320090824\index.dat
2009-01-20 16:27:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012020090121\index.dat
2009-01-25 02:50:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012420090125\index.dat
2009-01-28 15:49:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012820090129\index.dat
2009-02-15 02:00:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021420090215\index.dat
2009-02-26 07:08:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022620090227\index.dat
2009-03-05 04:24:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-08 02:00:41 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030720090308\index.dat
2009-03-17 02:46:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031620090317\index.dat
2009-03-17 07:10:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031720090318\index.dat
2009-03-26 01:42:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032520090326\index.dat
2009-03-28 01:59:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032720090328\index.dat
2009-03-28 05:03:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032820090329\index.dat
2009-03-30 02:15:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032920090330\index.dat
2009-04-05 01:00:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040420090405\index.dat
2009-04-09 23:51:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040920090410\index.dat
2009-04-12 01:03:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041120090412\index.dat
2009-04-19 02:42:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041820090419\index.dat
2009-05-06 01:21:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050520090506\index.dat
2009-05-09 02:07:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050820090509\index.dat
2009-05-15 06:34:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051520090516\index.dat
2009-05-27 03:51:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009052620090527\index.dat
2009-06-10 00:06:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060920090610\index.dat
2009-06-11 03:17:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061020090611\index.dat
2009-06-11 07:20:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061120090612\index.dat
2009-06-16 01:28:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061520090616\index.dat
2009-07-04 19:10:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070420090705\index.dat
2009-07-13 04:08:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070620090713\index.dat
2009-07-10 04:40:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071020090711\index.dat
2009-07-13 04:08:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071320090714\index.dat
2009-07-16 05:15:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071620090717\index.dat
2009-07-17 07:30:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071720090718\index.dat
2009-07-19 02:50:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071820090719\index.dat
2009-07-31 04:00:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009073120090801\index.dat
2009-08-02 02:29:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080120090802\index.dat
2009-08-08 00:22:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080720090808\index.dat
2009-08-09 01:07:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080820090809\index.dat
2009-08-23 06:03:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009082320090824\index.dat
2009-08-30 01:45:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009082920090830\index.dat
2009-09-13 03:00:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091220090913\index.dat
2009-09-15 03:55:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091420090915\index.dat
2009-09-23 18:27:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092320090924\index.dat
2009-09-26 17:30:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092620090927\index.dat
2009-10-27 03:09:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102620091027\index.dat
2009-11-04 05:28:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110420091105\index.dat
2009-11-08 02:15:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110720091108\index.dat
2009-11-10 05:34:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2009-11-13 06:42:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111320091114\index.dat
2009-11-18 17:03:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111820091119\index.dat
2009-11-20 04:19:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111920091120\index.dat
2009-11-28 01:49:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112720091128\index.dat
2009-12-02 03:52:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120120091202\index.dat
2009-12-03 02:29:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120220091203\index.dat
2009-12-04 18:06:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120420091205\index.dat
2009-12-07 00:19:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120620091207\index.dat
2007-12-10 02:28:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:18:41.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:18 AM

Posted 10 March 2010 - 06:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 March 2010 - 02:49 AM

Hi myrti,

Thanks for your help here are the two files OTL and Extras.

charlie


OTL logfile created on: 3/11/2010 2:16:21 AM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\chasmanchu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 405.59 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CHASMANCHUPC
Current User Name: chasmanchu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 01:30:32 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chasmanchu\Downloads\OTL.exe
PRC - [2010/02/24 17:19:07 | 011,944,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/04 17:04:22 | 000,959,824 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2009/12/21 18:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008/03/04 14:00:00 | 007,222,544 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 01:30:32 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chasmanchu\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (OILX)
SRV - File not found [On_Demand | Stopped] -- -- (NQDHANTAPEWQPLYBW)
SRV - File not found [On_Demand | Stopped] -- -- (IYILHSR)
SRV - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/06 09:26:28 | 000,729,088 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/07/16 14:30:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/19 13:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 21:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/13 08:22:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/10 19:06:28 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/11/19 13:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/10/31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2008/06/21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/22 21:45:47 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/09 21:28:43 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/09 21:28:43 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/09 21:28:43 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/18 19:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 19:39:15 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 19:39:15 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/03/23 02:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XPVCOM.sys -- (xpvcom)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 23:31:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 21:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/02 23:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/02 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Extensions
[2010/03/01 03:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/11 02:05:52 | 000,000,000 | ---D | M] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions
[2010/03/02 21:40:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/02 22:16:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/02 21:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/07 15:49:26 | 000,000,765 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - No CLSID value found.
O3 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1258216234316 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 03:15:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Events
[2010/03/07 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\Documents\bleepingcomputer
[2010/03/07 13:32:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/07 13:32:25 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\temp
[2010/03/07 13:31:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/07 13:21:17 | 000,000,000 | ---D | C] -- C:\CFix14392C
[2010/03/07 13:20:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/07 12:48:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/07 12:48:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/07 12:48:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/07 12:47:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/07 12:44:17 | 000,000,000 | ---D | C] -- C:\CFix
[2010/03/07 12:43:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Sunbelt
[2010/03/03 12:50:49 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Leadertech
[2010/03/02 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Mozilla
[2010/03/02 21:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/02 21:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/02 20:13:21 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2010/03/01 03:47:20 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla
[2010/03/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Opera
[2010/03/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Opera
[2010/03/01 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/27 23:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/02/27 05:18:45 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\SupportSoft
[2010/02/26 01:40:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/02/25 19:28:11 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Deployment
[2010/02/25 18:59:14 | 000,000,000 | ---D | C] -- C:\My Pictures
[2010/02/25 17:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/02/24 03:30:18 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/02/23 14:24:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 14:24:41 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 14:24:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 14:24:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/23 14:24:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 14:24:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 14:24:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 14:24:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 14:24:10 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 14:24:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 14:24:10 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 14:24:10 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 14:24:10 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 14:24:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/20 03:04:53 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\NewSoft
[2010/02/20 03:04:53 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\Documents\My PageManager
[2010/02/19 02:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/02/19 02:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/19 00:01:48 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/19 00:01:47 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/18 23:35:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/18 23:35:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/18 23:35:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/18 23:35:30 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/01/30 14:37:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxblinpa.dll
[2008/01/30 14:37:57 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBLhcp.dll
[2008/01/30 14:37:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxblserv.dll
[2008/01/30 14:37:56 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxblusb1.dll
[2008/01/30 14:37:56 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxblpmui.dll
[2008/01/30 14:37:56 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbllmpm.dll
[2008/01/30 14:37:56 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbliesc.dll
[2008/01/30 14:37:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxblprox.dll
[2008/01/30 14:37:56 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxblpplc.dll
[2008/01/30 14:37:55 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxblhbn3.dll
[2008/01/30 14:37:55 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxblcomc.dll
[2008/01/30 14:37:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxblcomm.dll
[2 C:\Users\chasmanchu\Documents\*.tmp files -> C:\Users\chasmanchu\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 02:17:45 | 003,670,016 | -HS- | M] () -- C:\Users\chasmanchu\ntuser.dat
[2010/03/11 01:43:39 | 000,747,162 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/11 01:43:39 | 000,634,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/11 01:43:39 | 000,117,228 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/11 01:37:52 | 000,226,138 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/11 01:37:52 | 000,226,138 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/11 01:36:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 01:36:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/11 01:36:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/11 01:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/09 23:24:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/09 23:24:05 | 000,524,288 | -HS- | M] () -- C:\Users\chasmanchu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/03/09 23:24:05 | 000,065,536 | -HS- | M] () -- C:\Users\chasmanchu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/09 23:24:01 | 003,336,708 | -H-- | M] () -- C:\Users\chasmanchu\AppData\Local\IconCache.db
[2010/03/07 18:10:45 | 000,000,020 | ---- | M] () -- C:\Users\chasmanchu\defogger_reenable
[2010/03/07 17:56:52 | 000,524,288 | ---- | M] () -- C:\Users\chasmanchu\Desktop\dds.scr
[2010/03/07 13:29:08 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/07 01:03:14 | 000,000,334 | ---- | M] () -- C:\Windows\Edit2
[2010/03/06 22:15:14 | 000,000,094 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
[2010/03/06 20:23:16 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2010/03/06 19:59:42 | 3219,344,478 | ---- | M] () -- C:\Windows\MEMORY.SAVEDMP
[2010/03/04 19:52:17 | 000,033,280 | ---- | M] () -- C:\Users\chasmanchu\Documents\Medical Exps For 2009.xls
[2010/03/04 19:43:39 | 000,098,696 | ---- | M] () -- C:\Users\chasmanchu\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 04:51:50 | 000,001,838 | ---- | M] () -- C:\Users\Public\Documents\now.text
[2010/03/02 21:22:33 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/02 21:19:29 | 000,000,848 | ---- | M] () -- C:\Users\chasmanchu\Desktop\procexp.exe - Shortcut.lnk
[2010/03/01 00:52:46 | 000,073,716 | ---- | M] () -- C:\Users\chasmanchu\Documents\bookmarks.html
[2010/03/01 00:18:39 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/02/27 07:13:00 | 005,312,512 | ---- | M] () -- C:\Users\chasmanchu\Documents\System.evtx
[2010/02/27 07:12:35 | 003,215,360 | ---- | M] () -- C:\Users\chasmanchu\Documents\Security.evtx
[2010/02/27 07:11:46 | 002,166,784 | ---- | M] () -- C:\Users\chasmanchu\Documents\AppEvents.evtx
[2010/02/27 04:43:22 | 000,167,936 | ---- | M] () -- C:\Users\chasmanchu\Documents\modemFireWallsettings.doc
[2010/02/26 23:54:17 | 000,000,760 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\setup_ldm.iss
[2010/02/26 00:54:42 | 000,421,211 | ---- | M] () -- C:\Users\chasmanchu\Documents\sar_15_umeng.pdf
[2010/02/25 18:55:02 | 000,175,616 | ---- | M] () -- C:\Users\chasmanchu\Documents\FileZillaCsideSettings.doc
[2010/02/25 18:48:10 | 000,488,960 | ---- | M] () -- C:\Users\chasmanchu\Documents\TBirdAccSettings.doc
[2010/02/25 17:30:29 | 000,001,636 | ---- | M] () -- C:\Users\chasmanchu\Desktop\Speccy.lnk
[2010/02/25 17:09:57 | 000,157,696 | ---- | M] () -- C:\Users\chasmanchu\Documents\Doc1.doc
[2010/02/25 16:51:24 | 000,001,672 | ---- | M] () -- C:\Users\chasmanchu\Desktop\CCleaner.lnk
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 22:20:38 | 000,119,808 | ---- | M] () -- C:\Users\chasmanchu\Documents\2009 Business Expenditure Log.xls
[2010/02/23 14:52:31 | 000,375,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 03:39:36 | 000,121,344 | ---- | M] () -- C:\Users\chasmanchu\Documents\MusicalInventory.xls
[2010/02/20 03:49:07 | 000,001,664 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\wklnhst.dat
[2010/02/19 00:15:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/02/18 15:10:58 | 000,093,184 | ---- | M] () -- C:\Users\chasmanchu\Documents\2010 Business Expenditure Log.xls
[2010/02/15 21:35:33 | 000,872,363 | ---- | M] () -- C:\Users\chasmanchu\Documents\Marantz_America_Limited_Warranty_for_Reference_Series_models_May.1.2009.pdf
[2010/02/12 14:04:17 | 000,117,716 | ---- | M] () -- C:\Users\chasmanchu\Documents\https___stmts.chase.com_Stmt2.pdf
[2010/02/10 20:50:59 | 000,027,136 | ---- | M] () -- C:\Users\chasmanchu\Documents\GeneralTopics.doc
[2 C:\Users\chasmanchu\Documents\*.tmp files -> C:\Users\chasmanchu\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 18:15:53 | 000,524,288 | ---- | C] () -- C:\Users\chasmanchu\Desktop\dds.scr
[2010/03/07 18:10:30 | 000,000,020 | ---- | C] () -- C:\Users\chasmanchu\defogger_reenable
[2010/03/07 12:48:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/07 12:48:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/07 12:48:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/07 12:48:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/07 12:48:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/07 00:48:31 | 000,000,334 | ---- | C] () -- C:\Windows\Edit2
[2010/03/06 20:23:16 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2010/03/06 19:59:42 | 3219,344,478 | ---- | C] () -- C:\Windows\MEMORY.SAVEDMP
[2010/03/02 21:55:09 | 000,119,808 | ---- | C] () -- C:\Users\chasmanchu\Documents\2009 Business Expenditure Log.xls
[2010/03/02 21:55:09 | 000,093,184 | ---- | C] () -- C:\Users\chasmanchu\Documents\2010 Business Expenditure Log.xls
[2010/03/02 21:22:33 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/02 21:19:29 | 000,000,848 | ---- | C] () -- C:\Users\chasmanchu\Desktop\procexp.exe - Shortcut.lnk
[2010/03/01 00:52:46 | 000,073,716 | ---- | C] () -- C:\Users\chasmanchu\Documents\bookmarks.html
[2010/03/01 00:18:39 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/02/27 07:12:58 | 005,312,512 | ---- | C] () -- C:\Users\chasmanchu\Documents\System.evtx
[2010/02/27 07:12:32 | 003,215,360 | ---- | C] () -- C:\Users\chasmanchu\Documents\Security.evtx
[2010/02/27 07:11:46 | 002,166,784 | ---- | C] () -- C:\Users\chasmanchu\Documents\AppEvents.evtx
[2010/02/27 04:43:21 | 000,167,936 | ---- | C] () -- C:\Users\chasmanchu\Documents\modemFireWallsettings.doc
[2010/02/26 00:54:42 | 000,421,211 | ---- | C] () -- C:\Users\chasmanchu\Documents\sar_15_umeng.pdf
[2010/02/25 18:53:59 | 000,175,616 | ---- | C] () -- C:\Users\chasmanchu\Documents\FileZillaCsideSettings.doc
[2010/02/25 18:45:29 | 000,488,960 | ---- | C] () -- C:\Users\chasmanchu\Documents\TBirdAccSettings.doc
[2010/02/25 17:30:29 | 000,001,636 | ---- | C] () -- C:\Users\chasmanchu\Desktop\Speccy.lnk
[2010/02/25 17:09:55 | 000,157,696 | ---- | C] () -- C:\Users\chasmanchu\Documents\Doc1.doc
[2010/02/23 02:01:55 | 000,033,280 | ---- | C] () -- C:\Users\chasmanchu\Documents\Medical Exps For 2009.xls
[2010/02/19 00:15:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/18 14:21:45 | 000,092,672 | ---- | C] () -- C:\Users\chasmanchu\Documents\BudgetForNovember2007.xls
[2010/02/15 21:35:33 | 000,872,363 | ---- | C] () -- C:\Users\chasmanchu\Documents\Marantz_America_Limited_Warranty_for_Reference_Series_models_May.1.2009.pdf
[2010/02/12 14:04:17 | 000,117,716 | ---- | C] () -- C:\Users\chasmanchu\Documents\https___stmts.chase.com_Stmt2.pdf
[2010/01/09 02:04:21 | 000,000,281 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/12/01 22:36:47 | 000,226,138 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/01 22:36:47 | 000,226,138 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/13 21:28:58 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/26 23:44:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/15 00:19:32 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/05/14 23:54:30 | 000,000,760 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\setup_ldm.iss
[2009/03/16 20:20:14 | 000,000,094 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
[2009/02/10 19:39:00 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008/05/13 12:25:30 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/05/13 12:22:11 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/03/05 02:39:07 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/02/21 18:24:29 | 000,000,020 | ---- | C] () -- C:\Windows\LANG.INI
[2008/02/10 15:31:26 | 000,027,043 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\UserTile.png
[2008/01/30 14:37:57 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBLinst.dll
[2008/01/23 00:18:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/01/16 20:07:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/07 23:19:40 | 000,001,664 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\wklnhst.dat
[2007/12/09 21:29:05 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/03/23 02:00:14 | 000,030,032 | ---- | C] () -- C:\Windows\System32\drivers\XPVCOM.sys
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxblcoin.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005/09/07 13:44:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxblvs.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2007/12/09 21:20:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/12/09 21:20:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< End of report >


OTL Extras logfile created on: 3/11/2010 2:16:21 AM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\chasmanchu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 405.59 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CHASMANCHUPC
Current User Name: chasmanchu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062F019B-211B-40D5-9D07-A46E5A384CC2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{10DD3B97-2CF7-4C75-810F-4068332B3B84}" = lport=999 | protocol=6 | dir=in | app=c:\windows\windowsmobile\wmdhost.exe |
"{1C29BCD1-DD4D-4743-A92C-FB66329C6622}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{3649202E-B2E5-4988-B735-801349921272}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3C0FA131-1FF5-41F4-8392-363DA56C536A}" = lport=26675 | protocol=6 | dir=in | name=windows mobile-based device connectivity - desktop airsync (tcp-in) |
"{43FA79EB-21EC-45D1-8360-84319DAEF7D4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{4BB6A24E-A4DB-49C2-A7C9-9D60E5668B56}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{5B115763-24D2-484A-AEEA-7534F19AD5CF}" = lport=999 | protocol=6 | dir=in | app=c:\windows\windowsmobile\wmdhost.exe |
"{60F3F0F1-8C29-4DFD-BF66-4F8F68971594}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{66048D32-070F-48AA-B831-F09E6184F3DC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6C439637-CD46-41F5-97CF-22D1593C78F2}" = lport=5678 | protocol=6 | dir=in | app=c:\windows\windowsmobile\wmdhost.exe |
"{95236A49-0291-4877-A415-FA975EEDAC9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE1E8801-243D-4A0B-B143-FB6E493A4CE0}" = lport=5678 | protocol=6 | dir=in | app=c:\windows\windowsmobile\wmdhost.exe |
"{B96F5E49-5DB2-477A-9754-7C12411FE11A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D197802A-B819-43BF-BAC0-BC23752D366C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D2D6FA2D-FC62-4C4F-8852-694E522F80EF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{E10CB3E2-C368-45E9-A4AF-1CDA6C4F2C21}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F55D6CBD-BBF4-499B-8BDF-7805D06EEF87}" = lport=26675 | protocol=6 | dir=in | name=windows mobile-based device connectivity - desktop airsync (tcp-in) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0253FE1E-0151-4C9F-A2EA-F731BE879D0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A902292-772B-4103-99B8-CC8D98F353C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AAE1266-41EB-4620-AA08-37BBA8671960}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EEC5C0C-ED62-4F3E-9AE5-6A6EFB11E812}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BF17766-16D6-496C-B18E-6B3B3B8E3BF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C22CE0C-1779-451E-8747-DEECC8A765F7}" = protocol=6 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{21CF8F98-71A6-4370-BC4E-F2547B111E27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{220B3BD4-F0DD-4CD4-A3A5-22EC813E68B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B665705-41E6-4062-B747-11D9760EF98E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BB97A81-AB1E-49AC-BD18-A8DF4D08B4F0}" = protocol=17 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{2D7C0045-7292-43D1-92DE-9E6891E2DF07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E757D62-FC70-4B37-BD8D-07F665164A69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33EB9411-2988-4BE7-8E68-8B4FA0AFA733}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34F92892-9864-4E48-8E08-F0584118A53A}" = protocol=6 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{36C75B2D-D0D8-4C28-A91F-CE83C0987FE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A8907D8-0032-4AAB-BEB9-72DC780ABF08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D6DF7D8-8722-4DCB-B808-8CD9EA9A9D90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E169833-17D4-45FE-BB34-768492F62168}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40737C2F-B0F9-435D-B680-860E26D84B0B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42EC54E0-78F4-4C46-99CA-A48D59CA12CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45C2C52D-7014-42EF-A237-B21C7217DD7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BB60535-C5EC-478E-AD90-ACE6D4A51233}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EDC0986-507E-4DFF-8C78-4BB08A858ACA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{519BC0F8-6D67-4080-9BC9-CDD23DE2810A}" = protocol=6 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{5731EF36-A78E-42D8-A49F-889922467456}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{585597F4-51CC-4349-B2FD-7F03E8C456C7}" = protocol=6 | dir=in | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{589EA297-0E5E-45FD-9FF6-B22865AE1CFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6505A5BB-19F3-40C1-8EFE-1B479AA399DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73785E7D-00DB-4E70-8FBD-D0F92A5EB70D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7471DC92-4D15-4543-B582-82395836DFA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77F3E95A-50C0-48D3-8042-4D51CD08A515}" = protocol=6 | dir=in | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{796AE439-9574-46F7-A7C3-146C3012B24B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C9A9C74-DA56-4AB2-9B86-CA2F94A65DA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CBD414B-C210-47DD-B69F-D2FAF63F309B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{809CB34A-E91E-4AF9-A7BE-792FBDEDF730}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8648BDBC-E909-42D8-8B8D-21E47AEC965C}" = protocol=17 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{88DC2AE6-DC3F-4C9F-B38B-390C206E0D1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B0D1263-2110-4ABD-A9EB-1177C0913C37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D2EAE64-F63E-4C11-AEFD-83F56219936A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93067801-C4E4-45EE-AD24-84D42C1F309A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{95F9CADC-796F-4A6F-9D17-5B45CDFDF895}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{96CC8749-6107-4403-B034-FBF7353C61B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{972FE1C3-AE38-471C-A5C2-8CF5B1B2F1B3}" = protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{97D009E9-5F66-454B-B7E3-283F1E2C6E91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A22F5CE-977C-438B-A1BB-1758715082A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E74D666-6CDA-43C7-99F8-8D1650F5BB53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4C99677-283F-4832-A740-C3A42A585A94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEA9A4BE-3343-4F3B-97EE-7F2F32B46D8A}" = protocol=17 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{B4FF1A7F-4E5C-4B7A-ADAE-C865737F2162}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD2077B1-5CF1-41ED-9A0E-E087D0F3488C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEA1F08B-B0D8-4C73-ACA4-4D6E4D5B8115}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C018AB2E-8ED1-4BC1-8828-37DD0BC9D576}" = protocol=6 | dir=in | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{C6C15452-B27B-4757-8AF7-FCE3E3C356CB}" = protocol=6 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{C7F1BCF5-57D6-408E-9865-7D942586E780}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C93DE727-7F72-4D43-9911-3C34EC3F9622}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CAFA3F5B-1A0B-4C37-853E-23038DB2B44F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CDD60C47-FE8C-482D-A97A-97122761202B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF604D27-8C39-4FD9-9A57-71634AC33F33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5B60C34-17C7-4DF1-BAA0-2B12215FABCB}" = protocol=6 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{D6AFBF32-500E-45FE-B063-56423D9AFA93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6DE0822-CCAC-40CB-9496-F57EFEEEDA62}" = protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{DD11C63F-BB08-430A-8812-9897FC16493A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E41F379A-061A-431C-B818-2D6452B94BA3}" = protocol=6 | dir=out | svc=wcescomm | app=c:\windows\system32\svchost.exe |
"{E53FC232-CC0E-4F98-A5DB-D575D8436DEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC0E722A-FE26-4AA6-A2E7-D3155E0629B3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EFC531BB-C34E-49AF-BFD0-B0BDFEDD2A8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F55E9BFC-8441-4F61-9D31-E6886D86B7D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F94E0AA0-1005-4507-9484-617B08982A21}" = protocol=17 | dir=out | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{FA5666C5-6EA8-4A39-8EE2-A0A397A188CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{CD2FCE9C-DD80-42A5-AD94-856C9897C4BC}C:\users\chasmanchu\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chasmanchu\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{9CA372EE-4DED-4B4F-92FF-4F2470573148}C:\users\chasmanchu\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chasmanchu\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03926E9B-C944-48D5-8FA8-1A094D486CFE}" = UltraSentry
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{210309F3-7A5A-474C-B474-390D99C6A257}" = VIPRE Antivirus + Antispyware
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java™ SE Development Kit 6 Update 4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8D726B6E-6F98-400F-9D82-41717D947D9C}" = UltraEdit v14.00+3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.3.2
"FileZilla Server" = FileZilla Server (remove only)
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v0.9.6.9
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1_rc15
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PremiumSoft Navicat 8.2 for MySQL_is1" = PremiumSoft Navicat 8.2 for MySQL
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Psi" = Psi (remove only)
"Speccy" = Speccy
"WampServer 2_is1" = WampServer 2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2010 5:41:46 PM | Computer Name = chasmanchuPC | Source = Windows Search Service Profile Notification | ID = 2
Description =

Error - 3/6/2010 9:00:52 PM | Computer Name = chasmanchuPC | Source = EventSystem | ID = 4609
Description =

Error - 3/7/2010 7:58:45 PM | Computer Name = chasmanchuPC | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 3/7/2010 2:00:24 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/7/2010 2:20:03 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/7/2010 2:20:08 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/7/2010 2:20:39 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/7/2010 2:22:17 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/7/2010 2:28:56 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/7/2010 8:35:05 PM | Computer Name = chasmanchuPC | Source = DCOM | ID = 10010
Description =

Error - 3/7/2010 8:36:11 PM | Computer Name = chasmanchuPC | Source = DCOM | ID = 10005
Description =

Error - 3/7/2010 8:36:11 PM | Computer Name = chasmanchuPC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/11/2010 2:54:08 AM | Computer Name = chasmanchuPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.3 for the Network Card with network
address 001AA09051DC has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >


#4 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 March 2010 - 04:10 AM

Hi myrti,

I thought I would reply with some additional information in response to your post. Since joining and making my first post I do not think I have run any other tools or done any cleanup on my own. I did however download and run Combofix just prior to joining. Not sure if that helps or hurts. Also I had windows set to automatically update so it did download and install some updates tonight. I have since turned off the automatic updates to prevent future ones from happening.

I have done a little more investigation of my PC and did find some odd Services listed like:

NQDHANTAPEWQPLYBW
With the Path to executable:
C:\Users\CHASMA~1\AppData\Local\Temp\NQDHANTAPEWQPLYBW.exe

OILX
With the Path to executable:
C:\Users\CHASMA~1\AppData\Local\Temp\OILX.exe

IYILHSR
With the Path to executable:
C:\Users\CHASMA~1\AppData\Local\Temp\IYILHSR.exe

I do not see these file there now.


charlie





#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:18 AM

Posted 11 March 2010 - 02:48 PM

Hi,

QUOTE
TWO:Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Users\CHASMA~1\AppData\Local\temp\mbr.sys

Three: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Users\CHASMA~1\AppData\Local\temp\fwdcraow.sys

Those belong to ComboFix and gmer respectively. They should be fine. I'm looking into the other files.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own
Do you have the log from ComboFix? Could you please provide it?

Please also run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 12 March 2010 - 03:08 AM

Hi myrti,

I ran Malwarebytes Quick Scan and the Full Scan. When I did the Full Scan I included my external backup drive and all 4 of my usb thumb drives. Here are both of those reports and I am including the Combofix report as well.

charlie

Malwarebytes' Anti-Malware 1.44
Database version: 3856
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/11/2010 10:20:08 PM
mbam-log-2010-03-11 (22-20-08).txt

Scan type: Quick Scan
Objects scanned: 128766
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.44
Database version: 3856
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/12/2010 2:50:22 AM
mbam-log-2010-03-12 (02-50-22).txt

Scan type: Full Scan (C:\|D:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 562967
Time elapsed: 1 hour(s), 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 10-03-06.06 - chasmanchu 03/07/2010 12:49:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2396 [GMT -5:00]
Running from: c:\users\chasmanchu\Downloads\CFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1001
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1007
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1008
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1009
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1010
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1011
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1012
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1013
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1014
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1015
c:\$recycle.bin\S-1-5-21-2370754828-832601814-1768823969-1016

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 18:00 . 2010-03-07 18:00 -------- d-----w- c:\users\chasmanchu\AppData\Local\temp
2010-03-07 01:28 . 2010-03-07 01:28 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\Sunbelt
2010-03-07 00:53 . 2010-03-07 00:53 -------- d-----w- c:\users\nownew\AppData\Local\Mozilla
2010-03-07 00:52 . 2010-03-07 00:52 -------- d-----w- c:\users\nownew\AppData\Local\Adobe
2010-03-07 00:52 . 2010-03-07 00:52 98696 ----a-w- c:\users\nownew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 00:43 . 2010-03-05 00:43 98696 ----a-w- c:\users\chasmanchu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 17:50 . 2010-03-03 17:50 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\Leadertech
2010-03-03 02:22 . 2010-03-03 02:22 -------- d-----w- c:\users\chasmanchu\AppData\Local\Mozilla
2010-03-03 02:16 . 2010-03-04 07:45 -------- d-----w- c:\programdata\NVIDIA
2010-03-03 01:13 . 2010-03-03 01:13 -------- d-----w- c:\windows\nvtmpinst
2010-03-01 05:19 . 2010-03-01 05:19 -------- d-----w- c:\users\chasmanchu\AppData\Local\Opera
2010-03-01 05:18 . 2010-03-01 05:18 -------- d-----w- c:\program files\Opera
2010-02-28 04:34 . 2010-02-28 04:35 -------- d-----w- c:\program files\ProcessExplorer
2010-02-27 21:13 . 2010-02-27 21:13 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-27 10:18 . 2010-02-27 11:08 -------- d-----w- c:\users\chasmanchu\AppData\Local\SupportSoft
2010-02-26 06:40 . 2010-02-26 06:40 -------- d-----w- C:\Intel
2010-02-26 00:28 . 2010-02-27 11:09 -------- d-----w- c:\users\chasmanchu\AppData\Local\Deployment
2010-02-25 23:59 . 2010-02-25 23:59 -------- d-----w- C:\My Pictures
2010-02-25 22:30 . 2010-02-25 22:30 -------- d-----w- c:\program files\Speccy
2010-02-24 08:30 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-20 08:04 . 2010-02-20 08:04 -------- d-----w- c:\users\chasmanchu\AppData\Local\NewSoft
2010-02-19 07:35 . 2010-02-19 07:35 -------- d-----w- c:\programdata\WindowsSearch
2010-02-19 07:13 . 2010-02-19 07:13 -------- d-----w- c:\program files\AVG
2010-02-19 05:01 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-19 05:01 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-19 04:36 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-19 04:36 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-07 21:14 . 2010-02-07 21:14 -------- d-----w- c:\windows\system32\config\systemprofile\ContentWatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 17:44 . 2007-12-09 18:47 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-07 17:35 . 2009-12-02 03:36 226138 ----a-w- c:\programdata\nvModes.dat
2010-03-07 03:15 . 2009-03-17 01:20 94 ----a-w- c:\users\chasmanchu\AppData\Roaming\netstat.bat
2010-03-07 03:15 . 2009-03-17 01:20 94 ----a-w- c:\users\chasmanchu\AppData\Roaming\netstat.bat
2010-03-07 01:23 . 2009-01-16 21:54 -------- d-----w- c:\program files\Sunbelt Software
2010-03-03 04:34 . 2008-06-29 22:01 -------- d-----w- c:\program files\Common Files\Real
2010-03-03 02:50 . 2008-01-20 05:33 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\FileZilla
2010-03-01 06:30 . 2008-12-12 07:16 1 ----a-w- c:\users\chasmanchu\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-01 05:03 . 2008-01-08 05:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-27 11:08 . 2008-01-08 05:31 -------- d-----w- c:\programdata\SupportSoft
2010-02-27 11:07 . 2008-01-08 05:30 -------- d-----w- c:\program files\Common Files\supportsoft
2010-02-27 04:54 . 2007-12-09 18:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 23:52 . 2009-11-06 01:46 -------- d-----w- c:\program files\FileZilla FTP Client
2010-02-25 21:51 . 2008-07-26 22:16 -------- d-----w- c:\program files\CCleaner
2010-02-24 14:16 . 2009-10-27 01:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 08:49 . 2008-01-08 04:19 1664 ----a-w- c:\users\chasmanchu\AppData\Roaming\wklnhst.dat
2010-02-19 04:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-19 01:29 . 2009-11-06 13:11 -------- d-----w- c:\program files\FLAC
2010-02-19 01:29 . 2009-11-06 03:37 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\foobar2000
2010-02-19 01:29 . 2009-07-16 19:33 -------- d-----w- c:\programdata\FLEXnet
2010-02-04 20:34 . 2009-06-09 22:04 -------- d-----w- c:\programdata\NOS
2010-01-28 00:48 . 2007-12-09 18:48 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 00:42 . 2007-12-09 18:48 -------- d-----w- c:\program files\Java
2010-01-25 12:00 . 2010-02-23 19:24 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:24 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:24 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:24 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:24 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:24 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:24 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 00:20 . 2008-01-23 05:15 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\Skype
2010-01-21 21:27 . 2008-01-23 05:18 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\skypePM
2010-01-15 21:53 . 2008-12-11 06:00 -------- d-----w- c:\program files\SysInternalsSuite
2010-01-12 02:29 . 2009-11-14 02:26 -------- d-----w- c:\users\chasmanchu\AppData\Roaming\Audacity
2010-01-11 18:45 . 2009-11-14 02:26 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-01-11 18:37 . 2010-01-11 18:37 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-01-11 18:35 . 2010-01-11 18:35 -------- d-----w- c:\program files\Lame for Audacity
2010-01-09 21:53 . 2007-12-09 18:56 -------- d-----w- c:\programdata\Roxio
2010-01-06 15:39 . 2010-02-23 19:24 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 19:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 19:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 19:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-23 19:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 22:02 . 2010-01-04 22:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-02 06:38 . 2010-01-22 16:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 16:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 16:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 22:14 . 2008-12-14 22:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 12:57 . 2010-01-13 06:44 213504 ----a-w- c:\users\chasmanchu\AppData\Roaming\Thunderbird\Profiles\x9kd24m2.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2009-12-08 20:01 . 2010-02-19 04:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-19 04:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2007-12-10 02:28 . 2007-12-10 02:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-01-04 959824]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 07:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:1e,d0,f0,6d,89,de,c9,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-01-23 716272]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 IYILHSR;IYILHSR;c:\users\CHASMA~1\AppData\Local\Temp\IYILHSR.exe [x]
R3 NQDHANTAPEWQPLYBW;NQDHANTAPEWQPLYBW;c:\users\CHASMA~1\AppData\Local\Temp\NQDHANTAPEWQPLYBW.exe [x]
R3 OILX;OILX;c:\users\CHASMA~1\AppData\Local\Temp\OILX.exe [x]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-10-13 95024]
R3 xpvcom;XPVCOM Port;c:\windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-10-09 202928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-01-04 1012080]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-11 69936]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
FF - ProfilePath - c:\users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\
FF - plugin: c:\users\chasmanchu\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 13:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-07 13:04:56
ComboFix-quarantined-files.txt 2010-03-07 18:04

Pre-Run: 438,605,586,432 bytes free
Post-Run: 438,539,599,872 bytes free

- - End Of File - - 5AB820B508BDC3744EA2F17BE55825F4


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:18 AM

Posted 12 March 2010 - 11:11 AM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Driver::
IYILHSR
NQDHANTAPEWQPLYBW
OILX


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
How is your PC doing?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 12 March 2010 - 06:09 PM

Hi myrti,

Well when you had asked me how my computer had been running I was about to write you and say that it had been running well since I posted my problem with bleepingcomputer. But I have gotten two BSOD on each of my two tries to run ComboFix. Before I ran ComboFix I used msconfig to disable Vipre anti-virus and sunblet firewall. Also just to let you know when I first downloaded ComboFix I had renamed it to CFix.exe as per something I had read. With my machine rebooted and with no Vipre or firewall running I did unplug my network cable until I was finished running ComboFix. I created the script file from your last post and dragged and drop it on the ComFix icon.

The first time I ran it I think it got to stage 6 and then I got a BSOD. The second time I ran it, ComboFix got past all 50 stages, ComboFix then rebooted my PC and then the ComoFix Window title was Adminstrator: Find3M and the text in the window said “Preparing Log Report” and another line telling me not to run any other programs until it was complete.
This window was up for about 4 or 5 minutes when I got the second BSOD. Each time afterwards I have looked for the ComboFix log report file but I guess it never got to that step. One thing with the 50 stages was that there was a 6 and a 6A, a 19 and a19B, and a 32 and 32A.

Not sure if the info helps but I did write down the Technical Information give on the second BSOD, it is as follows:

0x0000008E (0xC0000005, 0x82DEFBB1, 0Xbaaa9b88, 0x00000000)
sbhips.sys – Address 82DEFBB1 base at 82DEE000, DateStamp 48fa77cb

Also I have noticed that while ComboFix has not gotten to the writing of the log file it has written quite a bit of other stuff. There are also some files and directories from the first time I ran it on March the 7th. I am including a directory / file listing to see if this will help you and can send any of these files to you as well. Also I am more then willing to try running ComboFix a few more times to see if it can get to the point of writing the log file but I thought at least for now I should stop trying and give you a status update.

Volume in drive C is OS
Volume Serial Number is 26E9-4E28

Directory of C:\

09/18/2006 04:43 PM 24 autoexec.bat
02/25/2010 07:47 PM <DIR> bck
03/12/2010 04:16 PM <DIR> Boot
03/07/2010 01:05 PM <DIR> CFix
03/07/2010 01:32 PM <DIR> CFix14392C
03/12/2010 04:24 PM <DIR> CFix15307C
09/18/2006 04:43 PM 10 config.sys
08/23/2009 02:01 AM <DIR> DELL
12/09/2007 09:14 PM <DIR> doctemp
01/30/2008 02:27 PM <DIR> Drivers
02/26/2010 01:40 AM <DIR> Intel
06/21/2008 12:07 AM 176 lxbl.log
07/07/2009 04:01 PM 2,724 MPUsbSIn.log
02/25/2010 06:58 PM <DIR> My Music
02/25/2010 06:59 PM <DIR> My Pictures
03/07/2010 01:16 PM 19,579 mylog.txt
02/03/2010 11:52 PM <DIR> PerfLogs
03/11/2010 10:13 PM <DIR> Program Files
03/11/2010 10:13 PM <DIR> ProgramData
01/23/2008 12:53 AM <DIR> Projects
03/12/2010 04:09 PM <DIR> Qoobox
12/09/2007 02:06 PM 71 SystemInfo.ini
11/05/2009 09:37 PM <DIR> temp
03/06/2010 07:51 PM <DIR> Users
11/23/2009 09:43 PM <DIR> wamp
03/12/2010 04:35 PM <DIR> Windows
7 File(s) 22,584 bytes
20 Dir(s) 429,317,898,240 bytes free

------------------------------------------------------------------------------------

Volume in drive C is OS
Volume Serial Number is 26E9-4E28

Directory of C:\CFix

03/12/2010 05:16 PM <DIR> .
03/12/2010 05:16 PM <DIR> ..
03/07/2010 12:43 PM 318,976 CF24673.cfxxe
2 File(s) 318,976 bytes
2 Dir(s) 429,317,885,952 bytes free

------------------------------------------------------------------------------------

Volume in drive C is OS
Volume Serial Number is 26E9-4E28

Directory of C:\CFix14392C

03/12/2010 05:17 PM <DIR> .
03/12/2010 05:17 PM <DIR> ..
03/07/2010 01:21 PM 318,976 CF28417.cfxxe
2 File(s) 318,976 bytes
2 Dir(s) 429,317,885,952 bytes free

------------------------------------------------------------------------------------

Volume in drive C is OS
Volume Serial Number is 26E9-4E28

Directory of C:\Qoobox

03/12/2010 05:27 PM <DIR> .
03/12/2010 05:27 PM <DIR> ..
03/07/2010 01:31 PM 2,521 Add-Remove Programs.txt
03/07/2010 12:48 PM <DIR> BackEnv
03/12/2010 02:17 PM 42 CFScript_used_2010-03-12_15.51.25.txt
03/12/2010 02:17 PM 42 CFScript_used_2010-03-12_16.09.07.txt
03/07/2010 01:32 PM 221 ComboFix-quarantined-files.txt
03/07/2010 01:32 PM 19,220 ComboFix2.txt
03/07/2010 01:04 PM 19,579 ComboFix3.txt
03/12/2010 04:18 PM <DIR> LastRun
03/12/2010 03:51 PM <DIR> Quarantine
03/07/2010 01:30 PM 3,415,640 SnapShot@2010-03-07_18.29.07.dat
03/12/2010 04:13 PM <DIR> Test
03/12/2010 03:49 PM <DIR> TestC
9 File(s) 3,458,301 bytes

Directory of C:\Qoobox\BackEnv

03/07/2010 12:48 PM <DIR> .
03/07/2010 12:48 PM <DIR> ..
03/07/2010 12:48 PM 197 appdata.folder.dat
03/07/2010 12:48 PM 384 cache.folder.dat
03/07/2010 12:48 PM 186 Cookies.folder.dat
03/07/2010 12:48 PM 139 desktop.folder.dat
03/07/2010 12:48 PM 179 favorites.folder.dat
03/07/2010 12:48 PM 169 localappdata.folder.dat
03/07/2010 12:48 PM 169 LocalSettings.folder.dat
03/07/2010 12:48 PM 144 mypictures.folder.dat
03/07/2010 12:48 PM 149 personal.folder.dat
03/07/2010 12:48 PM 215 Profiles.Folder.dat
03/07/2010 12:48 PM 281 Profiles.Folder.folder.dat
03/07/2010 12:48 PM 642 programs.folder.dat
03/07/2010 12:48 PM 4,913 SetPath.bat
03/07/2010 12:48 PM 371 startmenu.folder.dat
03/07/2010 12:48 PM 714 startup.folder.dat
03/07/2010 12:48 PM 877 SysPath.dat
03/07/2010 12:48 PM 365 templates.folder.dat
17 File(s) 10,094 bytes

Directory of C:\Qoobox\LastRun

03/12/2010 04:18 PM <DIR> .
03/12/2010 04:18 PM <DIR> ..
03/12/2010 04:16 PM 0 CregC.old
03/12/2010 04:14 PM 0 RenVDel.dat
03/12/2010 04:15 PM 284 SvcTarget.dat
03/12/2010 04:16 PM 9,312 zhsvc.old
4 File(s) 9,596 bytes

Directory of C:\Qoobox\Quarantine

03/12/2010 03:51 PM <DIR> .
03/12/2010 03:51 PM <DIR> ..
03/07/2010 12:49 PM <DIR> C
03/12/2010 04:09 PM 248 catchme.log
03/12/2010 04:09 PM 0 catchme.txt
03/12/2010 04:15 PM <DIR> Registry_backups
2 File(s) 248 bytes

Directory of C:\Qoobox\Quarantine\C

03/07/2010 12:49 PM <DIR> .
03/07/2010 12:49 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\Registry_backups

03/12/2010 04:15 PM <DIR> .
03/12/2010 04:15 PM <DIR> ..
03/12/2010 04:14 PM 798 Legacy_IYILHSR.reg.dat
03/12/2010 04:14 PM 878 Legacy_NQDHANTAPEWQPLYBW.reg.dat
03/12/2010 04:14 PM 774 Legacy_OILX.reg.dat
03/12/2010 04:14 PM 1,456 Service_IYILHSR.reg.dat
03/12/2010 04:15 PM 1,656 Service_NQDHANTAPEWQPLYBW.reg.dat
03/12/2010 04:15 PM 1,386 Service_OILX.reg.dat
03/12/2010 04:14 PM 7,064 tcpip.reg
7 File(s) 14,012 bytes

Directory of C:\Qoobox\Test

03/12/2010 04:13 PM <DIR> .
03/12/2010 04:13 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Qoobox\TestC

03/12/2010 03:49 PM <DIR> .
03/12/2010 03:49 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
39 File(s) 3,492,251 bytes
23 Dir(s) 429,317,816,320 bytes free

------------------------------------------------------------------------------------

Volume in drive C is OS
Volume Serial Number is 26E9-4E28

Directory of C:\CFix15307C

03/12/2010 05:29 PM <DIR> .
03/12/2010 05:29 PM <DIR> ..
03/12/2010 04:08 PM 54,534 023.dat
02/13/2010 01:55 AM 2,139 023v.dat
03/12/2010 04:09 PM 0 ADS.dat
03/12/2010 04:19 PM 430 AllDrivesFolders
03/12/2010 04:15 PM 182 AllSids
03/07/2010 12:48 PM 197 appdata.folder.dat
08/31/2000 08:00 AM 6,760 appinit.bad
07/13/2009 11:09 PM 602 asp.str
10/26/2009 02:51 PM 3,927 Assoc.cmd
11/02/2006 04:44 AM 16,384 ATTRIB.cfxxe
03/02/2010 01:53 AM 2,026 av.cmd
05/13/2009 06:09 PM 1,464 av.vbs
03/12/2010 04:09 PM 0 AWF
03/07/2010 03:15 PM 2,161,224 badclsid.dat
03/12/2010 04:13 PM 0 BHO.dat
03/12/2010 04:13 PM 0 BHOFiles.dat
03/12/2010 04:13 PM 1,250 BHOQuery.dat
03/12/2010 04:14 PM 0 BitsPath
03/12/2010 04:14 PM 661 BitsStr
02/12/2010 04:30 AM 2,917 Boot-Rk.cmd
01/01/2010 10:00 PM 7,459 Boot.bat
08/31/2000 08:00 AM 7,680 BootSect.dll
03/07/2010 12:48 PM 384 cache.folder.dat
11/15/2009 04:30 AM 977 Catch-sub.cmd
03/12/2010 04:21 PM 2,781 Catchlog
04/17/2009 05:37 PM 147,456 catchme.cfxxe
04/17/2009 05:37 PM 147,456 Catchme.tmp
03/12/2010 04:09 PM 0 catch_E.dat
03/12/2010 04:09 PM 0 catch_k.dat
03/12/2010 04:18 PM 91 CCS.bat
03/12/2010 04:07 PM 318,976 CF20051.cfxxe
03/12/2010 04:08 PM 8,192 cfdummy
03/12/2010 04:09 PM 3 cfrun
03/12/2010 04:09 PM 0 cfscriptDequarantine00
03/12/2010 04:09 PM 0 cfscriptDequarantineB00
03/12/2010 04:07 PM 13 CFVersionOld
03/12/2010 04:08 PM 0 chasmanchu.user.cf
03/12/2010 04:07 PM 16 CHCP.bat
03/12/2010 04:08 PM 79,424 ClistB.dat
03/12/2010 04:08 PM 646,503 clsid.dat
03/12/2010 04:12 PM 12,840,215 ClsidDumped
03/12/2010 04:12 PM 534,234 ClsidFiles
03/12/2010 04:07 PM 318,976 cmd.cfxxe
08/31/2000 08:00 AM 1,024 Combo-Fix.sys
08/31/2000 08:00 AM 141,312 ComboFix-Download.cfxxe
03/12/2010 04:24 PM 10,362 ComboFix.txt
03/12/2010 04:08 PM 2,571 ConEnv.sed
03/12/2010 04:20 PM 380 Create.AppData01.dat
03/12/2010 04:14 PM 474,227 Creg.dat
03/12/2010 04:16 PM 7,449 CregB.dat
03/03/2010 05:13 PM 2,950 CregC.cmd
03/12/2010 04:16 PM 26,655 CregC.dat
04/11/2009 01:27 AM 135,168 CSCRIPT.cfxxe
12/23/2009 09:49 PM 1,686 CSet.cmd
03/12/2010 04:12 PM 0 d-del2A.dat
03/12/2010 04:16 PM 0 d-del4AV.dat
08/31/2000 08:00 AM 101,376 dd.cfxxe
03/12/2010 04:15 PM 0 del00
12/06/2009 04:00 AM 1,816 DelClsid.bat
03/12/2010 04:14 PM 0 delclsid00
03/12/2010 04:09 PM 0 delclsid0A
12/06/2009 04:04 AM 1,870 DelClsid64.bat
03/12/2010 04:08 PM 3,193 dll_whitelist.dat
03/12/2010 04:08 PM 21,806 dnd.dat
03/12/2010 04:09 PM 48 Do.dat
03/12/2010 04:19 PM 401 dollar_log.dat
08/31/2000 08:00 AM 746 DPF.str
03/12/2010 04:08 PM 8 Drive.folder.dat
03/12/2010 04:19 PM 3 DrivesB.dat
03/12/2010 04:24 PM 34 DTime.bat
08/31/2000 08:00 AM 51,200 dumphive.cfxxe
08/31/2000 08:00 AM 303 embedded.sed
03/12/2010 04:08 PM <DIR> en-US
03/12/2010 04:08 PM 559 Env.sed
10/20/2005 08:02 PM 163,328 ERDNT.e_e
08/31/2000 08:00 AM 2,815 ERDNTDOS.LOC
08/31/2000 08:00 AM 3,275 ERDNTWIN.LOC
03/12/2010 04:09 PM 0 ErrTrap1
10/20/2005 08:00 PM 157,696 ERUNT.cfxxe
08/31/2000 08:00 AM 4,090 ERUNT.LOC
01/01/2010 10:45 PM 13,800 Exe.reg
08/31/2000 08:00 AM 52,736 extract.cfxxe
03/12/2010 04:19 PM 0 F3m.mrk
03/12/2010 04:18 PM 0 F3m0.mrk
03/12/2010 04:08 PM 34 FdsvOK
12/14/2009 05:22 AM 36,942 ffdefstr.dll
03/12/2010 04:09 PM 0 FileCFScript.dat
08/31/2000 08:00 AM 145,920 FileKill.cfxxe
03/07/2010 03:16 PM 2,429 files.pif
01/25/2010 08:05 PM 700 Fin.dat
03/03/2010 05:12 PM 28,871 FIND3M.bat
11/10/2009 11:16 PM 4,759 FIXLSP.bat
01/03/2010 08:41 PM 1,085 FKMGen.cmd
03/12/2010 04:09 PM 0 Fmove
03/12/2010 04:08 PM 895 ForeignWht
03/12/2010 04:08 PM 0 f_system
03/12/2010 04:08 PM 0 Gateway
10/26/2009 02:54 PM 5,969 GetHive.cmd
08/31/2000 08:00 AM 80,412 grep.cfxxe
08/31/2000 08:00 AM 15,360 gsar.cfxxe
11/18/2008 01:15 PM 173,936 handle.cfxxe
03/12/2010 04:19 PM 11 HDCntrl01
02/02/2010 06:50 PM 11,860 hhdsh
08/16/2005 01:54 AM 1,536 hidec.exe
10/20/2009 05:25 PM 954 history.bat
03/12/2010 04:09 PM 0 Homer
03/12/2010 04:09 PM 171 Homer.chk
04/20/2009 12:56 PM 31,232 iexplore.exe
08/31/2000 08:00 AM 1,057 image001.gif
03/12/2010 04:16 PM 49,152 index.dat
12/12/2009 08:07 PM 1,373 katch.cmd
03/12/2010 04:08 PM 15 kmd.dat
12/06/2009 07:19 AM 194,286 Lang.bat
03/12/2010 04:09 PM 970 LegacyFull
03/12/2010 04:09 PM 183 LegacyNoSvc
08/31/2000 08:00 AM 2,428 lnkread.vbs
03/07/2010 12:48 PM 169 localappdata.folder.dat
08/31/2000 08:00 AM 225 LocalService.dat
08/31/2000 08:00 AM 91 LocalServiceNetworkRestricted.dat
03/07/2010 12:48 PM 169 LocalSettings.folder.dat
08/31/2000 08:00 AM 198 LocalSystemNetworkRestricted.dat
03/12/2010 04:09 PM 116 Look.dat
03/12/2010 04:16 PM 0 LSPDone
03/12/2010 04:19 PM 258 L_Beep00
10/25/2009 06:11 AM 77,312 mbr.cfxxe
03/12/2010 04:19 PM 487 mbr.txt
03/12/2010 04:19 PM 0 mbr00
03/12/2010 04:19 PM 0 mbr01
03/12/2010 04:08 PM 5,542 md5sum.pif
03/12/2010 04:16 PM 232 MissingFiles.dat
12/27/2009 02:08 PM 2,409 MoveIt.bat
03/12/2010 04:24 PM 281 mSIOI00
03/12/2010 04:24 PM 0 mSIOI0A
08/31/2000 08:00 AM 11,264 mtee.cfxxe
03/12/2010 04:07 PM 7 MUI
03/12/2010 04:08 PM 749 MWindows.dat
08/31/2000 08:00 AM 0 mynul.dat
03/07/2010 12:48 PM 144 mypictures.folder.dat
04/20/2009 12:56 PM 31,232 n.pif
03/12/2010 04:08 PM 2,109 ncmd.com
12/24/2009 04:12 PM 283 ndis_combofix.dat
02/12/2010 05:04 AM 28,607 ND_.bat
03/12/2010 04:15 PM 37,060 netsvc.bad.dat
08/31/2000 08:00 AM 481 netsvc.dat
08/31/2000 08:00 AM 88 NetworkService.dat
04/20/2009 12:56 PM 31,232 NirCmd.cfxxe
04/20/2009 12:56 PM 31,232 NircmdB.exe
04/20/2009 12:56 PM 30,720 NirCmdC.cfxxe
03/12/2010 04:07 PM 6 NlsLanguageDefault
03/12/2010 04:08 PM 176 notifykeys.dat
03/12/2010 04:08 PM 210 notifykeysB.dat
03/12/2010 04:12 PM 157 NotifyQuery.dat
03/12/2010 04:19 PM 45 NoX2del
03/07/2010 02:59 PM 24,390 NT-OS.cmd
03/12/2010 04:08 PM 0 NULL
03/12/2010 04:24 PM <DIR> N_
03/12/2010 04:14 PM 451 OriO4
03/12/2010 04:14 PM 1,227 OriO4Files.dat
03/12/2010 04:08 PM 90 OsId.txt
08/31/2000 08:00 AM 977 OSid.vbs
03/12/2010 04:07 PM 40 OsVer
03/12/2010 04:14 PM 0 patched.af
03/12/2010 04:13 PM 113 PathSearch
03/12/2010 04:08 PM 802 pend.txt
12/09/2009 10:54 PM 261,632 PEV.cfxxe
12/09/2009 10:54 PM 261,632 pev.exe
01/19/2008 02:33 AM 15,360 PING.cfxxe
07/06/2009 03:51 AM 2,992 Policies.dat
03/12/2010 04:08 PM 37 PreDIR
08/14/2009 04:54 AM 2,374 Prep.inf
03/07/2010 12:48 PM 215 Profiles.Folder.dat
03/07/2010 12:48 PM 281 Profiles.Folder.folder.dat
03/12/2010 04:09 PM 58,730 progfile.dat
08/31/2000 08:00 AM 404 Purity.dat
03/02/2006 11:42 PM 73,728 PV.cfxxe
03/02/2006 11:42 PM 73,728 pv.com
03/12/2010 04:16 PM 0 rboot.dat
08/31/2000 08:00 AM 7,478 RCLink.dat
03/12/2010 04:08 PM 7 RcVer00
08/31/2000 08:00 AM 3,558 REGDACL.sed
05/23/2009 02:29 AM 1,149 region.dat
03/12/2010 04:13 PM 6 RegRun01
03/04/2010 10:46 PM 50,960 RegScan.cmd
01/02/2010 05:22 PM 17,071 RegScan64.cmd
03/12/2010 04:08 PM 134,656 REGT.cfxxe
03/12/2010 04:14 PM 0 RenVDel.dat
03/12/2010 04:08 PM 161 Resident.txt
03/12/2010 04:08 PM 97 restore_pt.dat
11/15/2009 05:35 AM 442 Rkey.cmd
08/31/2000 08:00 AM 820 rogues.dat
08/14/2009 08:49 AM 17,920 ROUTE.cfxxe
03/12/2010 04:08 PM 1,612 run.sed
08/31/2000 08:00 AM 287 run2.sed
06/10/2009 11:38 AM 30 Rust.str
08/31/2000 08:00 AM 329 safeboot.dat
03/12/2010 04:08 PM 1,745 safeboot.def.dat
08/31/2000 08:00 AM 98,816 sed.cfxxe
03/12/2010 04:12 PM 225 SEHQuery.dat
03/12/2010 04:09 PM 24,302 ServiceFiles.dat
11/16/2009 01:05 AM 14,382 SetEnvmt.bat
03/12/2010 04:16 PM 5,237 SetPath.bat
08/31/2000 08:00 AM 30,956 setpath.cfxxe
06/10/2006 02:42 PM 49,152 SF.exe
03/12/2010 04:08 PM 58 sfx.cmd
03/12/2010 04:24 PM 1,271 SIOI.dat
03/12/2010 04:24 PM 1,223 SnapRef.dat
03/12/2010 04:19 PM 0 snapshot.00.dat
03/12/2010 04:24 PM 0 SnapShot.01.dat
03/12/2010 04:24 PM 0 SnapShot.02.dat
03/12/2010 04:24 PM 0 SnapShot.dat
03/07/2010 03:04 PM 138,074 srizbi.md5
03/07/2010 12:48 PM 714 startup.folder.dat
03/12/2010 04:08 PM 2 Start_dat
03/12/2010 04:12 PM 260 STSQuery.dat
12/24/2009 04:12 PM 20,040 SuppScan.cmd
03/12/2010 04:12 PM 0 SuspectB_netsvc.dat
03/12/2010 04:14 PM 513 suspectSvc.dat
03/12/2010 04:14 PM 53,764 SvcCovered
03/12/2010 04:09 PM 0 SvcDiff
08/31/2000 08:00 AM 2,176 SvcDrv.vbs
03/12/2010 04:09 PM 26,484 SvcDump
03/12/2010 04:09 PM 4,394 SvcDumpB
03/12/2010 04:09 PM 1,415,042 SvcDumpFull
03/12/2010 04:09 PM 4,399 SvcFull
08/31/2000 08:00 AM 668 svchost.dat
03/12/2010 04:24 PM 40,936 svclist.dat
03/12/2010 04:15 PM 284 SvcTarget.dat
03/12/2010 04:08 PM 14,126 svc_wht.dat
08/31/2000 08:00 AM 161,792 SWREG.cfxxe
08/31/2000 08:00 AM 161,792 swreg.exe
08/31/2000 08:00 AM 136,704 swsc.cfxxe
08/31/2000 08:00 AM 212,480 swxcacls.cfxxe
03/07/2010 12:48 PM 877 SysPath.dat
08/31/2000 08:00 AM 276 system_ini.dat
11/10/1999 08:00 AM 35,328 tail.cfxxe
03/12/2010 04:12 PM 0 temp2000
03/12/2010 04:15 PM 0 temp5000
02/08/2010 04:38 AM 4,096 Thumbs.db
10/30/2009 01:26 PM 633 toolbar.sed
03/12/2010 04:08 PM 606 unhand.dat
03/12/2010 04:09 PM 329 Unhandled.dat
12/30/2009 03:26 AM 2,785 Update-CF.cmd
03/12/2010 04:12 PM 0 UploadThese
03/12/2010 04:12 PM 0 V-FilesB.dat
03/12/2010 04:14 PM 0 v-tmp.dat
03/12/2010 04:08 PM 357 VerCF.bat
03/12/2010 04:08 PM 96,424 VikPev00
03/12/2010 04:13 PM 0 Vikpev01
03/12/2010 04:08 PM 4 Vista.krl
03/12/2010 04:07 PM 37 Vista.mac
03/12/2010 04:13 PM 53,149 vRun_DLL
03/04/2010 01:01 AM 6,516 vun.dat
03/12/2010 04:13 PM 4,049 v_str.dat
03/12/2010 04:08 PM 49,076 v_wht.dat
03/12/2010 04:08 PM 87,745 whiteAll.dat
03/12/2010 04:18 PM 9 whitedir00
05/14/2009 01:08 AM 592 Wmi_rem.vbs
03/12/2010 04:13 PM 140 WrgNameDLL
02/02/2010 06:41 PM 13,090 XPSBoot.reg
08/31/2000 08:00 AM 23,773 zDomain.dat
08/31/2000 08:00 AM 68,096 zip.cfxxe
03/12/2010 04:08 PM 0 Zlob01
261 File(s) 23,872,035 bytes

Directory of C:\CFix15307C\en-US

03/12/2010 04:08 PM <DIR> .
03/12/2010 04:08 PM <DIR> ..
11/02/2006 07:41 AM 2,560 ATTRIB.cfxxe.mui
11/02/2006 07:41 AM 135,168 CF20051.cfxxe.mui
11/02/2006 07:41 AM 135,168 cmd.cfxxe.mui
11/02/2006 07:41 AM 11,776 CSCRIPT.cfxxe.mui
01/19/2008 02:33 AM 10,240 PING.cfxxe.mui
11/02/2006 07:40 AM 53,248 REGT.cfxxe.mui
08/14/2009 11:09 AM 13,312 ROUTE.cfxxe.mui
11/02/2006 07:41 AM 11,264 SORT.cfxxe.mui
8 File(s) 372,736 bytes

Directory of C:\CFix15307C\N_

03/12/2010 04:24 PM <DIR> .
03/12/2010 04:24 PM <DIR> ..
03/12/2010 04:24 PM 0 RegScan
1 File(s) 0 bytes

Total Files Listed:
270 File(s) 24,244,771 bytes
8 Dir(s) 429,317,808,128 bytes free




charlie





#9 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 12 March 2010 - 06:36 PM

Hi myrti,

Hey wait, my mistake last time the ComboFix.txt was located at C:\ ComboFix.txt
But I just found one here at
C:\CFix15307C\ComboFix.txt


Also there are a lot of errors / warnings in my Event Viewer.
Would seeing these help you? Can you read my *.evtx files.
When I export them to a text file it is in a xml type format and very verbose.


So let me post the ComboFix file:


ComboFix 10-03-06.06 - chasmanchu 03/12/2010 16:09:26.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2360 [GMT -5:00]
Running from: C:\Users\chasmanchu\Downloads\CFix.exe
Command switches used :: C:\Users\chasmanchu\Downloads\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IYILHSR
-------\Legacy_NQDHANTAPEWQPLYBW
-------\Legacy_OILX
-------\Service_IYILHSR
-------\Service_NQDHANTAPEWQPLYBW
-------\Service_OILX


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 21:16:12 . 2010-03-12 21:19:50 -------- d-----w- C:\Users\chasmanchu\AppData\Local\temp
2010-03-12 21:16:12 . 2010-03-12 21:16:12 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-03-12 21:16:12 . 2010-03-12 21:16:12 -------- d-----w- C:\Users\nownew\AppData\Local\temp
2010-03-12 21:16:12 . 2010-03-12 21:16:12 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2010-03-12 21:16:12 . 2010-03-12 21:16:12 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-03-12 03:13:18 . 2010-03-12 03:13:18 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\Malwarebytes
2010-03-12 03:13:13 . 2010-01-07 21:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-03-12 03:13:11 . 2010-03-12 03:13:17 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-12 03:13:11 . 2010-03-12 03:13:11 -------- d-----w- C:\ProgramData\Malwarebytes
2010-03-12 03:13:11 . 2010-01-07 21:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-03-11 08:00:37 . 2010-02-20 23:06:41 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2010-03-11 08:00:33 . 2010-02-20 20:53:34 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2010-03-11 08:00:32 . 2010-02-20 23:05:14 30720 ----a-w- C:\Windows\system32\httpapi.dll
2010-03-08 08:15:45 . 2010-03-08 08:15:45 -------- d-----w- C:\Windows\system32\Events
2010-03-07 18:21:17 . 2010-03-07 18:32:27 -------- d-----w- C:\CFix14392C
2010-03-07 17:44:17 . 2010-03-07 18:05:04 -------- d-----w- C:\CFix
2010-03-07 01:28:22 . 2010-03-07 01:28:22 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\Sunbelt
2010-03-07 00:53:25 . 2010-03-07 00:53:25 -------- d-----w- C:\Users\nownew\AppData\Local\Mozilla
2010-03-07 00:52:14 . 2010-03-07 00:52:14 -------- d-----w- C:\Users\nownew\AppData\Local\Adobe
2010-03-07 00:52:11 . 2010-03-07 00:52:11 98696 ----a-w- C:\Users\nownew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 00:43:39 . 2010-03-05 00:43:39 98696 ----a-w- C:\Users\chasmanchu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 17:50:49 . 2010-03-03 17:50:49 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\Leadertech
2010-03-03 02:22:36 . 2010-03-03 02:22:36 -------- d-----w- C:\Users\chasmanchu\AppData\Local\Mozilla
2010-03-03 02:16:21 . 2010-03-04 07:45:05 -------- d-----w- C:\ProgramData\NVIDIA
2010-03-03 01:13:21 . 2010-03-03 01:13:29 -------- d-----w- C:\Windows\nvtmpinst
2010-03-01 05:19:12 . 2010-03-01 05:19:12 -------- d-----w- C:\Users\chasmanchu\AppData\Local\Opera
2010-03-01 05:18:38 . 2010-03-01 05:18:40 -------- d-----w- C:\Program Files\Opera
2010-02-28 04:34:09 . 2010-02-28 04:35:34 -------- d-----w- C:\Program Files\ProcessExplorer
2010-02-27 10:18:45 . 2010-02-27 11:08:04 -------- d-----w- C:\Users\chasmanchu\AppData\Local\SupportSoft
2010-02-26 06:40:57 . 2010-02-26 06:40:57 -------- d-----w- C:\Intel
2010-02-26 00:28:11 . 2010-02-27 11:09:51 -------- d-----w- C:\Users\chasmanchu\AppData\Local\Deployment
2010-02-25 23:59:14 . 2010-02-25 23:59:43 -------- d-----w- C:\My Pictures
2010-02-25 22:30:28 . 2010-02-25 22:30:30 -------- d-----w- C:\Program Files\Speccy
2010-02-24 08:30:18 . 2009-08-20 03:50:31 22872 ----a-r- C:\Windows\system32\AdobePDFUI.dll
2010-02-20 08:04:53 . 2010-02-20 08:04:53 -------- d-----w- C:\Users\chasmanchu\AppData\Local\NewSoft
2010-02-19 07:35:53 . 2010-02-19 07:35:53 -------- d-----w- C:\ProgramData\WindowsSearch
2010-02-19 07:13:41 . 2010-02-19 07:13:41 -------- d-----w- C:\Program Files\AVG
2010-02-19 05:01:48 . 2009-12-08 20:01:02 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-02-19 05:01:47 . 2009-12-08 20:01:02 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-02-19 04:36:07 . 2009-12-11 11:43:30 302080 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-02-19 04:36:06 . 2009-12-11 11:43:11 98816 ----a-w- C:\Windows\system32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 21:19:16 . 2009-12-02 03:36:47 244218 ----a-w- C:\ProgramData\nvModes.dat
2010-03-12 21:16:40 . 2007-12-09 18:47:42 12 ----a-w- C:\Windows\bthservsdp.dat
2010-03-11 08:30:08 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-03-07 03:15:14 . 2009-03-17 01:20:14 94 ----a-w- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
2010-03-07 03:15:14 . 2009-03-17 01:20:14 94 ----a-w- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
2010-03-07 01:23:10 . 2009-01-16 21:54:45 -------- d-----w- C:\Program Files\Sunbelt Software
2010-03-03 04:34:19 . 2008-06-29 22:01:28 -------- d-----w- C:\Program Files\Common Files\Real
2010-03-03 02:50:31 . 2008-01-20 05:33:08 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\FileZilla
2010-03-01 06:30:25 . 2008-12-12 07:16:26 1 ----a-w- C:\Users\chasmanchu\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-01 05:03:33 . 2008-01-08 05:12:39 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2010-02-27 21:13:12 . 2010-02-27 21:13:12 690952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-27 11:08:04 . 2008-01-08 05:31:09 -------- d-----w- C:\ProgramData\SupportSoft
2010-02-27 11:07:18 . 2008-01-08 05:30:46 -------- d-----w- C:\Program Files\Common Files\supportsoft
2010-02-27 04:54:11 . 2007-12-09 18:50:28 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-25 23:52:33 . 2009-11-06 01:46:37 -------- d-----w- C:\Program Files\FileZilla FTP Client
2010-02-25 21:51:22 . 2008-07-26 22:16:05 -------- d-----w- C:\Program Files\CCleaner
2010-02-24 14:16:06 . 2009-10-27 01:10:43 181632 ------w- C:\Windows\system32\MpSigStub.exe
2010-02-20 08:49:07 . 2008-01-08 04:19:40 1664 ----a-w- C:\Users\chasmanchu\AppData\Roaming\wklnhst.dat
2010-02-19 01:29:34 . 2009-11-06 13:11:08 -------- d-----w- C:\Program Files\FLAC
2010-02-19 01:29:34 . 2009-11-06 03:37:08 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\foobar2000
2010-02-19 01:29:34 . 2009-07-16 19:33:00 -------- d-----w- C:\ProgramData\FLEXnet
2010-02-04 20:34:10 . 2009-06-09 22:04:26 -------- d-----w- C:\ProgramData\NOS
2010-01-28 00:48:42 . 2007-12-09 18:48:45 -------- d-----w- C:\Program Files\Common Files\Java
2010-01-28 00:42:51 . 2007-12-09 18:48:45 -------- d-----w- C:\Program Files\Java
2010-01-25 12:00:35 . 2010-02-23 19:24:16 471552 ----a-w- C:\Windows\system32\secproc_isv.dll
2010-01-25 12:00:35 . 2010-02-23 19:24:10 152576 ----a-w- C:\Windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 . 2010-02-23 19:24:10 152064 ----a-w- C:\Windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 . 2010-02-23 19:24:15 471552 ----a-w- C:\Windows\system32\secproc.dll
2010-01-25 11:58:52 . 2010-02-23 19:24:10 332288 ----a-w- C:\Windows\system32\msdrm.dll
2010-01-25 08:21:20 . 2010-02-23 19:24:12 526336 ----a-w- C:\Windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 . 2010-02-23 19:24:10 346624 ----a-w- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 . 2010-02-23 19:24:10 518144 ----a-w- C:\Windows\system32\RMActivate.exe
2010-01-25 08:21:18 . 2010-02-23 19:24:10 347136 ----a-w- C:\Windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 . 2010-02-23 19:24:22 2048 ----a-w- C:\Windows\system32\tzres.dll
2010-01-22 00:20:35 . 2008-01-23 05:15:17 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\Skype
2010-01-21 21:27:53 . 2008-01-23 05:18:27 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\skypePM
2010-01-15 21:53:51 . 2008-12-11 06:00:52 -------- d-----w- C:\Program Files\SysInternalsSuite
2010-01-12 02:29:44 . 2009-11-14 02:26:29 -------- d-----w- C:\Users\chasmanchu\AppData\Roaming\Audacity
2010-01-06 15:39:38 . 2010-02-23 19:24:41 1696256 ----a-w- C:\Windows\system32\gameux.dll
2010-01-06 15:38:47 . 2010-02-23 19:24:40 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2010-01-06 15:38:40 . 2010-02-23 19:24:40 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38:39 . 2010-02-23 19:24:40 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll
2010-01-06 15:38:39 . 2010-02-23 19:24:40 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38:39 . 2010-02-23 19:24:40 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll
2010-01-06 13:30:41 . 2010-02-23 19:24:40 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-04 22:02:22 . 2010-01-04 22:02:22 27984 ----a-w- C:\Windows\system32\sbbd.exe
2010-01-02 06:38:20 . 2010-01-22 16:42:00 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-01-02 06:32:33 . 2010-01-22 16:41:58 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-01-02 06:32:33 . 2010-01-22 16:41:58 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-01-02 04:57:00 . 2010-01-22 16:41:58 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-17 22:14:00 . 2008-12-14 22:17:41 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-12-14 12:57:22 . 2010-01-13 06:44:08 213504 ----a-w- C:\Users\chasmanchu\AppData\Roaming\Thunderbird\Profiles\x9kd24m2.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2007-12-10 02:28:44 . 2007-12-10 02:20:29 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.



charlie


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:18 AM

Posted 13 March 2010 - 06:05 AM

Hi,

The driver from your BSOD is part of your sunbelt firewall, which according to ComboFix may have been active during the writing of the log. Basically Sunbelt and ComboFix were fighting to become surpreme overlord of your PC, ouhm I mean of course to protect your PC. whistling.gif
Even if you disable realtime protection security programs often keep their self-protection running and this can lead to conflicts, as they seem to exist here.

Anyways ComboFix obviously managed to delete the drivers according to the log and that is what's important. I don't believe we need to run ComboFix again.

Please provide a new log from OTL (only one log will be created) so we can see what is left.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 March 2010 - 11:27 AM

Hi myrti,

Great news about the deletion of those drivers / services but that leaves me with a question. Did Vipre, AVG, and Malwarebytes scan those files and not see them as a threat or were the files hidden from their scans?

Here is my latest OTL Report.


OTL logfile created on: 3/13/2010 10:47:57 AM - Run 2
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Users\chasmanchu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 396.08 Gb Free Space | 86.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.98 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHASMANCHUPC
Current User Name: chasmanchu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 01:30:32 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chasmanchu\Downloads\OTL.exe
PRC - [2010/02/24 17:19:07 | 011,944,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/04 17:04:22 | 000,959,824 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2009/12/21 18:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/04/11 01:27:45 | 001,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008/03/04 14:00:00 | 007,222,544 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/11 01:30:32 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\chasmanchu\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/06 09:26:28 | 000,729,088 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/07/16 14:30:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/19 13:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 21:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/13 08:22:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/10 19:06:28 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/11/19 13:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/10/31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2008/06/21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/22 21:45:47 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/09 21:28:43 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/09 21:28:43 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/09 21:28:43 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/21 02:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/18 19:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 19:39:15 | 001,278,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 19:39:15 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/03/23 02:00:14 | 000,030,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XPVCOM.sys -- (xpvcom)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 23:31:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 21:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/02 23:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/02 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Extensions
[2010/03/01 03:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/13 09:25:36 | 000,000,000 | ---D | M] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions
[2010/03/02 21:40:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/02 22:16:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\chasmanchu\AppData\Roaming\Mozilla\Firefox\Profiles\c7dzegjh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/02 21:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/12 16:19:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - No CLSID value found.
O3 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2370754828-832601814-1768823969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1258216234316 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/05 21:37:46 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 16:19:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/12 16:16:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/12 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\temp
[2010/03/12 16:08:03 | 000,000,000 | ---D | C] -- C:\CFix15307C
[2010/03/12 16:07:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/11 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Malwarebytes
[2010/03/11 22:13:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/11 22:13:11 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/11 22:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/11 22:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/11 03:00:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 03:00:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/08 03:15:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Events
[2010/03/07 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\Documents\bleepingcomputer
[2010/03/07 13:21:17 | 000,000,000 | ---D | C] -- C:\CFix14392C
[2010/03/07 12:48:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/07 12:48:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/07 12:48:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/07 12:47:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/07 12:44:17 | 000,000,000 | ---D | C] -- C:\CFix
[2010/03/07 12:43:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Sunbelt
[2010/03/03 12:50:49 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Leadertech
[2010/03/02 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Mozilla
[2010/03/02 21:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/02 21:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/02 20:13:21 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2010/03/01 03:47:20 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Mozilla
[2010/03/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Roaming\Opera
[2010/03/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Opera
[2010/03/01 00:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/27 23:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2010/02/27 05:18:45 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\SupportSoft
[2010/02/26 01:40:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/02/25 19:28:11 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\Deployment
[2010/02/25 18:59:14 | 000,000,000 | ---D | C] -- C:\My Pictures
[2010/02/25 17:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/02/24 03:30:18 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/02/23 14:24:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 14:24:41 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 14:24:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 14:24:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/23 14:24:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 14:24:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 14:24:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 14:24:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 14:24:10 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 14:24:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 14:24:10 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 14:24:10 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 14:24:10 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 14:24:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/20 03:04:53 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\AppData\Local\NewSoft
[2010/02/20 03:04:53 | 000,000,000 | ---D | C] -- C:\Users\chasmanchu\Documents\My PageManager
[2010/02/19 02:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/02/19 02:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/19 00:01:48 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/19 00:01:47 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/18 23:35:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/18 23:35:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/18 23:35:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/18 23:35:30 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/01/30 14:37:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxblinpa.dll
[2008/01/30 14:37:57 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBLhcp.dll
[2008/01/30 14:37:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxblserv.dll
[2008/01/30 14:37:56 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxblusb1.dll
[2008/01/30 14:37:56 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxblpmui.dll
[2008/01/30 14:37:56 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbllmpm.dll
[2008/01/30 14:37:56 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbliesc.dll
[2008/01/30 14:37:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxblprox.dll
[2008/01/30 14:37:56 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxblpplc.dll
[2008/01/30 14:37:55 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxblhbn3.dll
[2008/01/30 14:37:55 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxblcomc.dll
[2008/01/30 14:37:55 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxblcomm.dll
[2 C:\Users\chasmanchu\Documents\*.tmp files -> C:\Users\chasmanchu\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/13 10:45:59 | 003,670,016 | -HS- | M] () -- C:\Users\chasmanchu\ntuser.dat
[2010/03/13 09:12:14 | 000,747,162 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/13 09:12:14 | 000,634,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/13 09:12:14 | 000,117,228 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/13 09:11:14 | 000,244,218 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/13 09:11:14 | 000,244,218 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/13 09:06:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 09:06:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/13 09:06:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/13 09:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/12 23:06:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/12 23:06:19 | 000,524,288 | -HS- | M] () -- C:\Users\chasmanchu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 23:06:19 | 000,065,536 | -HS- | M] () -- C:\Users\chasmanchu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/12 23:06:15 | 003,308,740 | -H-- | M] () -- C:\Users\chasmanchu\AppData\Local\IconCache.db
[2010/03/12 19:31:31 | 000,024,064 | ---- | M] () -- C:\Users\chasmanchu\Documents\Hi myrti - 03.doc
[2010/03/12 17:39:00 | 000,026,112 | ---- | M] () -- C:\Users\chasmanchu\Documents\Hi myrti - 02.doc
[2010/03/12 16:35:11 | 3219,344,430 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/12 16:19:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/12 16:19:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/11 22:13:15 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/11 05:09:01 | 000,117,248 | ---- | M] () -- C:\Users\chasmanchu\Documents\Doc2.doc
[2010/03/11 04:12:01 | 000,025,088 | ---- | M] () -- C:\Users\chasmanchu\Documents\Hi myrti.doc
[2010/03/07 18:10:45 | 000,000,020 | ---- | M] () -- C:\Users\chasmanchu\defogger_reenable
[2010/03/07 17:56:52 | 000,524,288 | ---- | M] () -- C:\Users\chasmanchu\Desktop\dds.scr
[2010/03/07 01:03:14 | 000,000,334 | ---- | M] () -- C:\Windows\Edit2
[2010/03/06 22:15:14 | 000,000,094 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
[2010/03/06 19:59:42 | 3219,344,478 | ---- | M] () -- C:\Windows\MEMORY.SAVEDMP
[2010/03/04 19:52:17 | 000,033,280 | ---- | M] () -- C:\Users\chasmanchu\Documents\Medical Exps For 2009.xls
[2010/03/04 19:43:39 | 000,098,696 | ---- | M] () -- C:\Users\chasmanchu\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 04:51:50 | 000,001,838 | ---- | M] () -- C:\Users\Public\Documents\now.text
[2010/03/02 21:22:33 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/02 21:19:29 | 000,000,848 | ---- | M] () -- C:\Users\chasmanchu\Desktop\procexp.lnk
[2010/03/01 00:52:46 | 000,073,716 | ---- | M] () -- C:\Users\chasmanchu\Documents\bookmarks.html
[2010/02/27 07:13:00 | 005,312,512 | ---- | M] () -- C:\Users\chasmanchu\Documents\System_01.evtx
[2010/02/27 07:12:35 | 003,215,360 | ---- | M] () -- C:\Users\chasmanchu\Documents\Security_01.evtx
[2010/02/27 07:11:46 | 002,166,784 | ---- | M] () -- C:\Users\chasmanchu\Documents\AppEvents_01.evtx
[2010/02/27 04:43:22 | 000,167,936 | ---- | M] () -- C:\Users\chasmanchu\Documents\modemFireWallsettings.doc
[2010/02/26 23:54:17 | 000,000,760 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\setup_ldm.iss
[2010/02/26 00:54:42 | 000,421,211 | ---- | M] () -- C:\Users\chasmanchu\Documents\sar_15_umeng.pdf
[2010/02/25 18:55:02 | 000,175,616 | ---- | M] () -- C:\Users\chasmanchu\Documents\FileZillaCsideSettings.doc
[2010/02/25 18:48:10 | 000,488,960 | ---- | M] () -- C:\Users\chasmanchu\Documents\TBirdAccSettings.doc
[2010/02/25 17:30:29 | 000,001,636 | ---- | M] () -- C:\Users\chasmanchu\Desktop\Speccy.lnk
[2010/02/25 17:09:57 | 000,157,696 | ---- | M] () -- C:\Users\chasmanchu\Documents\Doc1.doc
[2010/02/25 16:51:24 | 000,001,672 | ---- | M] () -- C:\Users\chasmanchu\Desktop\CCleaner.lnk
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 22:20:38 | 000,119,808 | ---- | M] () -- C:\Users\chasmanchu\Documents\2009 Business Expenditure Log.xls
[2010/02/23 14:52:31 | 000,375,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 03:39:36 | 000,121,344 | ---- | M] () -- C:\Users\chasmanchu\Documents\MusicalInventory.xls
[2010/02/20 18:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 18:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/20 03:49:07 | 000,001,664 | ---- | M] () -- C:\Users\chasmanchu\AppData\Roaming\wklnhst.dat
[2010/02/19 00:15:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/02/18 15:10:58 | 000,093,184 | ---- | M] () -- C:\Users\chasmanchu\Documents\2010 Business Expenditure Log.xls
[2010/02/15 21:35:33 | 000,872,363 | ---- | M] () -- C:\Users\chasmanchu\Documents\Marantz_America_Limited_Warranty_for_Reference_Series_models_May.1.2009.pdf
[2010/02/12 14:04:17 | 000,117,716 | ---- | M] () -- C:\Users\chasmanchu\Documents\https___stmts.chase.com_Stmt2.pdf
[2 C:\Users\chasmanchu\Documents\*.tmp files -> C:\Users\chasmanchu\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 18:21:18 | 000,024,064 | ---- | C] () -- C:\Users\chasmanchu\Documents\Hi myrti - 03.doc
[2010/03/12 16:44:05 | 000,026,112 | ---- | C] () -- C:\Users\chasmanchu\Documents\Hi myrti - 02.doc
[2010/03/12 16:00:28 | 3219,344,430 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/11 22:13:15 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/11 05:09:00 | 000,117,248 | ---- | C] () -- C:\Users\chasmanchu\Documents\Doc2.doc
[2010/03/11 03:26:17 | 000,025,088 | ---- | C] () -- C:\Users\chasmanchu\Documents\Hi myrti.doc
[2010/03/07 18:15:53 | 000,524,288 | ---- | C] () -- C:\Users\chasmanchu\Desktop\dds.scr
[2010/03/07 18:10:30 | 000,000,020 | ---- | C] () -- C:\Users\chasmanchu\defogger_reenable
[2010/03/07 12:48:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/07 12:48:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/07 12:48:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/07 12:48:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/07 12:48:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/07 00:48:31 | 000,000,334 | ---- | C] () -- C:\Windows\Edit2
[2010/03/06 19:59:42 | 3219,344,478 | ---- | C] () -- C:\Windows\MEMORY.SAVEDMP
[2010/03/02 21:55:09 | 000,119,808 | ---- | C] () -- C:\Users\chasmanchu\Documents\2009 Business Expenditure Log.xls
[2010/03/02 21:55:09 | 000,093,184 | ---- | C] () -- C:\Users\chasmanchu\Documents\2010 Business Expenditure Log.xls
[2010/03/02 21:22:33 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/02 21:19:29 | 000,000,848 | ---- | C] () -- C:\Users\chasmanchu\Desktop\procexp.lnk
[2010/03/01 00:52:46 | 000,073,716 | ---- | C] () -- C:\Users\chasmanchu\Documents\bookmarks.html
[2010/02/27 07:12:58 | 005,312,512 | ---- | C] () -- C:\Users\chasmanchu\Documents\System_01.evtx
[2010/02/27 07:12:32 | 003,215,360 | ---- | C] () -- C:\Users\chasmanchu\Documents\Security_01.evtx
[2010/02/27 07:11:46 | 002,166,784 | ---- | C] () -- C:\Users\chasmanchu\Documents\AppEvents_01.evtx
[2010/02/27 04:43:21 | 000,167,936 | ---- | C] () -- C:\Users\chasmanchu\Documents\modemFireWallsettings.doc
[2010/02/26 00:54:42 | 000,421,211 | ---- | C] () -- C:\Users\chasmanchu\Documents\sar_15_umeng.pdf
[2010/02/25 18:53:59 | 000,175,616 | ---- | C] () -- C:\Users\chasmanchu\Documents\FileZillaCsideSettings.doc
[2010/02/25 18:45:29 | 000,488,960 | ---- | C] () -- C:\Users\chasmanchu\Documents\TBirdAccSettings.doc
[2010/02/25 17:30:29 | 000,001,636 | ---- | C] () -- C:\Users\chasmanchu\Desktop\Speccy.lnk
[2010/02/25 17:09:55 | 000,157,696 | ---- | C] () -- C:\Users\chasmanchu\Documents\Doc1.doc
[2010/02/23 02:01:55 | 000,033,280 | ---- | C] () -- C:\Users\chasmanchu\Documents\Medical Exps For 2009.xls
[2010/02/19 00:15:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/18 14:21:45 | 000,092,672 | ---- | C] () -- C:\Users\chasmanchu\Documents\BudgetForNovember2007.xls
[2010/02/15 21:35:33 | 000,872,363 | ---- | C] () -- C:\Users\chasmanchu\Documents\Marantz_America_Limited_Warranty_for_Reference_Series_models_May.1.2009.pdf
[2010/02/12 14:04:17 | 000,117,716 | ---- | C] () -- C:\Users\chasmanchu\Documents\https___stmts.chase.com_Stmt2.pdf
[2010/01/09 02:04:21 | 000,000,281 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2009/12/01 22:36:47 | 000,244,218 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/01 22:36:47 | 000,244,218 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/13 21:28:58 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/26 23:44:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/15 00:19:32 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/05/14 23:54:30 | 000,000,760 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\setup_ldm.iss
[2009/03/16 20:20:14 | 000,000,094 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\netstat.bat
[2009/02/10 19:39:00 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008/05/13 12:25:30 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008/05/13 12:22:11 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/03/05 02:39:07 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/02/21 18:24:29 | 000,000,020 | ---- | C] () -- C:\Windows\LANG.INI
[2008/02/10 15:31:26 | 000,027,043 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\UserTile.png
[2008/01/30 14:37:57 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBLinst.dll
[2008/01/23 00:18:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/01/16 20:07:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/07 23:19:40 | 000,001,664 | ---- | C] () -- C:\Users\chasmanchu\AppData\Roaming\wklnhst.dat
[2007/12/09 21:29:05 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/03/23 02:00:14 | 000,030,032 | ---- | C] () -- C:\Windows\System32\drivers\XPVCOM.sys
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxblcoin.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2005/09/07 13:44:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxblvs.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/12/09 21:20:31 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2007/12/09 21:28:43 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2007/12/09 21:20:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/12/09 21:20:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/12/09 21:21:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 18:11:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] () MD5=F6B15E53E09BD2D7ECE7DDB2DD036C5D -- C:\Windows\ERDNT\cache\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


charlie


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:18 AM

Posted 13 March 2010 - 03:05 PM

Hi,

it seems that the files were either never created or deleted a long time ago. Only the services were left over. It could be your anti virus program that blocked either the creation of the file or that removed it.

How is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 13 March 2010 - 11:26 PM

Hi myrti,

My PC is running good, so if my last OTL Report checked out to your satisfaction we can consider my case resolved, yes?

I know it will take me a few days before I really feel that I am in the clear, but I am thinking I can always open a new topic if I need to.

You have been very helpful and sometime next week I will click on your donate button to return the favor.

Thanks myrti,


charlie



#14 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 14 March 2010 - 01:13 AM

Hi myrti,

My PC is running good.

I Just want to double check with you on one thing. In the Catchlog file there is the following:

C:\Users\CHASMA~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

Is this OK?

Did my last OTL Report checked out to your satisfaction?

charlie


#15 chasmanchu

chasmanchu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 14 March 2010 - 04:00 AM

Hi myrti,

I think I said things were running good too soon. I have had another BSOD, and some other odd things happening. I am starting to think that I just rebuild the PC with the factory install disk. Also maybe it is some sort of hardware error. I had previously run spinrite on the disk and replaced the graphics card but there are plenty of other things that could be wrong hardware wise.
Let me know what you think.

charlie





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users