Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan seems to be causing BSOD relating to Sunbelt Firewall


  • This topic is locked This topic is locked
14 replies to this topic

#1 Nathan2508

Nathan2508

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 16 May 2010 - 08:08 AM

I'm getting a BSOD that shows an error related to sbhips.sys which is located in C:\Windows\System32\drivers. sbhips.sys was created by Sunbelt and I am using their free firewall.

After running BlueScreenView I got this log file:



==================================================
Dump File : Mini042810-02.dmp
Crash Time : 4/28/2010 3:54:31 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8facabb1
Parameter 3 : 0xccf9cb88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042810-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042810-01.dmp
Crash Time : 4/28/2010 2:27:59 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8feb8bb1
Parameter 3 : 0xbefc2b88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042810-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042710-01.dmp
Crash Time : 4/27/2010 12:23:55 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8fac0bb1
Parameter 3 : 0xd132bb88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042710-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042610-02.dmp
Crash Time : 4/26/2010 5:31:23 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8fabdbb1
Parameter 3 : 0x8e56ab88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042610-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042610-01.dmp
Crash Time : 4/26/2010 12:09:55 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x8fecc184
Parameter 3 : 0x8feccc9c
Parameter 4 : 0x09630ce0
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+d184
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042610-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042510-01.dmp
Crash Time : 4/25/2010 10:19:24 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x900b9bb1
Parameter 3 : 0xbfdcbb88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042510-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042410-02.dmp
Crash Time : 4/24/2010 12:56:42 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x900b4963
Parameter 3 : 0xcd8fcb6c
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1963
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042410-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042410-01.dmp
Crash Time : 4/24/2010 12:18:28 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x8fcf5184
Parameter 3 : 0x8fcf588c
Parameter 4 : 0x08e149a0
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+d184
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042410-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042310-02.dmp
Crash Time : 4/23/2010 4:48:02 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8febba56
Parameter 3 : 0xe60fdbb4
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1a56
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042310-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042310-01.dmp
Crash Time : 4/23/2010 1:59:40 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x904bcbb1
Parameter 3 : 0xae369b88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042310-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042210-01.dmp
Crash Time : 4/22/2010 7:35:18 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x902cc184
Parameter 3 : 0x902ccf6c
Parameter 4 : 0x09bd5a80
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+d184
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042210-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini042110-01.dmp
Crash Time : 4/21/2010 11:55:44 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0x8f8cd15c
Parameter 2 : 0x00000000
Parameter 3 : 0x82109429
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+e15c
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042110-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini040610-01.dmp
Crash Time : 4/6/2010 12:22:18 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8f6bfbb1
Parameter 3 : 0x8eb45b88
Parameter 4 : 0x00000000
Caused By Driver : sbhips.sys
Caused By Address : sbhips.sys+1bb1
File Description : Sunbelt Personal Firewall Host Intrusion Prevention Driver
Product Name : Sunbelt Personal Firewall
Company : Sunbelt Software, Inc.
File Version : 4.6.1827.0
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini040610-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini070809-01.dmp
Crash Time : 7/8/2009 9:57:21 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x803d3130
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+5b579
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini070809-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini062909-01.dmp
Crash Time : 6/29/2009 10:58:57 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x803d3130
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+1e0e14
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini062909-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini062509-01.dmp
Crash Time : 6/25/2009 3:41:23 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xc58b4024
Parameter 2 : 0x00000000
Parameter 3 : 0x8f1983cd
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a50f5
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini062509-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini062409-01.dmp
Crash Time : 6/24/2009 8:13:02 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xc79a2024
Parameter 2 : 0x00000000
Parameter 3 : 0x8f3a03cd
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a50f5
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini062409-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini062109-01.dmp
Crash Time : 6/21/2009 11:54:09 AM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x803d3130
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+288b
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini062109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini061609-02.dmp
Crash Time : 6/16/2009 8:43:19 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x80154000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+5ab3a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini061609-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini061609-01.dmp
Crash Time : 6/16/2009 8:28:50 PM
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x803d3130
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+85f5d
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini061609-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini010809-01.dmp
Crash Time : 1/8/2009 2:23:12 PM
Bug Check String :
Bug Check Code : 0x00008086
Parameter 1 : 0x00000000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : iastor.sys
Caused By Address : iastor.sys+39af5
File Description : Intel Matrix Storage Manager driver - ia32
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 8.9.0.1023
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini010809-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

==================================================
Dump File : Mini010109-01.dmp
Crash Time : 1/1/2009 3:20:22 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x850d31d0
Parameter 3 : 0x86ae3380
Parameter 4 : 0xd9575008
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd0e3
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18427 (vistasp1_gdr.100218-0019)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini010109-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
==================================================

After a reinstall of the firewall things went smoothly for a few days and then the problem came back.

Spybot S&D then found a Trojan and removed it. This didn't solve the problem.

Malwarebytes then found a Trojan and removed it. I haven't seen the BSOD since, but I have returned to my pc to find "unexpected shutdowns" still.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4100

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

5/14/2010 3:00:11 PM
mbam-log-2010-05-14 (15-00-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 364641
Time elapsed: 1 hour(s), 25 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I keep trying to run gmer.exe but my computer keeps freezing. I'll keep trying. Since I came to this forum here is DDS.txt:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Nathan Farmer at 20:40:55.63 on Sat 05/15/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1461 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\dleacoms.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Nathan Farmer\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Prey\platform\windows\cron.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Nathan Farmer\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Nathan Farmer\Downloads\Wallpaper_Rotator\WallpaperRotator.exe
C:\Users\Nathan Farmer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\alg.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Everything\Everything.exe
C:\Users\Nathan Farmer\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DesktopMagic] c:\progra~1\fusion~1\deskto~1\DESKMA~1.EXE
uRun: [F.lux] "c:\users\nathan farmer\local settings\apps\f.lux\flux.exe" /noshow
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WallpaperRotator] c:\users\nathan farmer\downloads\wallpaper_rotator\WallpaperRotator.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Dell V310-V510 Series Fax Server] "c:\program files\dell v310-v510 series\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
mRun: [Prey Laptop Tracker] c:\prey\platform\windows\cron.exe --log
StartupFolder: c:\users\nathan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\nathan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nathan farmer\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nathan~1\appdata\roaming\mozilla\firefox\profiles\8ibqyvuh.default\
FF - prefs.js: browser.startup.homepage - www.google.com/reader
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nathan farmer\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-23 64288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-15 73728]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-31 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-15 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-12-15 7424]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-5-1 65576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2010-1-21 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 136176]
S2 MySQL5;MySQL5;"c:\program files\mysql\bin\mysqld" --defaults-file="c:\program files\mysql\my.ini" mysql5 --> c:\program files\mysql\bin\mysqld [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-23 1153368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-14 38224]
S3 SLACKERDRV;Slacker Portable USB Driver;c:\windows\system32\drivers\SlackerUSB.sys [2008-10-31 20480]

=============== Created Last 30 ================

2010-05-14 20:01 <DIR> --d----- c:\program files\PHP
2010-05-14 15:04 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2010-05-14 15:04 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2010-05-14 11:33 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 11:33 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-05-11 16:28 738,304 a------- c:\windows\system32\inetcomm.dll
2010-05-05 00:29 <DIR> --dsh--- C:\found.003
2010-05-03 21:52 <DIR> --d----- c:\users\nathan~1\appdata\roaming\BOXEE
2010-05-03 21:52 <DIR> --d----- c:\program files\Boxee
2010-05-02 14:17 <DIR> --d----- c:\program files\MSXML 4.0
2010-05-01 10:27 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2010-04-28 18:20 <DIR> --d----- c:\users\nathan~1\appdata\roaming\Palo Alto Software
2010-04-28 18:17 <DIR> --d----- c:\program files\Palo Alto Software
2010-04-28 18:17 <DIR> --d----- c:\program files\common files\MSSoap
2010-04-28 18:17 <DIR> --d----- c:\program files\common files\Intuit
2010-04-28 18:17 <DIR> --d----- c:\programdata\Palo Alto Software
2010-04-28 18:17 <DIR> --d----- c:\program files\common files\Palo Alto Software
2010-04-28 18:17 <DIR> --d----- c:\progra~2\Palo Alto Software
2010-04-28 18:13 <DIR> --d----- c:\programdata\PAS
2010-04-28 18:13 <DIR> --d----- c:\progra~2\PAS
2010-04-28 18:09 <DIR> --d----- c:\program files\MagicISO
2010-04-28 15:47 <DIR> --d----- c:\users\nathan farmer\Business Plan Pro 2008 Premier Edition v9.06.0006
2010-04-28 14:35 <DIR> --d----- c:\program files\Everything
2010-04-24 18:55 <DIR> --d----- c:\program files\Veoh Networks
2010-04-22 15:46 <DIR> --d----- C:\wamp
2010-04-22 00:13 2,359,296 a------- c:\windows\system32\libmySQL.dll
2010-04-21 21:32 <DIR> --d----- c:\programdata\Malwarebytes
2010-04-21 21:32 <DIR> --d----- c:\progra~2\Malwarebytes
2010-04-19 23:34 166,912 a------- c:\windows\system32\libmcrypt.dll
2010-04-19 21:32 <DIR> --d----- c:\programdata\MySQL
2010-04-19 21:32 <DIR> --d----- c:\progra~2\MySQL
2010-04-19 17:09 <DIR> -cd-h--- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 17:09 <DIR> -cd-h--- c:\progra~2\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 15:07 <DIR> --d----- C:\Prey
2010-04-18 20:48 <DIR> --d----- c:\programdata\ElectricSheep
2010-04-18 20:48 <DIR> --d----- c:\program files\Electric Sheep
2010-04-18 20:48 <DIR> --d----- c:\progra~2\ElectricSheep
2010-04-18 20:48 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2010-04-18 20:48 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2010-04-18 18:05 <DIR> --d----- c:\users\nathan~1\appdata\roaming\Dropbox
2010-04-18 17:28 <DIR> --d----- c:\program files\WinDirStat
2010-04-16 13:02 <DIR> --d----- c:\program files\Windows Mobile Device Handbook
2010-04-16 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

==================== Find3M ====================

2010-05-01 10:27 143,360 a------- c:\windows\inf\infstrng.dat
2010-05-01 10:27 143,360 a------- c:\windows\inf\infstor.dat
2010-05-01 10:27 51,200 a------- c:\windows\inf\infpub.dat
2010-04-19 17:11 15,880 a------- c:\windows\system32\lsdelete.exe
2010-04-10 12:31 665,600 a------- c:\windows\inf\drvindex.dat
2010-04-10 07:06 3,530,752 a------- c:\windows\es.scr
2010-03-23 19:02 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-03-05 10:01 420,352 a------- c:\windows\system32\vbscript.dll
2010-02-23 02:39 916,480 a------- c:\windows\system32\wininet.dll
2010-02-23 02:33 109,056 a------- c:\windows\system32\iesysprep.dll
2010-02-23 02:33 71,680 a------- c:\windows\system32\iesetup.dll
2010-02-23 00:55 133,632 a------- c:\windows\system32\ieUnatt.exe
2010-02-20 19:39 24,064 a------- c:\windows\system32\nshhttp.dll
2010-02-20 19:37 31,232 a------- c:\windows\system32\httpapi.dll
2010-02-18 10:49 3,598,216 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-18 10:49 3,545,992 a------- c:\windows\system32\ntoskrnl.exe
2010-02-18 10:11 190,464 a------- c:\windows\system32\iphlpsvc.dll
2009-06-21 19:07 34 a------- c:\users\nathan farmer\jagex_runescape_preferences.dat
2009-01-01 00:07 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-01 00:07 56 a---h--- c:\progra~2\ezsidmv.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-15 13:01 76 ---shr-- c:\windows\CT4CET.bin
2009-10-15 13:28 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 20:42:23.04 ===============



Nathan

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 19 May 2010 - 02:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 22 May 2010 - 11:09 AM

I ran OTL and the status bar at the bottom says "Scans complete!" but neither of the reports opened.


Nathan

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 22 May 2010 - 08:18 PM

Hi,

please check if you can find a copy of the files in C:\_otl\movedfiles

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 25 May 2010 - 11:59 AM

Found OTL.txt in my Downloads folder. Extra.txt could not be found when using my search utility "Everything."

OTL logfile created on: 5/22/2010 11:27:10 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Nathan Farmer\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 34.61 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.00% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATHANFARMER-PC
Current User Name: Nathan Farmer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/22 11:26:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan Farmer\Downloads\OTL.exe
PRC - [2010/04/29 17:11:26 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/29 17:11:24 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 22:48:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 16:11:42 | 000,216,648 | ---- | M] () -- C:\Prey\platform\windows\cron.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Nathan Farmer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/25 17:11:04 | 000,856,064 | ---- | M] () -- C:\Users\Nathan Farmer\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/10/15 18:37:52 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2009/10/15 18:37:50 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Nathan Farmer\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/01 10:13:31 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 07:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/04 05:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 05:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 05:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 05:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/11/12 07:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 01:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/06/18 22:26:46 | 000,278,528 | ---- | M] ( ) -- C:\Users\Nathan Farmer\Downloads\Wallpaper_Rotator\WallpaperRotator.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/22 11:26:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nathan Farmer\Downloads\OTL.exe
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MySQL5)
SRV - [2010/04/29 17:11:24 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 17:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Users\Nathan Farmer\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/01 10:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2009/07/01 10:13:25 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/15 13:15:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/31 07:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008/10/31 07:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/20 22:25:06 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/27 11:50:35 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/10/31 16:12:20 | 000,020,480 | ---- | M] (Slacker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SlackerUSB.sys -- (SLACKERDRV)
DRV - [2008/10/31 07:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008/10/27 05:53:36 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/27 05:52:00 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 08:45:40 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 08:45:40 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 08:45:38 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/06/21 04:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008/06/21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/05/04 05:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 03:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 03:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 22:24:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/20 22:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 01:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com/reader"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 22:48:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 22:48:43 | 000,000,000 | ---D | M]

[2008/12/25 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Extensions
[2010/05/22 11:05:39 | 000,000,000 | ---D | M] -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\8ibqyvuh.default\extensions
[2010/03/23 17:46:07 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\8ibqyvuh.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/04/26 23:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\8ibqyvuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/11 10:26:25 | 000,000,000 | ---D | M] -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\8ibqyvuh.default\extensions\firebug@software.joehewitt.com
[2008/12/31 23:33:18 | 000,001,728 | ---- | M] () -- C:\Users\Nathan Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\8ibqyvuh.default\searchplugins\aim-search.xml
[2010/04/18 21:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/07/15 20:45:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell V310-V510 Series Fax Server] C:\Program Files\Dell V310-V510 Series\fm3032.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000..\Run: [DesktopMagic] C:\PROGRA~1\FUSION~1\DESKTO~1\DESKMA~1.EXE File not found
O4 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000..\Run: [F.lux] C:\Users\Nathan Farmer\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000..\Run: [WallpaperRotator] C:\Users\Nathan Farmer\Downloads\Wallpaper_Rotator\WallpaperRotator.exe ( )
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Nathan Farmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Nathan Farmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nathan Farmer\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-754398647-2868842821-3273059830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Nathan Farmer\Documents\Wallpapers\3D Wooden Wall.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nathan Farmer\Documents\Wallpapers\3D Wooden Wall.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ddf9a18a-d2aa-11dd-b41c-00219bf01a3c}\Shell - "" = AutoRun
O33 - MountPoints2\{ddf9a18a-d2aa-11dd-b41c-00219bf01a3c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{debaab47-12e8-11df-9607-00219bf01a3c}\Shell - "" = AutoRun
O33 - MountPoints2\{debaab47-12e8-11df-9607-00219bf01a3c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Users^Nathan Farmer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Slacker Tray App.lnk - C:\PROGRA~1\Slacker\SOFTWA~1\SLACKE~4.EXE - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe File not found
MsConfig - StartUpReg: ddoctorv2 - hkey= - key= - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/14 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\PHP
[2010/05/14 15:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/14 11:33:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/14 11:33:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/05 00:29:16 | 000,000,000 | -HSD | C] -- C:\found.003
[2010/05/02 14:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/01 10:27:39 | 000,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2010/04/28 18:20:13 | 000,000,000 | ---D | C] -- C:\Users\Nathan Farmer\AppData\Roaming\Palo Alto Software
[2010/04/28 18:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Palo Alto Software
[2010/04/28 18:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/28 18:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/04/28 18:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Palo Alto Software
[2010/04/28 18:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2010/04/28 18:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PAS
[2010/04/28 18:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/04/28 15:47:13 | 000,000,000 | ---D | C] -- C:\Users\Nathan Farmer\Business Plan Pro 2008 Premier Edition v9.06.0006
[2010/04/28 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2010/04/24 18:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/04/22 15:46:39 | 000,000,000 | ---D | C] -- C:\wamp
[2010/01/21 16:43:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\dleacoin.dll
[2010/01/21 16:40:43 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\DLEAhcp.dll
[2010/01/21 16:40:43 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleainpa.dll
[2010/01/21 16:40:42 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\dleaserv.dll
[2010/01/21 16:40:42 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dleausb1.dll
[2010/01/21 16:40:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleacomc.dll
[2010/01/21 16:40:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleahbn3.dll
[2010/01/21 16:40:42 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\dleapmui.dll
[2010/01/21 16:40:42 | 000,581,632 | ---- | C] ( ) -- C:\Windows\System32\dlealmpm.dll
[2010/01/21 16:40:42 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2010/01/21 16:40:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleaiesc.dll

========== Files - Modified Within 30 Days ==========

[2010/05/22 11:26:39 | 008,126,464 | -HS- | M] () -- C:\Users\Nathan Farmer\ntuser.dat
[2010/05/22 10:56:53 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{191573BA-CCD9-4EB6-966F-B916CCC69018}.job
[2010/05/22 10:54:20 | 000,000,238 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010/05/22 10:53:57 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 10:53:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/22 10:53:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/22 10:53:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/22 10:53:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/22 10:53:44 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/21 16:30:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 04:13:58 | 3208,726,958 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/19 20:12:27 | 002,968,232 | -H-- | M] () -- C:\Users\Nathan Farmer\AppData\Local\IconCache.db
[2010/05/16 17:58:53 | 000,097,792 | ---- | M] () -- C:\Users\Nathan Farmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 20:26:51 | 000,788,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/14 20:26:51 | 000,653,820 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/14 20:26:51 | 000,120,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 04:02:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/05/11 04:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/05/05 04:55:24 | 000,000,218 | ---- | M] () -- C:\Users\Nathan Farmer\.recently-used.xbel
[2010/05/05 04:49:50 | 000,015,213 | ---- | M] () -- C:\Users\Nathan Farmer\Documents\churchandstate.svg
[2010/05/04 18:19:33 | 001,099,515 | ---- | M] () -- C:\Users\Nathan Farmer\Documents\Hestia Real Estate Network.bpf
[2010/05/04 18:19:32 | 000,330,010 | ---- | M] () -- C:\Users\Nathan Farmer\Documents\Hestia Real Estate Network.bpd
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 08:21:28 | 000,388,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/28 18:17:11 | 000,002,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk

========== Files Created - No Company Name ==========

[2010/05/16 18:29:03 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/05 04:55:24 | 000,000,218 | ---- | C] () -- C:\Users\Nathan Farmer\.recently-used.xbel
[2010/05/05 02:45:41 | 000,015,213 | ---- | C] () -- C:\Users\Nathan Farmer\Documents\churchandstate.svg
[2010/05/04 18:19:32 | 001,099,515 | ---- | C] () -- C:\Users\Nathan Farmer\Documents\Hestia Real Estate Network.bpf
[2010/04/28 20:08:36 | 000,330,010 | ---- | C] () -- C:\Users\Nathan Farmer\Documents\Hestia Real Estate Network.bpd
[2010/04/28 18:17:11 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
[2010/04/22 00:13:46 | 002,359,296 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2010/04/19 23:34:15 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2010/03/11 20:27:18 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/11 20:27:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/01/21 16:43:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleavs.dll
[2010/01/21 16:43:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dleagcfg.dll
[2010/01/21 16:43:41 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleacui.dll
[2010/01/21 16:43:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleacuir.dll
[2010/01/21 16:42:18 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEAPMON.DLL
[2010/01/21 16:42:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEAFXPU.DLL
[2010/01/21 16:41:58 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEAoem.dll
[2010/01/21 16:41:50 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2010/01/21 16:40:43 | 000,385,024 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2010/01/21 16:40:42 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleains.dll
[2010/01/21 16:40:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleainsb.dll
[2010/01/21 16:40:42 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleacu.dll
[2010/01/21 16:40:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2010/01/21 16:40:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2010/01/21 16:40:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleacub.dll
[2010/01/21 16:40:42 | 000,086,118 | ---- | C] () -- C:\Windows\System32\DLEAcfg.dll
[2010/01/21 16:40:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2010/01/21 16:40:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2010/01/21 16:37:22 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/01/21 16:37:22 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2009/07/27 11:50:35 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/02/14 12:41:36 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2009/02/14 12:41:35 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/02/13 00:59:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/13 00:59:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/25 15:52:19 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/15 14:38:02 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/12/15 14:38:01 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/12/15 14:38:01 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/12/15 14:38:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/12/15 14:38:01 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/12/15 14:37:58 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/12/15 13:06:13 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/02/20 16:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll
[1998/10/23 00:46:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\WH2ROBO.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/12/15 14:21:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/12/15 14:21:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/12/15 14:21:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/12/15 14:20:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_0813ee45\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/27 05:52:12 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/20 22:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2008/01/20 22:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 22:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/07/27 11:50:35 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/03/23 19:02:58 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
< End of report >






Nathan

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 26 May 2010 - 06:35 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 26 May 2010 - 09:42 AM

I'm getting "A problem has caused this program to stop working correctly" from Windows, even in Safe Mode.


Nathan

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 26 May 2010 - 11:22 AM

Hi,

then please try to run rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 27 May 2010 - 07:51 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/05/27 20:17
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8A508000 Size: 892928 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8FDEC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spnu.sys
Image Path: C:\Windows\System32\Drivers\spnu.sys
Address: 0x8068D000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\config.msi\17f662.rbs
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{41bd569a-6800-11df-9826-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a6aac080-65fc-11df-ae20-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aa0d19e7-692a-11df-98b1-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d4e5a31b-6877-11df-a29d-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e46a82e4-66ae-11df-a47d-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ea51b49b-6733-11df-912f-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd01f85d-6104-11df-99fc-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd01f870-6104-11df-99fc-00219bf01a3c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\servicing\$$DeleteMe.TrustedInstaller.exe.01cad54ee1005850.005e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.emdmgmt.dll.01cad4f22b2427cd.0084
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.es.dll.01cacf5386fb06de.0094
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.esent.dll.01caceb61a873079.0074
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.locale.nls.01cad8cb55f4a36d.00ab
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.localspl.dll.01cad4f22f24c87d.00a4
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.profsvc.dll.01cad4dff94a5a58.0084
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.propsys.dll.01cad51794c0181d.0031
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ncrypt.dll.01cad54ed7b65ab0.002b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.srvsvc.dll.01cad8cb50b1592d.003b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.advapi32.dll.01cad517945680dd.0022
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.apphelp.dll.01cad8cb51e6cbed.0098
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.audiodg.exe.01cad517946e007d.0023
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.AudioSes.dll.01cacf538694f20e.0075
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.audiosrv.dll.01cad4dffe1bdf98.0095
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.authui.dll.01cad4dff8dfffc8.006d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.authz.dll.01caceb61ac12c39.0093
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.bcrypt.dll.01cacb0af4c98dbd.0025
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.BFE.DLL.01cad4f225b4189d.0002
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.bitsigd.dll.01cad8c31d8ca69d.0054
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.certcli.dll.01cad4f22a355afd.0042
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.CertEnroll.dll.01caceee9578d067.007e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.certprop.dll.01cacf538752c3ce.00aa
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.comdlg32.dll.01cad4f22a35d02d.0043
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dhcpcsvc6.dll.01cad8c31b398edd.000e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.diagperf.dll.01cad4dffe70b658.00b3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dnsapi.dll.01cacf5385ef3c2e.0016
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dnsrslvr.dll.01cad8c31c6ca03d.0036
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.dsound.dll.01cacf53867c60fe.0065
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.eappcfg.dll.01cad8c31b398edd.000f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.eapphost.dll.01cad4f22f3e6afd.00b4
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdProxy.dll.01cad4f2299d87cd.0027
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdSSDP.dll.01caceb61a23dac9.0058
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fdWSD.dll.01cad4dffe333828.009e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.feclient.dll.01cad8c31fbc09bd.00a3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.fundisc.dll.01cad517952123dd.0041
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.FWPUCLNT.DLL.01cad4f225b3a36d.0001
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.FwRemoteSvr.dll.01cacf538675f85e.0064
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.gdi32.dll.01cad54ed8772a10.0036
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.gpapi.dll.01cad4dff8523eb8.005e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.gpsvc.dll.01caced6757c3006.0087
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.hid.dll.01cad8cb502286ad.000b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.httpapi.dll.01cad8c31f40423d.0094
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.imm32.dll.01caceee948b3c17.002f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.inetpp.dll.01cad4f229f348ed.0034
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IPHLPAPI.DLL.01cad54ed5b69310.001c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IPSECSVC.DLL.01cad4dff7f4dc78.0052
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.kerberos.dll.01cad4f22b3b0b2d.0089
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.kernel32.dll.01cacf5386111c0e.002e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mfplat.dll.01cad4f2290b0bcd.0013
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.MMDevAPI.dll.01cad8c32506781d.00a7
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mprapi.dll.01caceb61048f769.000e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.MPSSVC.dll.01cacb0af87dbc1d.008a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msasn1.dll.01cad8c31e6a067d.0071
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mscoree.dll.01cad4dff90d2a48.0072
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msi.dll.01caced674b117d6.0019
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mstlsapi.dll.01cad4f22963b31d.001b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.msv1_0.dll.01cad517988bed2d.0078
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.mswsock.dll.01cad8cb51285ded.005d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.netlogon.dll.01cacf538607f44e.002a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.netshell.dll.01cad4dffe13f058.0091
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ntdll.dll.01cacf53820ea69e.0003
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ntmarta.dll.01cad4f22a7486dd.0050
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.odbc32.dll.01caceb61afe0e29.00b3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ole32.dll.01cacb0af5d9771d.004e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.PortableDeviceApi.dll.01cacf538691217e.0073
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.qmgr.dll.01caceb61a512c59.0064
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.quartz.dll.01cad5179845955d.006a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasmans.dll.01cad5179892cafd.007b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rasppp.dll.01cad4f22a449d3d.0047
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rastapi.dll.01cad4f22b1e827d.007e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.regapi.dll.01caceb6122c0f49.0019
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rpcss.dll.01cacf5386f9ce5e.0092
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rsaenh.dll.01cad4dff7c5b628.0044
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.rtutils.dll.01cad517950a407d.003a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.scecli.dll.01cad54ed33fc6b0.0005
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.scesrv.dll.01cacb0af989fbfd.00af
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.schannel.dll.01cacf538687f9be.006e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.schedsvc.dll.01cad517953c25ed.004b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.secur32.dll.01cad8c3165a3e5d.0008
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.setupapi.dll.01cacf5386c1ce6e.0085
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shdocvw.dll.01cad8c31df7c47d.0062
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shlwapi.dll.01cad517953e21bd.004d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.shsvcs.dll.01cad4f22b0d928d.006c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SLC.dll.01cad8cb50e3560d.004e
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.SLsvc.exe.01cad5179513dd6d.003b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.slwga.dll.01cacb0af62748fd.0055
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.smss.exe.01cad4f225b3072d.0000
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spoolss.dll.01cacf5386886eee.006f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spoolsv.exe.01cad8cb51dae50d.0090
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.spp.dll.01caced675b76446.00ac
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.sysmain.dll.01cad4f22adf569d.0055
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.tapisrv.dll.01cad4f22a3cadfd.0045
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.taskeng.exe.01cad517988d25ad.0079
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.tcpmon.dll.01cad4f22f3d0b6d.00b3
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.termsrv.dll.01cad8cb51e46a8d.0096
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.uxsms.dll.01caceb61aedba79.00a8
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.version.dll.01cad4dff6ca6638.0015
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.vssapi.dll.01cacf5385fea57e.0024
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.w32time.dll.01cacf5386d667de.008b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wdigest.dll.01cad54ed5a126b0.001b
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wdscore.dll.01cad517980cd21d.0063
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WebClnt.dll.01cacf5386c32dfe.0086
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wer.dll.01cad4dff7e1f0b8.004f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wersvc.dll.01cacb0af7f5c76d.007c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wevtapi.dll.01cad54ed3768650.0007
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wevtsvc.dll.01cad8c31bb5565d.001d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wiaservc.dll.01cad4dff990d938.008d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.win32spl.dll.01cad4dff77d1468.0032
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WindowsCodecs.dll.01cad517995864ed.00b7
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winhttp.dll.01cad4dff76ff508.002d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winlogon.exe.01cad54ed97a9ff0.0042
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winmm.dll.01cad4f22b3c1c9d.008a
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winrnr.dll.01cad517995c839d.00b8
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WinSCard.dll.01cad8c31d93cabd.0056
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.winspool.drv.01cad4f22b44a81d.0091
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlanmsm.dll.01cad4f229a799ed.002c
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlansec.dll.01cad8cb50606a6d.001f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wlansvc.dll.01cad8c31e060cbd.0065
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.Wldap32.dll.01cad51797f7c37d.005d
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WMVCORE.DLL.01cad8cb51dfa7cd.0093
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wscsvc.dll.01cad517995d46ed.00b9
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WSDApi.dll.01cad517953aed6d.0049
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wsdchngr.dll.01cad4f22a31635d.0041
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.WSDMon.dll.01caceee946eda77.0029
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wsnmp32.dll.01cad4dff7b82198.003f
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.lsasrv.dll.01cad54ed0aa0870.0003
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.lsass.exe.01cad54ed0a7a710.0002
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.IKEEXT.DLL.01caceb608264b59.0007
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.adsldpc.dll.01cad8c31ca0fe7d.003c
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.apphostsvc.dll.01cad8c326241d1d.00c4
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.iisres.dll.01cacb0afc3bfc9d.00ce
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.iisutil.dll.01cad51799ea92cd.00ca
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.iisw3adm.dll.01cad51799f1e5cd.00cc
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.nativerd.dll.01cad8cb5664840d.00c1
Status: Locked to the Windows API!

Path: C:\Windows\System32\inetsrv\$$DeleteMe.w3tp.dll.01cad51799eb561d.00cb
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_8b162516588f5ada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_3c8576a8f974f0b8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce45022749e1410.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_37ea0b5cfc57dfad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\ia64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81ce14caf54466a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_706fccb39ad7e580.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_9b54853441e399d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\ia64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59b8c5f6501837c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_6dee77c650852292.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_15373b896021b326.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\ia64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926d74eeadc7aa6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_1179c2b5d66019bc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugopenmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_469e7800ca24708e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.0.6000.16386_none_792f8ff471a64e3b\$$DeleteMe.fdProxy.dll.01cad4f2299d87cd.0027
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6001.18000_none_3addf297743e6161\$$DeleteMe.fdSSDP.dll.01caceb61a23dac9.0058
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6001.18000_none_7da88373c225d895\$$DeleteMe.fdWSD.dll.01cad4dffe333828.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundisc.dll.01cad517952123dd.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01cad8cb51e6cbed.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01cad8c31ca0fe7d.003c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01cad517945680dd.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_nonProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1232 Status: Locked to the Windows API!

SSDT
-------------------
#: 048 Function Name: NtClose
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18c160

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18b868

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f188320

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18ae90

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18ad9c

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18b3fc

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18c210

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f188786

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f188846

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\drivers\sbhips.sys" at address 0x8fcbb01c

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "C:\Windows\system32\drivers\sbhips.sys" at address 0x8fcbb168

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18bb54

#: 189 Function Name: NtOpenKey
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f1885ca

#: 282 Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18b4ec

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18be8c

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f1889bc

#: 355 Function Name: NtWriteFile
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18bde0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18b48e

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\SbFw.sys" at address 0x8f18af82

Stealth Objects
-------------------
Object: Hidden Handle [Index: 976, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xb7886810 Size: -

Object: Hidden Handle [Index: 992, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8685fc50 Size: -

Object: Hidden Handle [Index: 1024, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8538b740 Size: -

Object: Hidden Handle [Index: 1088, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8519fb58 Size: -

Object: Hidden Handle [Index: 1092, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8684c7f0 Size: -

Object: Hidden Handle [Index: 1096, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x84e125c8 Size: -

Object: Hidden Handle [Index: 1100, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863db308 Size: -

Object: Hidden Handle [Index: 1104, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x85291090 Size: -

Object: Hidden Handle [Index: 1112, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x86806058 Size: -

Object: Hidden Handle [Index: 1116, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863cbf88 Size: -

Object: Hidden Handle [Index: 1124, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87990980 Size: -

Object: Hidden Handle [Index: 1128, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8a051198 Size: -

Object: Hidden Handle [Index: 1132, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863d8c18 Size: -

Object: Hidden Handle [Index: 1136, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x852601e8 Size: -

Object: Hidden Handle [Index: 1140, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8546a888 Size: -

Object: Hidden Handle [Index: 1144, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xb4311648 Size: -

Object: Hidden Handle [Index: 1152, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87b7c6c8 Size: -

Object: Hidden Handle [Index: 1156, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8546a8b8 Size: -

Object: Hidden Handle [Index: 1160, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87ab36d8 Size: -

Object: Hidden Handle [Index: 1164, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x84d6aa38 Size: -

Object: Hidden Handle [Index: 1172, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87a4a6a8 Size: -

Object: Hidden Handle [Index: 1176, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xbcbc4030 Size: -

Object: Hidden Handle [Index: 1180, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x850ffb70 Size: -

Object: Hidden Handle [Index: 1184, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x84d81980 Size: -

Object: Hidden Handle [Index: 1188, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8684c7b8 Size: -

Object: Hidden Handle [Index: 1192, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863db338 Size: -

Object: Hidden Handle [Index: 1196, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87176690 Size: -

Object: Hidden Handle [Index: 1200, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x84fd12b8 Size: -

Object: Hidden Handle [Index: 1204, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x852e6060 Size: -

Object: Hidden Handle [Index: 1208, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87dd8378 Size: -

Object: Hidden Handle [Index: 1216, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xdf7a9690 Size: -

Object: Hidden Handle [Index: 1220, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87a4c6a0 Size: -

Object: Hidden Handle [Index: 1224, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8682b858 Size: -

Object: Hidden Handle [Index: 1232, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87ce65a0 Size: -

Object: Hidden Handle [Index: 1236, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x85076398 Size: -

Object: Hidden Handle [Index: 1240, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863fbee0 Size: -

Object: Hidden Handle [Index: 1244, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8639ee40 Size: -

Object: Hidden Handle [Index: 1248, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87b56828 Size: -

Object: Hidden Handle [Index: 1252, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x868035e8 Size: -

Object: Hidden Handle [Index: 1256, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xb78fde40 Size: -

Object: Hidden Handle [Index: 1264, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x852e6020 Size: -

Object: Hidden Handle [Index: 1268, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x85121ff0 Size: -

Object: Hidden Handle [Index: 1272, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x868035b8 Size: -

Object: Hidden Handle [Index: 1276, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x86344530 Size: -

Object: Hidden Handle [Index: 1280, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0xb7991308 Size: -

Object: Hidden Handle [Index: 1284, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8682b818 Size: -

Object: Hidden Handle [Index: 1288, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x863cbe00 Size: -

Object: Hidden Handle [Index: 1292, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x853b1348 Size: -

Object: Hidden Handle [Index: 1296, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x87cc91f8 Size: -

Object: Hidden Handle [Index: 1300, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x86803648 Size: -

Object: Hidden Handle [Index: 1304, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x850b73c0 Size: -

Object: Hidden Handle [Index: 1308, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x8526ed38 Size: -

Object: Hidden Handle [Index: 1312, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x86802080 Size: -

Object: Hidden Handle [Index: 1316, Type: UnknownType]
Process: sidebar.exe (PID: 5160) Address: 0x85260250 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x855161f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a1c11f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x847551f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x871a41f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x871991f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x87cab500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x87cb0500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_CREATE]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_CLOSE]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_POWER]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄쎰諦憨踊, IRP_MJ_PNP]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x847521f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8718d1f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x897c1500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_CREATE]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_CLOSE]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_READ]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_WRITE]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_CLEANUP]
Process: System Address: 0x897ad500 Size: 121

Object: Hidden Code [Driver: cdfsԲ䑎ㅷ⵿頟뇳ᇐ힍쀀썏谵, IRP_MJ_PNP]
Process: System Address: 0x897ad500 Size: 121

==EOF==


Nathan

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 30 May 2010 - 05:47 AM

Hi,

please run Defogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards please try to run a new scan with gmer. Let me know if it still crashes. Please also let me know if the BSODs with Sunbelt continue.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 01 June 2010 - 08:51 AM

Yet again, gmer encountered an unexpected problem and was forced to shut down. Even in safe mode.

Haven't seen a BSOD in a while though.


Nathan

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 05 June 2010 - 03:57 PM

Hi,

defogger ran through fine though, yes? What makes you think this is malware and not a software problem? Are you only having the problem with the BSOD from Sunbelt?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Nathan2508

Nathan2508
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL
  • Local time:03:58 AM

Posted 05 June 2010 - 10:01 PM

I was referred here from that section.

http://www.bleepingcomputer.com/forums/t/313298/sunbelt-firewall-seems-to-be-connected-to-bsod/

I also just experienced by first BSOD in a while again. The same filename was listed.

Edited by Nathan2508, 05 June 2010 - 10:03 PM.



Nathan

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 11 June 2010 - 02:04 PM

Hi,

I would suggest you post back that your PC has been checked and no malware was found.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:58 AM

Posted 27 June 2010 - 03:58 AM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users