Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
16 replies to this topic

#1 macalester

macalester

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 02 June 2010 - 01:17 PM

Hi,

I was forwarded here by boopme after posting in the Am I infected? What do I do? section of the forum. He told me to complete a few scans, including DDS, which I couldn't get to work on my computer. Anyway, as the title suggests, I have a virus that redirects my google results and also opens up pop ups even when I'm not connected nor using the internet. (when not connected it just opens a internet explorer window saying it can't connect to the internet) Topic referenced is here: http://www.bleepingcomputer.com/forums/t/319841/google-redirect-virus/ ~ OB

I'm running Vista on a 32 bit system and I'd really appreciate any help I can get. Here are the logs from GMER and OTL:


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-02 00:18:09
Windows 6.0.6001 Service Pack 1
Running: 3fdgqern.exe; Driver: C:\Users\Nick\AppData\Local\Temp\pwryrpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x80736000, 0xC5E, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtProtectVirtualMemory 77D58968 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!NtWriteVirtualMemory 77D592A8 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!KiUserExceptionDispatcher 77D599E8 5 Bytes JMP 0069000A
.text C:\Windows\system32\svchost.exe[792] ole32.dll!CoCreateInstance 7734E188 5 Bytes JMP 00A0000A
.text C:\Windows\Explorer.EXE[1080] ntdll.dll!NtProtectVirtualMemory 77D58968 5 Bytes JMP 016C000A
.text C:\Windows\Explorer.EXE[1080] ntdll.dll!NtWriteVirtualMemory 77D592A8 5 Bytes JMP 0171000A
.text C:\Windows\Explorer.EXE[1080] ntdll.dll!KiUserExceptionDispatcher 77D599E8 5 Bytes JMP 007E000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat A4E19A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a@001c9a2b537e 0x21 0xA2 0xBF 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a@001c9a2bf8e8 0x3F 0xCF 0x4A 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a@001fe49f4988 0x61 0xE9 0x9F 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a@00237adbacef 0xD4 0x53 0x97 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f1fa20a@00237a3e6cb8 0x53 0x3B 0xAE 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0xDA 0xB1 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xDA 0xBF 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x59 0xBD 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF4 0x94 0x1F 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a@001c9a2b537e 0x21 0xA2 0xBF 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a@001c9a2bf8e8 0x3F 0xCF 0x4A 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a@001fe49f4988 0x61 0xE9 0x9F 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a@00237adbacef 0xD4 0x53 0x97 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f1fa20a@00237a3e6cb8 0x53 0x3B 0xAE 0x82 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0xDA 0xB1 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x44 0xDA 0xBF 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x59 0xBD 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF4 0x94 0x1F 0xBB ...

---- EOF - GMER 1.0.15 ----


OTL

OTL logfile created on: 02/06/2010 12:33:00 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Nick\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 32.57 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 607.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-DELL
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 12:32:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL(2).exe
PRC - [2010/05/31 21:16:20 | 000,060,004 | -H-- | M] () -- C:\Users\Nick\AppData\Local\Temp\notepad.exe
PRC - [2010/05/31 21:15:56 | 000,193,536 | ---- | M] () -- C:\Users\Nick\AppData\Local\Temp\Mqc.exe
PRC - [2010/05/18 18:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/28 15:06:24 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 19:04:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/05 19:52:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\IDrive\IDriveE Service.exe
PRC - [2008/11/05 19:52:02 | 000,034,256 | ---- | M] (Pro Softnet Corp.) -- C:\IDrive\IDriveEBackground.exe
PRC - [2008/11/05 19:49:42 | 001,889,744 | ---- | M] (Pro Softnet Corp.) -- C:\IDrive\IDriveETray.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/24 17:36:56 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/26 14:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 14:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe
PRC - [2008/07/17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe
PRC - [2008/07/09 13:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/01 19:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) -- C:\IDrive\IDriveWebM.exe
PRC - [2008/06/09 11:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/06/05 14:26:36 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/05 14:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/05 16:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/07/23 10:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/07/19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe
PRC - [2007/07/16 18:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/07/16 18:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2007/07/16 18:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2007/03/21 12:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
PRC - [2007/03/08 18:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 12:32:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL(2).exe
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/22 16:22:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/11/05 19:52:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2008/10/24 17:52:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/26 14:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV)
SRV - [2008/07/17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/07/01 19:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\IDrive\IDriveWebM.exe -- (IDrivePlugin)
SRV - [2008/06/09 11:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/05 16:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/23 10:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/07/19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/07/16 18:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/07/16 18:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/07/16 18:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2007/05/09 16:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/21 12:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/03/08 18:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/01/29 16:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 01:32:25 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2010/04/24 01:32:24 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/03 16:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/12/31 01:43:48 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wip0204.sys -- (wip0204)
DRV - [2008/12/02 20:03:15 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 10:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/18 09:56:00 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/07/18 09:56:00 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/07/17 13:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 11:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/04 06:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/03 10:05:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/03 09:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 09:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 09:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/16 10:24:12 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/06/16 10:24:04 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/06/16 10:24:02 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/06/16 10:24:00 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/29 12:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/07/24 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=0081025
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=0081025
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2008/10/24 17:41:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/05 16:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/28 12:29:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/28 12:29:07 | 000,000,000 | ---D | M]

[2008/11/09 23:44:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2010/06/01 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions
[2009/09/02 11:07:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/06 22:37:52 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/04/10 13:08:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/06 22:25:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\dave2x@download
[2010/02/06 18:19:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\firefox@tvunetworks.com
[2010/05/26 20:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2007/07/24 20:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv85win32.dll
[2010/04/05 19:04:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/05 19:04:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/05 19:04:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/05 19:04:54 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [{E86CE8B6-2760-5DD1-06B3-5EAA2EB0BE33}] C:\Users\Nick\AppData\Roaming\Noaxoq\ikgi.exe (Amiwypul)
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Nick\AppData\Local\Temp\notepad.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} http://autoconnect.york.ac.uk/tools/xc_loader_activex.ocx (xc_loader_activex.cntMain)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fnpipe: DllName - fnpipe.dll - fnpipe.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Users\Nick\Pictures\timetable lololol.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/07/26 15:04:00 | 000,973,360 | R--- | M] (National Instruments) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/07/26 15:04:00 | 000,000,320 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{359bfbd9-f51a-11dd-9317-00225f1fa20a}\Shell - "" = AutoRun
O33 - MountPoints2\{359bfbd9-f51a-11dd-9317-00225f1fa20a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{58d5354f-588a-11de-a66e-00225f1fa20a}\Shell\AutoRun\command - "" = F:\setup.exe -- [2007/07/18 20:12:00 | 002,447,968 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/31 21:22:55 | 000,099,584 | ---- | C] (eSXi) -- C:\Users\Nick\AppData\Local\syssvc.exe
[2010/05/31 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\bikuytjwh
[2010/05/31 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
[2010/05/31 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple
[2010/05/29 17:31:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Adobe
[2010/05/29 00:40:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple Computer
[2010/05/28 19:37:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/28 19:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/28 19:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/28 12:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/28 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/28 12:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/28 12:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/28 12:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/28 12:24:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/26 15:44:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\twmyktuvl
[2010/05/15 13:21:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/03 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
[2010/04/29 11:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/24 01:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2010/04/24 01:29:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\atari
[2010/04/05 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Mum backup
[2010/03/18 21:08:17 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Roaming\lowsec
[2010/03/16 01:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/03/16 01:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/03/16 01:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/03/16 01:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/03/16 01:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/03/16 01:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/03/16 01:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/03/16 01:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/03/16 01:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/03/16 01:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/03/16 01:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/03/16 01:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/03/16 01:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/03/16 01:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/03/16 01:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/03/16 01:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoom Player
[2010/03/16 01:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/03/16 01:21:56 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Media Player Classic
[2010/03/11 23:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/11 23:32:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/11 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Atonement
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/02 12:36:30 | 004,718,592 | -HS- | M] () -- C:\Users\Nick\ntuser.dat
[2010/06/02 12:35:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 12:35:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 12:12:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/02 12:08:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/02 11:43:54 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/02 11:43:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/02 11:43:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/02 11:43:23 | 3184,373,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 00:57:11 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 00:57:11 | 000,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TM.blf
[2010/06/02 00:56:48 | 000,004,956 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/02 00:56:30 | 002,478,242 | -H-- | M] () -- C:\Users\Nick\AppData\Local\IconCache.db
[2010/06/02 00:46:36 | 000,153,088 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 22:22:38 | 000,000,176 | ---- | M] () -- C:\Users\Nick\defogger_reenable
[2010/06/01 15:12:51 | 002,474,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/01 15:12:51 | 001,074,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/01 15:12:51 | 000,004,884 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/31 21:44:28 | 000,002,659 | ---- | M] () -- C:\Users\Nick\Desktop\RapidShare Manager.lnk
[2010/05/31 21:30:36 | 320,060,716 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/31 21:22:55 | 000,099,584 | ---- | M] (eSXi) -- C:\Users\Nick\AppData\Local\syssvc.exe
[2010/05/31 21:18:55 | 000,003,321 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922P.manifest
[2010/05/31 21:16:12 | 000,000,013 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922C.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922S.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922O.manifest
[2010/05/31 21:15:53 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\MSWD-509df692.job
[2010/05/31 20:48:08 | 000,025,088 | ---- | M] () -- C:\Windows\System32\fnpipe.dll
[2010/05/29 13:04:38 | 000,035,840 | ---- | M] () -- C:\Users\Nick\Documents\SUPERAntiSpyware Scan Log.doc
[2010/05/29 00:01:38 | 000,007,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2010/05/28 19:35:12 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/28 12:32:47 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 12:28:55 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/14 22:58:13 | 000,000,038 | ---- | M] () -- C:\Windows\osAviSplitter.INI
[2010/05/12 02:20:23 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/03 20:30:47 | 000,376,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/03 20:28:18 | 000,084,992 | RHS- | M] () -- C:\Users\Nick\AppData\Roaming\upnpcontc.dll
[2010/05/02 02:07:34 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TMContainer00000000000000000002.regtrans-ms
[2010/05/01 00:53:39 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 00:53:39 | 000,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TM.blf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/25 21:54:30 | 000,049,955 | ---- | M] () -- C:\Users\Nick\Documents\Yr2MG6solutions.pdf
[2010/04/24 19:16:02 | 000,039,424 | ---- | M] () -- C:\Users\Nick\Documents\CV_Nick_Slater_Apr-10.doc
[2010/04/24 01:32:25 | 000,162,432 | ---- | M] () -- C:\Windows\System32\drivers\ithsgt.sys
[2010/04/24 01:32:24 | 000,012,032 | ---- | M] () -- C:\Windows\System32\drivers\lilsgt.sys
[2010/04/06 21:01:14 | 000,099,176 | ---- | M] () -- C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 18:57:45 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TMContainer00000000000000000002.regtrans-ms
[2010/04/05 17:31:54 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 17:31:54 | 000,065,536 | -HS- | M] () -- C:\Users\Nick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/24 01:57:56 | 367,589,545 | ---- | M] () -- C:\Users\Nick\bg_play.php
[2010/03/11 22:52:01 | 000,011,276 | -HS- | M] () -- C:\Users\Nick\AppData\Local\V68m
[2010/03/06 22:20:31 | 000,022,016 | ---- | M] () -- C:\Users\Nick\Documents\Stan hj.doc
[2010/03/06 21:56:46 | 000,008,263 | ---- | M] () -- C:\Users\Nick\Documents\Atonement.MCL
[2010/03/06 21:56:42 | 000,008,264 | ---- | M] () -- C:\Users\Nick\Documents\Untitled world.MCL
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 00:20:17 | 3184,373,760 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 22:22:23 | 000,000,176 | ---- | C] () -- C:\Users\Nick\defogger_reenable
[2010/05/31 21:41:31 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/31 21:16:11 | 000,003,321 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922P.manifest
[2010/05/31 21:16:11 | 000,000,013 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922C.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922S.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922O.manifest
[2010/05/31 21:15:53 | 000,000,238 | -H-- | C] () -- C:\Windows\tasks\MSWD-509df692.job
[2010/05/31 20:48:08 | 000,025,088 | ---- | C] () -- C:\Windows\System32\fnpipe.dll
[2010/05/29 13:04:36 | 000,035,840 | ---- | C] () -- C:\Users\Nick\Documents\SUPERAntiSpyware Scan Log.doc
[2010/05/28 19:35:12 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/28 12:32:47 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 12:28:55 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/27 18:41:29 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/14 22:58:12 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/05/12 02:20:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/03 20:28:18 | 000,084,992 | RHS- | C] () -- C:\Users\Nick\AppData\Roaming\upnpcontc.dll
[2010/05/01 14:30:48 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TMContainer00000000000000000002.regtrans-ms
[2010/05/01 14:30:48 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 14:30:48 | 000,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TM.blf
[2010/04/25 21:54:30 | 000,049,955 | ---- | C] () -- C:\Users\Nick\Documents\Yr2MG6solutions.pdf
[2010/04/24 19:11:08 | 000,039,424 | ---- | C] () -- C:\Users\Nick\Documents\CV_Nick_Slater_Apr-10.doc
[2010/04/24 01:32:25 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2010/04/24 01:32:24 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2010/04/05 18:54:34 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TMContainer00000000000000000002.regtrans-ms
[2010/04/05 18:54:33 | 000,524,288 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 18:54:33 | 000,065,536 | -HS- | C] () -- C:\Users\Nick\ntuser.dat{2f8ca0d3-40dc-11df-b5db-002170846c95}.TM.blf
[2010/03/24 01:49:09 | 367,589,545 | ---- | C] () -- C:\Users\Nick\bg_play.php
[2010/03/16 01:28:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/11 15:54:02 | 000,011,276 | -HS- | C] () -- C:\Users\Nick\AppData\Local\V68m
[2010/03/08 13:56:09 | 000,002,659 | ---- | C] () -- C:\Users\Nick\Desktop\RapidShare Manager.lnk
[2010/03/06 22:20:30 | 000,022,016 | ---- | C] () -- C:\Users\Nick\Documents\Stan hj.doc
[2010/03/06 21:56:46 | 000,008,263 | ---- | C] () -- C:\Users\Nick\Documents\Atonement.MCL
[2010/03/06 21:56:42 | 000,008,264 | ---- | C] () -- C:\Users\Nick\Documents\Untitled world.MCL
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/25 02:20:38 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/03/14 16:03:04 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/03/14 16:03:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/03/14 16:03:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2008/11/30 19:10:06 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/11/30 19:10:06 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/11/25 23:35:03 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/11/25 23:35:03 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/11/25 23:35:03 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/11/08 18:11:26 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/06/03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/24 11:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2007/07/19 10:25:34 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/31 21:16:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
[2010/05/26 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
[2009/04/02 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Pro
[2008/11/08 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DigitalPersona
[2009/12/26 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Lionhead Studios
[2010/03/22 00:01:36 | 000,000,000 | -HSD | M] -- C:\Users\Nick\AppData\Roaming\lowsec
[2009/03/14 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Maple
[2009/12/26 02:35:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\My Games
[2009/03/15 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Noaxoq
[2010/05/31 21:16:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Omiwi
[2008/11/20 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\OpenOffice.org
[2010/05/31 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ozyv
[2009/04/19 02:31:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Research In Motion
[2010/01/12 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Wippien
[2009/12/21 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\X-Chat 2
[2010/06/02 12:26:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ybhev
[2010/05/31 21:15:53 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\MSWD-509df692.job
[2010/06/02 00:56:49 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/02 12:12:01 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/09/03 15:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL extras

OTL Extras logfile created on: 02/06/2010 12:33:00 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Nick\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 32.57 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 607.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-DELL
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [My CEWE Photo World] -- "C:\Program Files\CeWe Color\My CEWE Photo World\My CEWE Photo World.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" [2009/12/11 04:08:53 | 000,000,000 | ---D | M]
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Windows\TEMP\cmhi.tmp\svchost.exe" = C:\Windows\TEMP\cmhi.tmp\svchost.exe:*:Enabled:svchost -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C4E0BD61-1595-48C5-90AB-6706EF8BDBDB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D22E4F9A-722C-4DB1-82C4-447BBF897EFE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0188D5B3-CA96-4077-8BA8-A662BD44BEEA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{05AB9F74-B533-4933-87E2-65411D4344B8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{1D52AC02-6B8D-492A-ACB8-68910E70FF50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28452273-8E98-47FB-BEB8-4ABB5907D9BB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{303ABC1A-C58C-4E01-B900-66A2BDC10402}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4CBC0D3D-9A09-4252-96ED-513FD6E0BA2A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{5E106297-545D-4BA9-A732-E7A7D7593885}" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\temp\7zs1064.tmp\symnrt.exe |
"{5F979CD2-E164-451D-9D72-D6F28E57F62B}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{655C2D1D-D4ED-4F5C-8242-291BBFC4AA1C}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7A1E9AEE-8CCC-4DD2-9D5D-C016DC2D539C}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{87FB5CDA-8EB8-4B9C-96B9-A62D7EB646DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8982456E-12F5-4045-903D-2307D3E0FAE7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9B830029-ED40-4CC3-BC68-3207A7D18446}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{9D8B7E50-5F6E-4FCA-8E83-F43B09B67037}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B291DE32-9598-46A8-83D1-25425F1E98A7}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{C451C4D8-9B7A-4949-8B3F-DAAFBB939E2F}" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\temp\7zs1064.tmp\symnrt.exe |
"{CB86C3E6-A82C-46C3-A49C-07F73F442CB3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CEEACF81-C765-440D-ACD1-A9E194E81E30}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D42E6183-EE82-412A-B669-C35C03437EF6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7A4FFDF-0DEF-4771-B158-237154327A50}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4DDB4FC-9766-4CEE-AEF1-27ED3DAECF23}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{E60A7EE8-45BE-4C8D-9806-CBBB9AC97026}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9198216-3D36-436E-98B0-5CFB37C51F4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{00792EB7-F227-4152-9756-E75AA9D67EDC}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{50596B1B-8BD1-4906-8609-E64AAE7A8FAC}C:\users\nick\appdata\local\temp\pcwcorwo.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\temp\pcwcorwo.exe |
"TCP Query User{914C21AA-1F56-4025-8B34-22F57722B069}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{DFDAF889-5841-4563-A428-3F1A43428AE0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{32052BB1-1B13-4ECA-93F5-7FD065A18962}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A1EAF557-EAFA-4921-A184-5223BED02932}C:\users\nick\appdata\local\temp\pcwcorwo.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\temp\pcwcorwo.exe |
"UDP Query User{D7BB9F75-2FFD-4654-AAC1-3C077CA209A2}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{DAF3F587-D0FA-4575-A5A9-18D59D77511C}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{0285C8EA-A48F-4EAF-A485-69C46C464271}" = NI LabVIEW 8.5 VI.lib
"{03B96C48-4001-46C7-AA89-6D8C5C32A5B8}" = NI Variable Manager
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{0D77EC38-3091-40AE-A028-3C7BBEB0FC09}" = NI LabVIEW 8.5 License
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{122E90F8-A899-4225-AA82-94CBA2AEA98D}" = NI LabVIEW 8.5 Examples
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{1829DACB-46DE-4624-808B-7802AC528DDF}" = NI EULA Depot
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2461AEFD-6597-4B5F-9174-754B9DB56091}" = NI LabVIEW 8.5 Project
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{299B4500-C41F-4BA3-AB4A-CC9412E16D67}" = NI LabVIEW Run-Time Engine 8.5
"{2F4C21C2-2BDC-4226-961D-A9D297C4F34C}" = NI LabVIEW 8.5 Applibs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{35EAF162-26F1-4DD2-8349-297F5CE31FD5}" = DigitalPersona Personal 3.1.0
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{45A162D5-CF6F-49C5-9B25-A0F5DF512664}" = NI LabVIEW 8.5 Resource
"{46ADF464-9D63-47E0-B59F-0D9C3A60B4C4}" = NI DataSocket 4.5.0
"{47101908-553A-4767-94F5-1F2B58012F6D}" = NI LabVIEW 8.5 Help
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55762835-9A95-4A89-BFAE-8E46979C8C4B}" = NI LabVIEW 8.5 Manuals
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B2DC860-5B05-40E6-93DE-F17AAFE0A526}" = NI Variable Engine
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7112A06F-A109-46CC-810E-070679754F77}" = NI LabVIEW Deployable License 8.5.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74CB3747-1685-46C1-8F02-FCDA36ADDBA9}" = NI TDMS
"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5
"{768ECA63-EB76-4837-A4CC-58DA5A2FDAE9}" = NI LabVIEW 8.5 WWW
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{82D05F0A-8652-4F8F-BCD3-61DFFF4D660E}" = NI LabVIEW 8.5 Help File
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A702909-3A7D-4ABD-846B-1869A49D850B}" = NI MDF Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE51614-30BE-4F0F-B50F-459AB979D219}" = NI LabVIEW 8.5
"{8C8D1F1E-DC31-44F2-97F5-0D84CE49BB56}" = NI Uninstaller
"{8FA9410D-5894-4191-B8A4-CCEFAE34051C}" = NI OPC Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198EBF1-7EBB-40D4-87C8-7415CF8AE448}" = NI MXS
"{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1" = Counter Strike Source v1.0.0.34
"{92228315-BA53-4061-A404-0F05A72E946B}" = NI Logos XT Support
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{97C686BD-6FF3-4E3B-830D-552FE06128AA}" = NI LabVIEW 8.5 Templates
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9C008728-2EF9-44A7-9149-EEC43B9F87AF}" = NI LabVIEW 8.5 Menus
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A4ED947E-EC39-44F4-A576-44FA9E9F4AE3}" = NI Logos LabVIEW 8.5 Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCE1FFB-A320-44ED-BEE8-68AF1791B35E}" = NI LabVIEW 8.5 MeasAppChm File
"{ABFAA6D6-7832-4C57-BF92-BA4A7244DE7C}" = NI LabVIEW 8.5 iMath
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B05599F2-55E3-47D2-9047-AE171F35A90B}" = NI Logos 4.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6440D7E-E115-4B11-8935-54A329E364E0}" = NI LabVIEW 8.5 gMath
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7944A61-5832-40F1-B052-1D0BAB45EF95}" = NI LabVIEW 8.5 Simulation
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Simsâ„¢ 3
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4908416-75CE-456B-9AA5-531DE7FF6415}" = NI LabVIEW 8.5 User.lib
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{EC610AB8-3B18-4AD9-BCE5-8D014C94CD64}" = NI Example Finder 8.5
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4AEDCEC-88CD-4408-80F4-6E7560AE2122}" = NI Variable Engine LabVIEW 8.5 Support
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FADFF346-8180-4F39-AEC7-FE81087315BC}" = NI LabVIEW 8.5 CINtools
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FC9144C1-F70B-47CF-BCDC-FEFE4C0BA7D1}" = NI LabVIEW 8.5 Instr.lib
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support
"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS
"7-Zip" = 7-Zip 4.42
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"ATMA V" = ATMA V 5.05
"AviSynth" = AviSynth 2.5
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Broken Sword Trilogy" = Broken Sword Trilogy
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EasyPlot_is1" = EasyPlot
"Fallout" = Fallout
"Fallout2" = Fallout2
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDrive_is1" = IDrive version 3.1.0 November 05 2008
"ImTOO AVI to DVD Converter" = ImTOO AVI to DVD Converter
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"jZip" = jZip
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Lugaru_is1" = Lugaru v1.05
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey Island 2 - LeChuck's Revengev1.0" = Monkey Island 2 - LeChuck's Revenge
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MUSHclient" = MUSHclient (remove only)
"My CEWE Photo World" = My CEWE Photo World
"NI Uninstaller" = National Instruments Software
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"rag_doll_kung_fu" = rag_doll_kung_fu
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shockwave" = Shockwave
"SHOUTcast Source" = SHOUTcast Source (remove only)
"The Secret of Monkey Islandv1.0" = The Secret of Monkey Island
"Thief - The Dark Project" = Thief - The Dark Project (Remove Only)
"Videora iPod Converter" = Videora iPod Converter 4.06
"VLC media player" = VLC media player 0.9.2
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/09/2009 13:51:12 | Computer Name = Nick-Dell | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3498, time stamp 0x4a728f53,
faulting module Annots.api, version 9.0.0.332, time stamp 0x4850e57f, exception
code 0xc0000409, fault offset 0x0000ff52, process id 0x120c, application start time
0x01ca3887214f155d.

Error - 19/09/2009 08:15:31 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 20/09/2009 14:38:43 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 20/09/2009 21:16:41 | Computer Name = Nick-Dell | Source = EventSystem | ID = 4621
Description =

Error - 21/09/2009 07:25:05 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 21/09/2009 10:45:26 | Computer Name = Nick-Dell | Source = Application Error | ID = 1000
Description = Faulting application DeusEx.exe, version 0.0.0.0, time stamp 0x3ab162ec,
faulting module Core.dll, version 0.0.0.0, time stamp 0x3ab15e85, exception code
0xc0000005, fault offset 0x000453a0, process id 0x113c, application start time 0x01ca3aca0fc2f416.

Error - 21/09/2009 10:47:26 | Computer Name = Nick-Dell | Source = Application Hang | ID = 1002
Description = The program daemon.exe version 4.30.3.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ed0 Start Time: 01ca3aae0708aca6 Termination Time: 18

Error - 21/09/2009 14:53:15 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2009 18:53:57 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 23/09/2009 10:12:01 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

[ DigitalPersona Pro Events ]
Error - 10/11/2008 12:53:27 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 10/11/2008 12:53:36 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 10/11/2008 12:53:41 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 24/05/2009 15:51:02 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 24/05/2009 15:51:05 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 03/11/2009 08:14:23 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 25/11/2009 14:04:16 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 11/03/2010 18:54:29 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ OSession Events ]
Error - 13/05/2010 21:14:50 | Computer Name = Nick-Dell | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30084
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/02/2009 03:18:32 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 03:51:45 | Computer Name = Nick-Dell | Source = bowser | ID = 8003
Description =

Error - 12/02/2009 05:19:34 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 07:20:36 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 07:44:52 | Computer Name = Nick-Dell | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.16.105 for the Network Card with network
address 002170846C95 has been denied by the DHCP server 144.32.128.228 (The DHCP
Server sent a DHCPNACK message).

Error - 12/02/2009 15:18:37 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 14/02/2009 15:21:05 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 15/02/2009 15:22:30 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 16/02/2009 15:23:39 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 17/02/2009 15:25:00 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Thanks in advance!
Mac

Edited by Orange Blossom, 02 June 2010 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 05 June 2010 - 09:33 PM

Hi and welcome. smile.gif

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 06 June 2010 - 06:16 AM

Thanks for the reply, here's the OTL scan:

OTL

OTL logfile created on: 06/06/2010 11:57:26 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Nick\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 31.67 Gb Free Space | 11.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 607.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-DELL
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/02 12:32:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL(2).exe
PRC - [2010/05/31 21:16:20 | 000,060,004 | -H-- | M] () -- C:\Users\Nick\AppData\Local\Temp\notepad.exe
PRC - [2010/05/18 18:26:23 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/05 19:04:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/05 19:52:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\IDrive\IDriveE Service.exe
PRC - [2008/11/05 19:52:02 | 000,034,256 | ---- | M] (Pro Softnet Corp.) -- C:\IDrive\IDriveEBackground.exe
PRC - [2008/11/05 19:49:42 | 001,889,744 | ---- | M] (Pro Softnet Corp.) -- C:\IDrive\IDriveETray.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/24 17:36:56 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/26 14:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 14:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe
PRC - [2008/07/17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe
PRC - [2008/07/09 13:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/01 19:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) -- C:\IDrive\IDriveWebM.exe
PRC - [2008/06/09 11:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/06/05 14:26:36 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/05 14:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/05 16:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/07/23 10:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/07/19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe
PRC - [2007/07/16 18:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/07/16 18:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2007/07/16 18:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2007/03/21 12:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
PRC - [2007/03/08 18:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 12:32:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL(2).exe
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/22 16:22:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2008/11/05 19:52:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2008/10/24 17:52:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/26 14:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV)
SRV - [2008/07/17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008/07/01 19:52:22 | 000,058,832 | ---- | M] ( Pro-Softnet) [Auto | Running] -- C:\IDrive\IDriveWebM.exe -- (IDrivePlugin)
SRV - [2008/06/09 11:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/05/05 16:46:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/07/23 10:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/07/19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/07/16 18:15:06 | 000,213,040 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/07/16 18:14:56 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/07/16 18:14:46 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2007/05/09 16:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/21 12:35:18 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/03/08 18:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/01/29 16:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 01:32:25 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2010/04/24 01:32:24 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/03 16:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/12/31 01:43:48 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wip0204.sys -- (wip0204)
DRV - [2008/12/02 20:03:15 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 10:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/18 09:56:00 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/07/18 09:56:00 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/07/17 13:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/17 11:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/07/04 06:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/03 10:05:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/07/03 09:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 09:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 09:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/16 10:24:12 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/06/16 10:24:04 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/06/16 10:24:02 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/06/16 10:24:00 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/29 12:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/07/24 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=0081025
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=0081025
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2008/10/24 17:41:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/05 16:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/28 12:29:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/28 12:29:07 | 000,000,000 | ---D | M]

[2008/11/09 23:44:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2010/06/05 12:56:48 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions
[2009/09/02 11:07:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/06 22:37:52 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/04/10 13:08:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/06 22:25:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\dave2x@download
[2010/02/06 18:19:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\firefox@tvunetworks.com
[2010/05/26 20:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2007/07/24 20:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv85win32.dll
[2010/04/05 19:04:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/05 19:04:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/05 19:04:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/05 19:04:54 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000..\Run: [{E86CE8B6-2760-5DD1-06B3-5EAA2EB0BE33}] C:\Users\Nick\AppData\Roaming\Noaxoq\ikgi.exe (Amiwypul)
O4 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Nick\AppData\Local\Temp\notepad.exe ()
O4 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} http://autoconnect.york.ac.uk/tools/xc_loader_activex.ocx (xc_loader_activex.cntMain)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fnpipe: DllName - fnpipe.dll - C:\Windows\System32\fnpipe.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Users\Nick\Pictures\timetable lololol.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/07/26 15:04:00 | 000,973,360 | R--- | M] (National Instruments) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/07/26 15:04:00 | 000,000,320 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{359bfbd9-f51a-11dd-9317-00225f1fa20a}\Shell - "" = AutoRun
O33 - MountPoints2\{359bfbd9-f51a-11dd-9317-00225f1fa20a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{58d5354f-588a-11de-a66e-00225f1fa20a}\Shell\AutoRun\command - "" = F:\setup.exe -- [2007/07/18 20:12:00 | 002,447,968 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1324449153-129536472-1138474595-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/31 21:22:55 | 000,099,584 | ---- | C] (eSXi) -- C:\Users\Nick\AppData\Local\syssvc.exe
[2010/05/31 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\bikuytjwh
[2010/05/31 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
[2010/05/31 14:00:01 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple
[2010/05/29 17:31:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Adobe
[2010/05/29 00:40:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple Computer
[2010/05/28 19:37:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/28 19:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/28 19:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/28 12:32:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/28 12:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/28 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/28 12:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/28 12:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/28 12:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/28 12:24:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/27 18:41:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/27 18:41:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/05/27 18:41:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/27 18:41:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/27 18:41:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/27 18:41:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/05/27 18:41:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/27 18:41:31 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/27 18:41:31 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/27 18:41:31 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/27 18:41:31 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/27 18:41:31 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/05/27 18:41:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/05/27 18:41:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/27 18:41:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/05/27 18:41:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/05/27 18:41:31 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/05/27 18:41:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/27 18:41:30 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/27 18:41:30 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/05/27 18:41:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/05/27 18:41:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/27 18:41:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/27 18:41:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/05/27 18:41:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/27 18:41:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/05/27 18:41:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/27 18:41:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/27 18:41:29 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/27 18:41:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/05/27 18:41:28 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/27 18:41:28 | 000,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/27 18:41:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/27 18:41:28 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/05/27 18:41:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/27 18:41:27 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/27 18:41:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/05/27 18:41:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/05/27 18:41:27 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/05/27 18:41:27 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/05/27 18:41:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/05/27 18:41:26 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/26 15:44:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\twmyktuvl
[2010/05/26 13:09:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/15 13:21:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 11:57:07 | 004,980,736 | -HS- | M] () -- C:\Users\Nick\ntuser.dat
[2010/06/06 11:54:40 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/06 11:40:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/06 11:38:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 11:38:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 11:38:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 11:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 11:37:57 | 3184,373,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 01:50:15 | 000,004,956 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/06 01:50:03 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 01:50:03 | 000,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{ab145823-5525-11df-919b-002170846c95}.TM.blf
[2010/06/06 01:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 16:05:28 | 002,492,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/05 16:05:28 | 001,083,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/05 16:05:28 | 000,004,884 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/04 00:38:48 | 002,479,384 | -H-- | M] () -- C:\Users\Nick\AppData\Local\IconCache.db
[2010/06/03 13:41:49 | 000,153,088 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 22:22:38 | 000,000,176 | ---- | M] () -- C:\Users\Nick\defogger_reenable
[2010/05/31 21:44:28 | 000,002,659 | ---- | M] () -- C:\Users\Nick\Desktop\RapidShare Manager.lnk
[2010/05/31 21:30:36 | 320,060,716 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/31 21:22:55 | 000,099,584 | ---- | M] (eSXi) -- C:\Users\Nick\AppData\Local\syssvc.exe
[2010/05/31 21:18:55 | 000,003,321 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922P.manifest
[2010/05/31 21:16:12 | 000,000,013 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922C.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922S.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922O.manifest
[2010/05/31 21:15:53 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\MSWD-509df692.job
[2010/05/31 20:48:08 | 000,025,088 | ---- | M] () -- C:\Windows\System32\fnpipe.dll
[2010/05/29 13:04:38 | 000,035,840 | ---- | M] () -- C:\Users\Nick\Documents\SUPERAntiSpyware Scan Log.doc
[2010/05/29 00:01:38 | 000,007,512 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2010/05/28 19:35:12 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/28 12:32:47 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 12:28:55 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/14 22:58:13 | 000,000,038 | ---- | M] () -- C:\Windows\osAviSplitter.INI
[2010/05/12 02:20:23 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 12:24:56 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/04 11:58:46 | 3184,373,760 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/01 22:22:23 | 000,000,176 | ---- | C] () -- C:\Users\Nick\defogger_reenable
[2010/05/31 21:16:11 | 000,003,321 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922P.manifest
[2010/05/31 21:16:11 | 000,000,013 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922C.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922S.manifest
[2010/05/31 21:16:11 | 000,000,011 | -HS- | C] () -- C:\Users\Nick\AppData\Roaming\02000000aca12769922O.manifest
[2010/05/31 21:15:53 | 000,000,238 | -H-- | C] () -- C:\Windows\tasks\MSWD-509df692.job
[2010/05/31 20:48:08 | 000,025,088 | ---- | C] () -- C:\Windows\System32\fnpipe.dll
[2010/05/29 13:04:36 | 000,035,840 | ---- | C] () -- C:\Users\Nick\Documents\SUPERAntiSpyware Scan Log.doc
[2010/05/28 19:35:12 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/28 12:32:47 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 12:28:55 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/27 18:41:29 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/14 22:58:12 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2010/05/12 02:20:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/24 01:32:25 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2010/04/24 01:32:24 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2010/03/16 01:28:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/25 02:20:38 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/03/14 16:03:04 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/03/14 16:03:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/03/14 16:03:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2008/11/30 19:10:06 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/11/30 19:10:06 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/11/25 23:35:03 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/11/25 23:35:03 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/11/25 23:35:03 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/11/08 18:11:26 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/06/03 03:35:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/24 11:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2007/07/19 10:25:34 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/31 21:16:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
[2010/05/26 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
[2009/04/02 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Pro
[2008/11/08 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DigitalPersona
[2009/12/26 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Lionhead Studios
[2010/03/22 00:01:36 | 000,000,000 | -HSD | M] -- C:\Users\Nick\AppData\Roaming\lowsec
[2009/03/14 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Maple
[2009/12/26 02:35:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\My Games
[2009/03/15 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Noaxoq
[2010/05/31 21:16:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Omiwi
[2008/11/20 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\OpenOffice.org
[2010/05/31 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ozyv
[2009/04/19 02:31:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Research In Motion
[2010/01/12 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Wippien
[2009/12/21 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\X-Chat 2
[2010/06/06 11:41:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ybhev
[2010/05/31 21:15:53 | 000,000,238 | -H-- | M] () -- C:\Windows\Tasks\MSWD-509df692.job
[2010/06/06 01:50:18 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/06 11:54:40 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/05/31 21:16:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
[2010/05/26 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
[2008/11/09 01:28:52 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Adobe
[2009/09/15 01:52:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Apple Computer
[2008/11/08 16:04:22 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ATI
[2008/11/13 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Creative
[2009/05/02 03:45:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\CyberLink
[2009/04/02 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Lite
[2009/04/01 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Pro
[2008/11/08 16:00:39 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Dell
[2008/11/08 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DigitalPersona
[2008/11/10 02:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DivX
[2009/01/13 01:53:50 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\dvdcss
[2008/11/09 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Google
[2010/02/28 22:58:16 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Hamachi
[2008/11/08 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Identities
[2009/12/26 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Lionhead Studios
[2010/03/22 00:01:36 | 000,000,000 | -HSD | M] -- C:\Users\Nick\AppData\Roaming\lowsec
[2008/11/08 16:24:59 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Macromedia
[2008/11/08 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Macrovision
[2010/01/31 16:26:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Malwarebytes
[2009/03/14 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Maple
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Media Center Programs
[2010/03/16 01:22:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Media Player Classic
[2010/05/14 02:14:50 | 000,000,000 | --SD | M] -- C:\Users\Nick\AppData\Roaming\Microsoft
[2008/11/09 23:44:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla
[2009/12/26 02:35:13 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\My Games
[2009/03/15 17:16:40 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Noaxoq
[2010/05/31 21:16:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Omiwi
[2008/11/20 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\OpenOffice.org
[2010/05/31 21:40:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ozyv
[2009/11/26 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Real
[2010/01/14 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Reallusion
[2009/04/19 02:31:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Research In Motion
[2009/04/19 02:32:39 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Roxio
[2009/08/19 17:42:53 | 000,000,000 | RH-D | M] -- C:\Users\Nick\AppData\Roaming\SecuROM
[2010/05/26 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Skype
[2010/05/26 11:23:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\skypePM
[2010/05/28 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/28 01:45:44 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Symantec
[2010/05/01 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\vlc
[2008/12/05 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinRAR
[2010/01/12 20:38:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Wippien
[2009/12/21 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\X-Chat 2
[2010/06/06 11:41:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ybhev

< %APPDATA%\*.exe /s >
[2009/11/18 03:03:53 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008/11/09 20:07:37 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2008/11/09 20:07:37 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2008/11/09 20:07:37 | 000,008,854 | R--- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2010/04/24 02:10:18 | 000,010,134 | R--- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
[2010/04/24 02:10:18 | 000,004,286 | R--- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
[2010/04/24 02:10:18 | 000,008,854 | R--- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
[2009/06/07 04:00:25 | 000,010,134 | R--- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009/03/15 17:16:40 | 000,159,232 | ---- | M] (Amiwypul) -- C:\Users\Nick\AppData\Roaming\Noaxoq\ikgi.exe
[2010/03/01 22:17:36 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009/11/27 05:01:02 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2010/03/13 22:18:42 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010/03/14 06:20:39 | 010,309,448 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
[2010/03/14 06:21:23 | 000,149,000 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
[2010/03/14 06:21:38 | 008,405,312 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010/03/14 06:22:25 | 020,887,024 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
[2010/03/14 06:20:01 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nick\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/25 02:47:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/09/03 15:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >


OTL Extras

OTL Extras logfile created on: 06/06/2010 11:57:26 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Nick\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 31.67 Gb Free Space | 11.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.84 Gb Free Space | 48.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 607.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK-DELL
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [My CEWE Photo World] -- "C:\Program Files\CeWe Color\My CEWE Photo World\My CEWE Photo World.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Windows\TEMP\cmhi.tmp\svchost.exe" = C:\Windows\TEMP\cmhi.tmp\svchost.exe:*:Enabled:svchost -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C4E0BD61-1595-48C5-90AB-6706EF8BDBDB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D22E4F9A-722C-4DB1-82C4-447BBF897EFE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0188D5B3-CA96-4077-8BA8-A662BD44BEEA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{05AB9F74-B533-4933-87E2-65411D4344B8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{1D52AC02-6B8D-492A-ACB8-68910E70FF50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28452273-8E98-47FB-BEB8-4ABB5907D9BB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{303ABC1A-C58C-4E01-B900-66A2BDC10402}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4CBC0D3D-9A09-4252-96ED-513FD6E0BA2A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{5E106297-545D-4BA9-A732-E7A7D7593885}" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\temp\7zs1064.tmp\symnrt.exe |
"{5F979CD2-E164-451D-9D72-D6F28E57F62B}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{655C2D1D-D4ED-4F5C-8242-291BBFC4AA1C}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{7A1E9AEE-8CCC-4DD2-9D5D-C016DC2D539C}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{87FB5CDA-8EB8-4B9C-96B9-A62D7EB646DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8982456E-12F5-4045-903D-2307D3E0FAE7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9B830029-ED40-4CC3-BC68-3207A7D18446}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{9D8B7E50-5F6E-4FCA-8E83-F43B09B67037}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B291DE32-9598-46A8-83D1-25425F1E98A7}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{C451C4D8-9B7A-4949-8B3F-DAAFBB939E2F}" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\temp\7zs1064.tmp\symnrt.exe |
"{CB86C3E6-A82C-46C3-A49C-07F73F442CB3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CEEACF81-C765-440D-ACD1-A9E194E81E30}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D42E6183-EE82-412A-B669-C35C03437EF6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7A4FFDF-0DEF-4771-B158-237154327A50}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4DDB4FC-9766-4CEE-AEF1-27ED3DAECF23}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{E60A7EE8-45BE-4C8D-9806-CBBB9AC97026}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9198216-3D36-436E-98B0-5CFB37C51F4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{00792EB7-F227-4152-9756-E75AA9D67EDC}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{50596B1B-8BD1-4906-8609-E64AAE7A8FAC}C:\users\nick\appdata\local\temp\pcwcorwo.exe" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\temp\pcwcorwo.exe |
"TCP Query User{914C21AA-1F56-4025-8B34-22F57722B069}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C558E4E4-BBDB-4C63-B475-CF4AF34DFC19}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{DFDAF889-5841-4563-A428-3F1A43428AE0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{32052BB1-1B13-4ECA-93F5-7FD065A18962}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{971EBD5C-1791-4ACC-9CCF-8356B86664FD}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A1EAF557-EAFA-4921-A184-5223BED02932}C:\users\nick\appdata\local\temp\pcwcorwo.exe" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\temp\pcwcorwo.exe |
"UDP Query User{D7BB9F75-2FFD-4654-AAC1-3C077CA209A2}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{DAF3F587-D0FA-4575-A5A9-18D59D77511C}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{0285C8EA-A48F-4EAF-A485-69C46C464271}" = NI LabVIEW 8.5 VI.lib
"{03B96C48-4001-46C7-AA89-6D8C5C32A5B8}" = NI Variable Manager
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{0D77EC38-3091-40AE-A028-3C7BBEB0FC09}" = NI LabVIEW 8.5 License
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{122E90F8-A899-4225-AA82-94CBA2AEA98D}" = NI LabVIEW 8.5 Examples
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D5755D-3795-45FE-9ED6-BC0DAFA3B333}" = NI-RPC 3.4.0f1
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{1829DACB-46DE-4624-808B-7802AC528DDF}" = NI EULA Depot
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2461AEFD-6597-4B5F-9174-754B9DB56091}" = NI LabVIEW 8.5 Project
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{299B4500-C41F-4BA3-AB4A-CC9412E16D67}" = NI LabVIEW Run-Time Engine 8.5
"{2F4C21C2-2BDC-4226-961D-A9D297C4F34C}" = NI LabVIEW 8.5 Applibs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{35EAF162-26F1-4DD2-8349-297F5CE31FD5}" = DigitalPersona Personal 3.1.0
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{45A162D5-CF6F-49C5-9B25-A0F5DF512664}" = NI LabVIEW 8.5 Resource
"{46ADF464-9D63-47E0-B59F-0D9C3A60B4C4}" = NI DataSocket 4.5.0
"{47101908-553A-4767-94F5-1F2B58012F6D}" = NI LabVIEW 8.5 Help
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55762835-9A95-4A89-BFAE-8E46979C8C4B}" = NI LabVIEW 8.5 Manuals
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B2DC860-5B05-40E6-93DE-F17AAFE0A526}" = NI Variable Engine
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7112A06F-A109-46CC-810E-070679754F77}" = NI LabVIEW Deployable License 8.5.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74CB3747-1685-46C1-8F02-FCDA36ADDBA9}" = NI TDMS
"{74F4EA0E-6E74-4336-BFB7-8B1376CACBB1}" = NI Instrument IO Assistant for LabVIEW 8.5
"{768ECA63-EB76-4837-A4CC-58DA5A2FDAE9}" = NI LabVIEW 8.5 WWW
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{82D05F0A-8652-4F8F-BCD3-61DFFF4D660E}" = NI LabVIEW 8.5 Help File
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{873B6C52-4EAF-4FA8-A156-907FE78D74F3}" = NI LabWindows/CVI Code Generator
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A702909-3A7D-4ABD-846B-1869A49D850B}" = NI MDF Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE51614-30BE-4F0F-B50F-459AB979D219}" = NI LabVIEW 8.5
"{8C8D1F1E-DC31-44F2-97F5-0D84CE49BB56}" = NI Uninstaller
"{8FA9410D-5894-4191-B8A4-CCEFAE34051C}" = NI OPC Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198EBF1-7EBB-40D4-87C8-7415CF8AE448}" = NI MXS
"{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1" = Counter Strike Source v1.0.0.34
"{92228315-BA53-4061-A404-0F05A72E946B}" = NI Logos XT Support
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{97C686BD-6FF3-4E3B-830D-552FE06128AA}" = NI LabVIEW 8.5 Templates
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9C008728-2EF9-44A7-9149-EEC43B9F87AF}" = NI LabVIEW 8.5 Menus
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A4ED947E-EC39-44F4-A576-44FA9E9F4AE3}" = NI Logos LabVIEW 8.5 Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABCE1FFB-A320-44ED-BEE8-68AF1791B35E}" = NI LabVIEW 8.5 MeasAppChm File
"{ABFAA6D6-7832-4C57-BF92-BA4A7244DE7C}" = NI LabVIEW 8.5 iMath
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B05599F2-55E3-47D2-9047-AE171F35A90B}" = NI Logos 4.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6440D7E-E115-4B11-8935-54A329E364E0}" = NI LabVIEW 8.5 gMath
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7944A61-5832-40F1-B052-1D0BAB45EF95}" = NI LabVIEW 8.5 Simulation
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BB6B7CF3-6231-4F11-8F5B-8A7F10F3F587}" = NI Assistant Framework
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4908416-75CE-456B-9AA5-531DE7FF6415}" = NI LabVIEW 8.5 User.lib
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D3FE1E36-DF92-442F-AAE6-FFF4D5913834}" = NI LabVIEW Merge Utility 8.5.0
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{EC610AB8-3B18-4AD9-BCE5-8D014C94CD64}" = NI Example Finder 8.5
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDF51FA5-6909-47E1-AAFE-411BA8900AA1}" = NI-DAQmx - LabVIEW shared documentation
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4AEDCEC-88CD-4408-80F4-6E7560AE2122}" = NI Variable Engine LabVIEW 8.5 Support
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FADFF346-8180-4F39-AEC7-FE81087315BC}" = NI LabVIEW 8.5 CINtools
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FC9144C1-F70B-47CF-BCDC-FEFE4C0BA7D1}" = NI LabVIEW 8.5 Instr.lib
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDA3B45E-073C-4394-90F5-44887B54CC2C}" = NI LabVIEW 8.5 Device Detection and Deployment Support
"{FDEABB07-6AC3-41E1-A17C-CA5D9707EF72}" = NI-RPC 3.4.0f1 for Phar Lap ETS
"7-Zip" = 7-Zip 4.42
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"ATMA V" = ATMA V 5.05
"AviSynth" = AviSynth 2.5
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"Broken Sword Trilogy" = Broken Sword Trilogy
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EasyPlot_is1" = EasyPlot
"Fallout" = Fallout
"Fallout2" = Fallout2
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDrive_is1" = IDrive version 3.1.0 November 05 2008
"ImTOO AVI to DVD Converter" = ImTOO AVI to DVD Converter
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"jZip" = jZip
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Lugaru_is1" = Lugaru v1.05
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey Island 2 - LeChuck's Revengev1.0" = Monkey Island 2 - LeChuck's Revenge
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MUSHclient" = MUSHclient (remove only)
"My CEWE Photo World" = My CEWE Photo World
"NI Uninstaller" = National Instruments Software
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"rag_doll_kung_fu" = rag_doll_kung_fu
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shockwave" = Shockwave
"SHOUTcast Source" = SHOUTcast Source (remove only)
"The Secret of Monkey Islandv1.0" = The Secret of Monkey Island
"Thief - The Dark Project" = Thief - The Dark Project (Remove Only)
"Videora iPod Converter" = Videora iPod Converter 4.06
"VLC media player" = VLC media player 0.9.2
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"xchat" = XChat 2 (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1324449153-129536472-1138474595-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/09/2009 08:47:52 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 18/09/2009 12:00:25 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 18/09/2009 13:51:12 | Computer Name = Nick-Dell | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3498, time stamp 0x4a728f53,
faulting module Annots.api, version 9.0.0.332, time stamp 0x4850e57f, exception
code 0xc0000409, fault offset 0x0000ff52, process id 0x120c, application start time
0x01ca3887214f155d.

Error - 19/09/2009 08:15:31 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 20/09/2009 14:38:43 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 20/09/2009 21:16:41 | Computer Name = Nick-Dell | Source = EventSystem | ID = 4621
Description =

Error - 21/09/2009 07:25:05 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

Error - 21/09/2009 10:45:26 | Computer Name = Nick-Dell | Source = Application Error | ID = 1000
Description = Faulting application DeusEx.exe, version 0.0.0.0, time stamp 0x3ab162ec,
faulting module Core.dll, version 0.0.0.0, time stamp 0x3ab15e85, exception code
0xc0000005, fault offset 0x000453a0, process id 0x113c, application start time 0x01ca3aca0fc2f416.

Error - 21/09/2009 10:47:26 | Computer Name = Nick-Dell | Source = Application Hang | ID = 1002
Description = The program daemon.exe version 4.30.3.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: ed0 Start Time: 01ca3aae0708aca6 Termination Time: 18

Error - 21/09/2009 14:53:15 | Computer Name = Nick-Dell | Source = WinMgmt | ID = 10
Description =

[ DigitalPersona Pro Events ]
Error - 10/11/2008 12:53:27 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 10/11/2008 12:53:36 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 10/11/2008 12:53:41 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 24/05/2009 15:51:02 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 24/05/2009 15:51:05 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 03/11/2009 08:14:23 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 25/11/2009 14:04:16 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 11/03/2010 18:54:29 | Computer Name = Nick-Dell | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ OSession Events ]
Error - 13/05/2010 21:14:50 | Computer Name = Nick-Dell | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30084
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/02/2009 03:18:32 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 03:51:45 | Computer Name = Nick-Dell | Source = bowser | ID = 8003
Description =

Error - 12/02/2009 05:19:34 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 07:20:36 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 12/02/2009 07:44:52 | Computer Name = Nick-Dell | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.16.105 for the Network Card with network
address 002170846C95 has been denied by the DHCP server 144.32.128.228 (The DHCP
Server sent a DHCPNACK message).

Error - 12/02/2009 15:18:37 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 14/02/2009 15:21:05 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 15/02/2009 15:22:30 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 16/02/2009 15:23:39 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =

Error - 17/02/2009 15:25:00 | Computer Name = Nick-Dell | Source = Service Control Manager | ID = 7011
Description =


< End of report >


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 06 June 2010 - 02:11 PM

Thanks for that log, let's begin with Combofix here.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 07 June 2010 - 06:05 AM

Thanks for the quick reply, here's the log:

Combofix

ComboFix 10-06-06.01 - Nick 06/06/2010 23:50:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3036.2268 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dell Support Center\bin\sprtcmd.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\QuickTime\QTTask.exe
c:\programdata\U80tmLjH.exe
c:\users\Nick\AppData\Local\syssvc.exe
c:\users\Nick\AppData\Roaming\02000000aca12769922C.manifest
c:\users\Nick\AppData\Roaming\02000000aca12769922O.manifest
c:\users\Nick\AppData\Roaming\02000000aca12769922P.manifest
c:\users\Nick\AppData\Roaming\02000000aca12769922S.manifest
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199\enemies-names.txt
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199\local.ini
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Nick\Setup-SopCast-3.2.4-2009-7-9.exe
c:\windows\Fonts\SdbVri.com
c:\windows\system32\st325939.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\At1.job

CODE
<pre>
c:\program files\Dell Support Center\bin\sprtcmd .exe ---^> c:\program files\Dell Support Center\bin\sprtcmd.exe
c:\program files\iTunes\iTunesHelper .exe ---^> c:\program files\iTunes\iTunesHelper.exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe ---^> c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\QuickTime\QTTask .exe ---^> c:\program files\QuickTime\QTTask.exe
</pre>

.
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 23:00 . 2010-06-06 23:05 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-06-06 23:00 . 2010-06-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 20:17 . 2010-05-31 20:40 -------- d-----w- c:\users\Nick\AppData\Local\bikuytjwh
2010-05-31 19:48 . 2010-05-31 19:48 25088 ----a-w- c:\windows\system32\fnpipe.dll
2010-05-31 13:00 . 2010-05-31 13:00 -------- d-----w- c:\users\Nick\AppData\Local\Apple
2010-05-29 16:31 . 2010-05-29 16:31 -------- d-----w- c:\users\Nick\AppData\Local\Adobe
2010-05-28 23:40 . 2010-05-28 23:40 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-28 18:35 . 2010-05-28 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 11:32 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-28 11:32 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-28 11:31 . 2010-05-28 11:31 -------- d-----w- c:\program files\iPod
2010-05-28 11:31 . 2010-06-06 23:05 -------- d-----w- c:\program files\iTunes
2010-05-28 11:31 . 2010-05-28 11:32 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-28 11:28 . 2010-06-06 23:05 -------- d-----w- c:\program files\QuickTime
2010-05-28 11:24 . 2010-05-28 11:24 -------- d-----w- c:\program files\Bonjour
2010-05-26 14:44 . 2010-05-28 23:20 -------- d-----w- c:\users\Nick\AppData\Local\twmyktuvl
2010-05-26 12:09 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-15 12:21 . 2010-05-15 12:21 -------- d-----w- c:\windows\Sun
2010-05-12 01:20 . 2010-05-12 01:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-11 18:11 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 23:05 . 2010-03-11 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 23:01 . 2008-10-24 16:28 4956 ----a-w- c:\windows\bthservsdp.dat
2010-06-06 22:35 . 2009-09-13 06:26 -------- d-----w- c:\users\Nick\AppData\Roaming\Ybhev
2010-06-06 22:31 . 2008-11-09 23:19 -------- d-----w- c:\users\Nick\AppData\Roaming\X-Chat 2
2010-06-06 22:21 . 2010-06-06 22:21 112 ----a-w- c:\programdata\m3rujC8.dat
2010-05-31 20:40 . 2009-03-14 12:29 -------- d-----w- c:\users\Nick\AppData\Roaming\Ozyv
2010-05-31 20:16 . 2008-11-19 01:23 -------- d-----w- c:\users\Nick\AppData\Roaming\Omiwi
2010-05-28 23:01 . 2008-12-19 18:59 7512 ----a-w- c:\users\Nick\AppData\Local\d3d9caps.dat
2010-05-28 11:31 . 2008-11-09 14:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-28 01:21 . 2008-11-09 13:25 -------- d-----w- c:\program files\Symantec
2010-05-28 01:21 . 2008-11-09 13:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-28 01:21 . 2008-11-09 13:10 -------- d-----w- c:\programdata\Symantec
2010-05-28 00:45 . 2008-11-09 13:09 -------- d-----w- c:\users\Nick\AppData\Roaming\Symantec
2010-05-26 21:09 . 2010-05-03 19:27 -------- d-----w- c:\users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
2010-05-26 14:43 . 2010-01-12 17:57 -------- d-----w- c:\users\Nick\AppData\Roaming\Skype
2010-05-26 10:23 . 2010-01-12 18:02 -------- d-----w- c:\users\Nick\AppData\Roaming\skypePM
2010-05-12 02:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 02:07 . 2008-11-08 15:17 -------- d-----w- c:\programdata\Microsoft Help
2010-05-03 19:28 . 2010-05-03 19:28 84992 --sha-r- c:\users\Nick\AppData\Roaming\upnpcontc.dll
2010-05-02 21:39 . 2008-10-24 16:37 -------- d-----w- c:\programdata\McAfee
2010-05-01 22:28 . 2008-11-21 19:48 -------- d-----w- c:\users\Nick\AppData\Roaming\vlc
2010-04-29 14:39 . 2010-03-11 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-11 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 10:53 . 2010-04-29 10:31 -------- d-----w- c:\programdata\Norton
2010-04-24 00:50 . 2010-03-16 00:27 -------- d-----w- c:\programdata\Zoom Player
2010-04-24 00:45 . 2010-04-24 00:45 -------- d-----w- c:\program files\Atari
2010-04-24 00:32 . 2010-04-24 00:32 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2010-04-24 00:32 . 2010-04-24 00:32 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2010-04-16 07:33 . 2010-04-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 07:33 . 2010-04-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 20:01 . 2008-11-08 15:00 99176 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2007-07-24 19:03 . 2007-07-24 19:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-03-31 21:47 . 2008-11-09 22:44 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-11-22 15:22 . 2009-11-22 15:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-24 16:45 . 2008-10-24 16:45 74 --sh--r- c:\windows\CT4CET.bin
2008-10-25 01:49 . 2008-10-25 01:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"{E86CE8B6-2760-5DD1-06B3-5EAA2EB0BE33}"="c:\users\Nick\AppData\Roaming\Noaxoq\ikgi.exe" [2009-03-15 159232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2008-11-8 194000]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-17 576000]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fnpipe]
2010-05-31 19:48 25088 ----a-w- c:\windows\System32\fnpipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-24 16:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-22 30192]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-02 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2008-11-05 136656]
S2 IDrivePlugin;IDrivePlugin;c:\idrive\IDriveWebM.exe [2008-07-01 58832]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-07-18 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-07-18 277504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxp://autoconnect.york.ac.uk/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-ATMA V - c:\progra~1\ATMAV~1\Setup.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1324449153-129536472-1138474595-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,c7,d6,38,03,90,c1,22,db,d2,6a,07,6b,7c,95,96,0d,e8,f1,a8,85,87,1a,
31,70,40,35,08,bb,74,f1,0f,bc,b0,72,68,0e,c2,5d,32,7a,9c,3e,16,46,ee,ce,88,\
"??"=hex:7a,3c,38,2c,82,1b,ec,57,70,4b,bb,14,f6,bb,9f,0b

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(1464)
c:\windows\system32\btmmhook.dll
c:\idrive\IDriveEViewVista.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-07 00:15:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 23:15

Pre-Run: 33,738,629,120 bytes free
Post-Run: 41,653,829,632 bytes free

- - End Of File - - BBAC22C139459240B29908DC0DE359F1


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 08 June 2010 - 09:06 PM

Hello.

That's looking better. A few more things..

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    folder::
    c:\users\Nick\AppData\Local\bikuytjwh
    file::
    c:\windows\system32\fnpipe.dll
    c:\windows\bthservsdp.dat
    c:\programdata\m3rujC8.dat
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 15 June 2010 - 05:19 PM

Sorry about the late reply. I've been through a period of exams and had to focus on studying for them, but now that they are over I was able to complete the combofix scan:

ComboFix 10-06-15.02 - Nick 15/06/2010 22:53:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3036.2145 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
Command switches used :: c:\users\Nick\Downloads\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\m3rujC8.dat"
"c:\windows\bthservsdp.dat"
"c:\windows\system32\fnpipe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\m3rujC8.dat
c:\users\Nick\AppData\Local\bikuytjwh
c:\users\Nick\AppData\Local\fysipug.dll
c:\users\Nick\AppData\Local\ugawedokez.dll
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199\enemies-names.txt
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199\local.ini
c:\users\Nick\AppData\Roaming\30D4341A3AB531B60946EF6558D63199\setupupdater0000.exe.vir
c:\users\Nick\AppData\Roaming\692.exe
c:\users\Nick\AppData\Roaming\Noaxoq\ikgi.exe
c:\windows\bthservsdp.dat
c:\windows\system32\fnpipe.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 22:04 . 2010-06-15 22:04 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-06-15 22:04 . 2010-06-15 22:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-15 22:04 . 2010-06-15 22:04 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
2010-06-15 22:04 . 2010-06-15 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 21:37 . 2010-06-15 21:37 120 ----a-w- c:\users\Nick\AppData\Local\Rnepahixoweto.dat
2010-06-15 21:37 . 2010-06-15 21:37 0 ----a-w- c:\users\Nick\AppData\Local\Hcibuba.bin
2010-06-15 21:37 . 2010-06-15 21:37 -------- d-----w- c:\users\Nick\AppData\Local\{D1E50D41-6E6D-4813-85AF-60C512857931}
2010-06-11 08:25 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-11 08:25 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 08:25 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 08:25 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 08:25 . 2010-05-04 05:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-07 07:50 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-03 09:05 . 2010-06-03 09:05 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3150.tmp.exe
2010-05-31 13:00 . 2010-05-31 13:00 -------- d-----w- c:\users\Nick\AppData\Local\Apple
2010-05-29 16:31 . 2010-05-29 16:31 -------- d-----w- c:\users\Nick\AppData\Local\Adobe
2010-05-28 23:40 . 2010-05-28 23:40 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer
2010-05-28 18:38 . 2010-05-28 18:38 63488 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 18:38 . 2010-05-28 18:38 52224 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 18:37 . 2010-05-28 18:37 117760 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-28 18:35 . 2010-05-28 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 11:32 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-28 11:32 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-28 11:31 . 2010-05-28 11:31 -------- d-----w- c:\program files\iPod
2010-05-28 11:31 . 2010-06-06 23:05 -------- d-----w- c:\program files\iTunes
2010-05-28 11:31 . 2010-05-28 11:32 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-28 11:28 . 2010-06-06 23:05 -------- d-----w- c:\program files\QuickTime
2010-05-28 11:24 . 2010-05-28 11:24 -------- d-----w- c:\program files\Bonjour
2010-05-28 11:22 . 2010-05-28 11:22 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-26 14:44 . 2010-05-28 23:20 -------- d-----w- c:\users\Nick\AppData\Local\twmyktuvl
2010-05-26 12:09 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 22:03 . 2009-03-15 16:16 -------- d-----w- c:\users\Nick\AppData\Roaming\Noaxoq
2010-06-15 21:45 . 2009-09-13 06:26 -------- d-----w- c:\users\Nick\AppData\Roaming\Ybhev
2010-06-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-12 02:08 . 2008-11-08 15:17 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 21:56 . 2008-11-09 23:19 -------- d-----w- c:\users\Nick\AppData\Roaming\X-Chat 2
2010-06-06 23:05 . 2010-03-11 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 20:40 . 2009-03-14 12:29 -------- d-----w- c:\users\Nick\AppData\Roaming\Ozyv
2010-05-31 20:16 . 2008-11-19 01:23 -------- d-----w- c:\users\Nick\AppData\Roaming\Omiwi
2010-05-28 23:01 . 2008-12-19 18:59 7512 ----a-w- c:\users\Nick\AppData\Local\d3d9caps.dat
2010-05-28 11:31 . 2008-11-09 14:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-28 01:21 . 2008-11-09 13:25 -------- d-----w- c:\program files\Symantec
2010-05-28 01:21 . 2008-11-09 13:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-28 01:21 . 2008-11-09 13:10 -------- d-----w- c:\programdata\Symantec
2010-05-28 00:45 . 2008-11-09 13:09 -------- d-----w- c:\users\Nick\AppData\Roaming\Symantec
2010-05-26 21:09 . 2010-05-03 19:27 -------- d-----w- c:\users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
2010-05-26 14:43 . 2010-01-12 17:57 -------- d-----w- c:\users\Nick\AppData\Roaming\Skype
2010-05-26 10:23 . 2010-01-12 18:02 -------- d-----w- c:\users\Nick\AppData\Roaming\skypePM
2010-05-12 01:20 . 2010-05-12 01:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-04 05:55 . 2010-06-11 08:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 08:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 08:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 19:28 . 2010-05-03 19:28 84992 --sha-r- c:\users\Nick\AppData\Roaming\upnpcontc.dll
2010-05-03 19:28 . 2010-05-03 19:28 84992 --sha-r- c:\users\Nick\AppData\Roaming\upnpcontc.dll
2010-05-02 21:39 . 2008-10-24 16:37 -------- d-----w- c:\programdata\McAfee
2010-05-01 22:28 . 2008-11-21 19:48 -------- d-----w- c:\users\Nick\AppData\Roaming\vlc
2010-05-01 13:53 . 2010-06-11 08:24 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-03-11 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-11 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 10:53 . 2010-04-29 10:31 -------- d-----w- c:\programdata\Norton
2010-04-27 13:45 . 2010-04-27 13:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 13:45 . 2010-04-27 13:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-24 01:10 . 2010-04-24 01:04 8854 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
2010-04-24 01:10 . 2010-04-24 01:04 4286 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
2010-04-24 01:10 . 2010-04-24 01:04 10134 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
2010-04-24 00:50 . 2010-03-16 00:27 -------- d-----w- c:\programdata\Zoom Player
2010-04-24 00:45 . 2010-04-24 00:45 -------- d-----w- c:\program files\Atari
2010-04-24 00:32 . 2010-04-24 00:32 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2010-04-24 00:32 . 2010-04-24 00:32 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2010-04-16 07:33 . 2010-04-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 07:33 . 2010-04-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 20:01 . 2008-11-08 15:00 99176 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 16:17 . 2010-04-02 16:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 16:17 . 2010-04-02 16:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2007-07-24 19:03 . 2007-07-24 19:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-03-31 21:47 . 2008-11-09 22:44 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-11-22 15:22 . 2009-11-22 15:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-24 16:45 . 2008-10-24 16:45 74 --sh--r- c:\windows\CT4CET.bin
2008-10-25 01:49 . 2008-10-25 01:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2008-11-8 194000]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-17 576000]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-24 16:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-22 30192]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-02 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2008-11-05 136656]
S2 IDrivePlugin;IDrivePlugin;c:\idrive\IDriveWebM.exe [2008-07-01 58832]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-07-18 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-07-18 277504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxp://autoconnect.york.ac.uk/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{E86CE8B6-2760-5DD1-06B3-5EAA2EB0BE33} - c:\users\Nick\AppData\Roaming\Noaxoq\ikgi.exe
HKCU-Run-Pverofajahi - c:\users\Nick\AppData\Local\fysipug.dll
HKCU-Run-Iyonemaqawepe - c:\users\Nick\AppData\Local\ugawedokez.dll
Notify-fnpipe - fnpipe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 23:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x858A6438]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7d6322
\Driver\ACPI -> acpi.sys @ 0x80693d4c
\Driver\atapi -> 0x858a6438
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1324449153-129536472-1138474595-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,c7,d6,38,03,90,c1,22,db,d2,6a,07,6b,7c,95,96,0d,e8,f1,a8,85,87,1a,
31,70,40,35,08,bb,74,f1,0f,bc,b0,72,68,0e,c2,5d,32,7a,9c,3e,16,46,ee,ce,88,\
"??"=hex:7a,3c,38,2c,82,1b,ec,57,70,4b,bb,14,f6,bb,9f,0b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2010-06-15 23:07:36
ComboFix-quarantined-files.txt 2010-06-15 22:07
ComboFix2.txt 2010-06-06 23:15

Pre-Run: 30,049,599,488 bytes free
Post-Run: 30,005,202,944 bytes free

- - End Of File - - 9D8DA132494377CDA7B582D1EDC14EEA


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 17 June 2010 - 08:22 PM

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

--

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
  • Please post the contents of the Combofix log in your next reply.




Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 18 June 2010 - 07:59 PM

Thanks again. I completed all the steps and here are the two scans:

Combofix

ComboFix 10-06-17.03 - Nick 19/06/2010 1:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3036.2248 [GMT 1:00]
Running from: c:\users\Nick\Downloads\ComboFix.exe
Command switches used :: c:\users\Nick\Downloads\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\users\DZH~1.OLY\AppData\Local\temp
2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 21:37 . 2010-06-15 21:37 120 ----a-w- c:\users\Nick\AppData\Local\Rnepahixoweto.dat
2010-06-15 21:37 . 2010-06-15 21:37 0 ----a-w- c:\users\Nick\AppData\Local\Hcibuba.bin
2010-06-15 21:37 . 2010-06-15 21:37 -------- d-----w- c:\users\Nick\AppData\Local\{D1E50D41-6E6D-4813-85AF-60C512857931}
2010-06-11 08:25 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-11 08:25 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 08:25 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 08:25 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 08:25 . 2010-05-04 05:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-07 07:50 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-03 09:05 . 2010-06-03 09:05 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3150.tmp.exe
2010-05-31 13:00 . 2010-05-31 13:00 -------- d-----w- c:\users\Nick\AppData\Local\Apple
2010-05-29 16:31 . 2010-05-29 16:31 -------- d-----w- c:\users\Nick\AppData\Local\Adobe
2010-05-28 23:40 . 2010-05-28 23:40 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer
2010-05-28 18:38 . 2010-05-28 18:38 63488 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-28 18:38 . 2010-05-28 18:38 52224 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-28 18:37 . 2010-05-28 18:37 117760 ----a-w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2010-05-28 18:37 . 2010-05-28 18:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-28 18:35 . 2010-05-28 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 11:32 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-28 11:32 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-28 11:31 . 2010-05-28 11:31 -------- d-----w- c:\program files\iPod
2010-05-28 11:31 . 2010-06-06 23:05 -------- d-----w- c:\program files\iTunes
2010-05-28 11:31 . 2010-05-28 11:32 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-28 11:28 . 2010-06-06 23:05 -------- d-----w- c:\program files\QuickTime
2010-05-28 11:24 . 2010-05-28 11:24 -------- d-----w- c:\program files\Bonjour
2010-05-28 11:22 . 2010-05-28 11:22 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-26 14:44 . 2010-05-28 23:20 -------- d-----w- c:\users\Nick\AppData\Local\twmyktuvl
2010-05-26 12:09 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 22:03 . 2009-03-15 16:16 -------- d-----w- c:\users\Nick\AppData\Roaming\Noaxoq
2010-06-15 21:45 . 2009-09-13 06:26 -------- d-----w- c:\users\Nick\AppData\Roaming\Ybhev
2010-06-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-12 02:08 . 2008-11-08 15:17 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 21:56 . 2008-11-09 23:19 -------- d-----w- c:\users\Nick\AppData\Roaming\X-Chat 2
2010-06-06 23:05 . 2010-03-11 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 20:40 . 2009-03-14 12:29 -------- d-----w- c:\users\Nick\AppData\Roaming\Ozyv
2010-05-31 20:16 . 2008-11-19 01:23 -------- d-----w- c:\users\Nick\AppData\Roaming\Omiwi
2010-05-28 23:01 . 2008-12-19 18:59 7512 ----a-w- c:\users\Nick\AppData\Local\d3d9caps.dat
2010-05-28 11:31 . 2008-11-09 14:00 -------- d-----w- c:\program files\Common Files\Apple
2010-05-28 01:21 . 2008-11-09 13:25 -------- d-----w- c:\program files\Symantec
2010-05-28 01:21 . 2008-11-09 13:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-28 01:21 . 2008-11-09 13:10 -------- d-----w- c:\programdata\Symantec
2010-05-28 00:45 . 2008-11-09 13:09 -------- d-----w- c:\users\Nick\AppData\Roaming\Symantec
2010-05-26 21:09 . 2010-05-03 19:27 -------- d-----w- c:\users\Nick\AppData\Roaming\7D3BE842736D9F34DD12AC6DE259D4F3
2010-05-26 14:43 . 2010-01-12 17:57 -------- d-----w- c:\users\Nick\AppData\Roaming\Skype
2010-05-26 10:23 . 2010-01-12 18:02 -------- d-----w- c:\users\Nick\AppData\Roaming\skypePM
2010-05-12 01:20 . 2010-05-12 01:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-04 05:55 . 2010-06-11 08:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 08:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 08:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 19:28 . 2010-05-03 19:28 84992 --sha-r- c:\users\Nick\AppData\Roaming\upnpcontc.dll
2010-05-03 19:28 . 2010-05-03 19:28 84992 --sha-r- c:\users\Nick\AppData\Roaming\upnpcontc.dll
2010-05-02 21:39 . 2008-10-24 16:37 -------- d-----w- c:\programdata\McAfee
2010-05-01 22:28 . 2008-11-21 19:48 -------- d-----w- c:\users\Nick\AppData\Roaming\vlc
2010-05-01 13:53 . 2010-06-11 08:24 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-03-11 22:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-11 22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 10:53 . 2010-04-29 10:31 -------- d-----w- c:\programdata\Norton
2010-04-27 13:45 . 2010-04-27 13:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 13:45 . 2010-04-27 13:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-24 01:10 . 2010-04-24 01:04 8854 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
2010-04-24 01:10 . 2010-04-24 01:04 4286 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
2010-04-24 01:10 . 2010-04-24 01:04 10134 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
2010-04-24 00:50 . 2010-03-16 00:27 -------- d-----w- c:\programdata\Zoom Player
2010-04-24 00:45 . 2010-04-24 00:45 -------- d-----w- c:\program files\Atari
2010-04-24 00:32 . 2010-04-24 00:32 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2010-04-24 00:32 . 2010-04-24 00:32 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2010-04-16 07:33 . 2010-04-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 07:33 . 2010-04-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 20:01 . 2008-11-08 15:00 99176 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 16:17 . 2010-04-02 16:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 16:17 . 2010-04-02 16:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2007-07-24 19:03 . 2007-07-24 19:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-03-31 21:47 . 2008-11-09 22:44 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-11-22 15:22 . 2009-11-22 15:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-24 16:45 . 2008-10-24 16:45 74 --sh--r- c:\windows\CT4CET.bin
2008-10-25 01:49 . 2008-10-25 01:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-06-15_22.04.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-06-19 00:30 78762 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-08 16:24 . 2010-06-19 00:30 18508 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1324449153-129536472-1138474595-1000_UserData.bin
+ 2008-11-08 14:57 . 2010-06-19 00:27 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-08 14:57 . 2010-06-15 21:52 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-08 14:57 . 2010-06-19 00:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-08 14:57 . 2010-06-15 21:52 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-14 22:34 . 2010-06-15 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-14 22:34 . 2010-06-18 13:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-14 22:34 . 2010-06-15 14:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-14 22:34 . 2010-06-18 13:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-14 22:34 . 2010-06-18 13:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-14 22:34 . 2010-06-15 14:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-08 16:25 . 2010-06-18 11:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-08 16:25 . 2010-06-15 21:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-08 16:25 . 2010-06-15 21:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-08 16:25 . 2010-06-18 11:55 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-08 16:25 . 2010-06-15 21:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-08 16:25 . 2010-06-18 11:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 20:08 . 2010-06-16 20:08 21504 c:\windows\Installer\2356c3a.msi
- 2010-06-15 21:47 . 2010-06-15 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-19 00:27 . 2010-06-19 00:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-15 21:47 . 2010-06-15 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-19 00:27 . 2010-06-19 00:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-09 00:02 . 2010-06-17 01:50 420070 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-06-19 00:30 128894 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-08 14:57 . 2010-06-15 21:52 868352 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-08 14:57 . 2010-06-19 00:27 868352 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 10:33 . 2010-06-18 22:02 2602058 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-06-18 22:02 1140632 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2008-11-8 194000]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-17 576000]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-24 16:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-22 30192]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-02 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2008-11-05 136656]
S2 IDrivePlugin;IDrivePlugin;c:\idrive\IDriveWebM.exe [2008-07-01 58832]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-07-18 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-07-18 277504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxp://autoconnect.york.ac.uk/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0081025
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\3p314cd1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 01:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85E2D098]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7d2322
\Driver\ACPI -> acpi.sys @ 0x80691d4c
\Driver\atapi -> 0x85e2d098
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1324449153-129536472-1138474595-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,c7,d6,38,03,90,c1,22,db,d2,6a,07,6b,7c,95,96,0d,e8,f1,a8,85,87,1a,
31,70,40,35,08,bb,74,f1,0f,bc,b0,72,68,0e,c2,5d,32,7a,9c,3e,16,46,ee,ce,88,\
"??"=hex:7a,3c,38,2c,82,1b,ec,57,70,4b,bb,14,f6,bb,9f,0b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2010-06-19 01:45:20
ComboFix-quarantined-files.txt 2010-06-19 00:45
ComboFix2.txt 2010-06-15 22:07
ComboFix3.txt 2010-06-06 23:15

Pre-Run: 21,673,181,184 bytes free
Post-Run: 21,620,887,552 bytes free

- - End Of File - - 44D8460A130412B96CE8A36CBC015DBE


Malwerebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4213

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

19/06/2010 01:54:43
mbam-log-2010-06-19 (01-54-43).txt

Scan type: Quick scan
Objects scanned: 135594
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 20 June 2010 - 11:13 AM

Did you run Defogger? It seems to be still enabled?

Let me know. Then, could you run a TDSSKiller scan for me...
Download and Run TDSSKiller
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 20 June 2010 - 01:06 PM

Ok, sorry I didn't realised you had to wait for a bit until it said finished. I'll run the next scan now.

#12 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 20 June 2010 - 01:14 PM

19:10:24:165 4076 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:10:24:165 4076 ================================================================================
19:10:24:165 4076 SystemInfo:

19:10:24:165 4076 OS Version: 6.0.6001 ServicePack: 1.0
19:10:24:165 4076 Product type: Workstation
19:10:24:165 4076 ComputerName: NICK-DELL
19:10:24:165 4076 UserName: Nick
19:10:24:165 4076 Windows directory: C:\Windows
19:10:24:165 4076 Processor architecture: Intel x86
19:10:24:165 4076 Number of processors: 2
19:10:24:165 4076 Page size: 0x1000
19:10:24:166 4076 Boot type: Normal boot
19:10:24:166 4076 ================================================================================
19:10:53:950 4076 Initialize success
19:10:53:950 4076
19:10:53:950 4076 Scanning Services ...
19:10:55:953 4076 Raw services enum returned 476 services
19:10:55:961 4076
19:10:55:961 4076 Scanning Drivers ...
19:10:57:708 4076 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:10:57:804 4076 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:10:57:859 4076 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:10:57:910 4076 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:10:57:963 4076 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:10:58:077 4076 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
19:10:58:180 4076 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:10:58:222 4076 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:10:58:245 4076 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:10:58:269 4076 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:10:58:313 4076 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:10:58:344 4076 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:10:58:368 4076 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:10:58:399 4076 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:10:58:444 4076 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:10:58:560 4076 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:10:58:602 4076 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:10:58:703 4076 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
19:10:58:820 4076 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
19:10:58:881 4076 ATSwpWDF (30407fb218940ae61f1aa3821b69f567) C:\Windows\system32\Drivers\ATSwpWDF.sys
19:10:58:986 4076 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:10:59:011 4076 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:10:59:041 4076 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
19:10:59:085 4076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:10:59:106 4076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:10:59:150 4076 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:10:59:188 4076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:10:59:236 4076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:10:59:302 4076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:10:59:343 4076 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
19:10:59:383 4076 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
19:10:59:408 4076 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:10:59:443 4076 BthPort (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
19:10:59:466 4076 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
19:10:59:507 4076 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys
19:10:59:538 4076 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys
19:10:59:559 4076 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:10:59:572 4076 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys
19:10:59:775 4076 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:10:59:834 4076 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:10:59:886 4076 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:10:59:928 4076 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:10:59:962 4076 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:10:59:996 4076 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:11:00:047 4076 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:11:00:124 4076 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:11:00:166 4076 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:11:00:224 4076 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
19:11:00:370 4076 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
19:11:00:558 4076 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:11:00:651 4076 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:11:00:701 4076 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
19:11:00:744 4076 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:11:00:824 4076 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:11:00:900 4076 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:11:01:039 4076 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:11:01:090 4076 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:11:01:184 4076 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:11:01:234 4076 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:11:01:337 4076 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:11:01:400 4076 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:11:01:518 4076 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:11:01:553 4076 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:01:634 4076 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:11:01:727 4076 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:11:01:763 4076 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:11:01:816 4076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:11:01:855 4076 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
19:11:01:889 4076 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:11:01:977 4076 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:11:02:023 4076 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
19:11:02:109 4076 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:11:02:138 4076 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:11:02:182 4076 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:11:02:236 4076 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
19:11:02:282 4076 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:11:02:402 4076 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:11:02:487 4076 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:11:02:609 4076 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:11:02:697 4076 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:11:02:733 4076 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:11:02:829 4076 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:02:876 4076 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:11:02:946 4076 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:11:03:040 4076 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:11:03:093 4076 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:11:03:139 4076 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:11:03:184 4076 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:11:03:224 4076 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
19:11:03:316 4076 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:11:03:418 4076 ithsgt (b7a5fadf67136fda7e8f25303565b674) C:\Windows\system32\DRIVERS\ithsgt.sys
19:11:03:450 4076 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
19:11:03:624 4076 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:11:03:870 4076 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:11:03:910 4076 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
19:11:04:013 4076 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
19:11:04:150 4076 lilsgt (16767ea492b5d140e1de3679a65eae74) C:\Windows\system32\DRIVERS\lilsgt.sys
19:11:04:185 4076 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:11:04:214 4076 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:11:04:246 4076 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:11:04:273 4076 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:11:04:317 4076 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:11:04:355 4076 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
19:11:04:379 4076 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:11:04:432 4076 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:11:04:484 4076 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:11:04:522 4076 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:11:04:575 4076 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:11:04:602 4076 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:11:04:662 4076 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:11:04:741 4076 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:11:04:809 4076 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:11:04:857 4076 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:11:04:893 4076 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:11:04:950 4076 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:04:993 4076 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:05:034 4076 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:05:107 4076 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:11:05:182 4076 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:11:05:211 4076 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:11:05:372 4076 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:11:05:447 4076 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:11:05:472 4076 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:05:583 4076 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:11:05:611 4076 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:11:05:630 4076 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:11:05:685 4076 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:11:05:759 4076 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:11:05:810 4076 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
19:11:05:967 4076 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
19:11:06:091 4076 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:06:114 4076 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:06:137 4076 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:06:156 4076 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:11:06:210 4076 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:11:06:447 4076 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:11:06:660 4076 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:11:06:723 4076 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:11:06:789 4076 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:11:06:831 4076 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:11:06:879 4076 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:11:06:917 4076 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:11:06:943 4076 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:11:06:989 4076 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:11:07:043 4076 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:11:07:066 4076 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:11:07:133 4076 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
19:11:07:155 4076 OA001Vid (d8713c79ed64012863b3344ffc2d406e) C:\Windows\system32\DRIVERS\OA001Vid.sys
19:11:07:193 4076 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:11:07:382 4076 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:11:07:443 4076 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:11:07:602 4076 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:11:07:707 4076 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:11:07:832 4076 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:11:07:865 4076 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:11:07:918 4076 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:11:07:963 4076 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:11:07:996 4076 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:11:08:111 4076 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
19:11:08:238 4076 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:11:08:320 4076 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:11:08:407 4076 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:11:08:471 4076 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:11:08:679 4076 R300 (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
19:11:08:754 4076 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:11:08:825 4076 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:08:854 4076 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:08:881 4076 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:11:08:979 4076 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:11:09:072 4076 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:09:165 4076 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:11:09:252 4076 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:11:09:402 4076 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:11:09:448 4076 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
19:11:09:600 4076 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:11:09:774 4076 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:11:09:878 4076 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
19:11:09:913 4076 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
19:11:09:947 4076 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:11:09:995 4076 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:11:10:041 4076 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:11:10:111 4076 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:11:10:130 4076 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:11:10:229 4076 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:11:10:350 4076 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:11:10:455 4076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:11:10:482 4076 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:11:10:614 4076 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:11:10:640 4076 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:11:10:897 4076 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
19:11:10:992 4076 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:11:11:020 4076 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:11:11:078 4076 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:11:11:140 4076 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
19:11:11:199 4076 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:11:11:352 4076 sfsync04 (755c933969a81d119106097aa466715d) C:\Windows\system32\drivers\sfsync04.sys
19:11:11:431 4076 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
19:11:11:551 4076 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:11:11:579 4076 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:11:11:683 4076 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:11:11:767 4076 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:11:11:845 4076 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:11:11:903 4076 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
19:11:12:013 4076 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
19:11:12:047 4076 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
19:11:12:073 4076 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
19:11:12:114 4076 STHDA (5af1feec6945f4fa5efd00e0c6d8f9b9) C:\Windows\system32\DRIVERS\stwrt.sys
19:11:12:136 4076 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:11:12:161 4076 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:11:12:185 4076 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:11:12:208 4076 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:11:12:347 4076 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
19:11:12:692 4076 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
19:11:12:818 4076 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:11:12:862 4076 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:11:12:901 4076 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:11:12:973 4076 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:11:13:115 4076 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:11:13:199 4076 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:13:217 4076 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:11:13:247 4076 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
19:11:13:338 4076 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:11:13:396 4076 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:11:13:500 4076 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:11:13:582 4076 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:11:13:634 4076 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:11:13:730 4076 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:11:13:781 4076 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:11:13:846 4076 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
19:11:13:903 4076 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:13:977 4076 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:11:14:023 4076 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
19:11:14:097 4076 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
19:11:14:195 4076 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:11:14:259 4076 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:11:14:361 4076 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:14:395 4076 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:11:14:435 4076 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
19:11:14:534 4076 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:14:627 4076 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:11:14:652 4076 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:11:14:677 4076 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:11:14:708 4076 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:11:14:776 4076 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:11:14:859 4076 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:11:14:992 4076 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:11:15:075 4076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:11:15:126 4076 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:11:15:220 4076 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:15:224 4076 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:15:318 4076 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:11:15:445 4076 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:11:15:580 4076 wip0204 (2944bed10ffd9369da9a988d8ac899e4) C:\Windows\system32\DRIVERS\wip0204.sys
19:11:15:603 4076 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:11:15:629 4076 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:11:15:658 4076 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:15:659 4076
19:11:15:660 4076 Completed
19:11:15:660 4076
19:11:15:660 4076 Results:
19:11:15:660 4076 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:15:661 4076 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:15:661 4076
19:11:15:663 4076 KLMD(ARK) unloaded successfully


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 20 June 2010 - 02:33 PM

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c "mbr -t" >Log.txt&Log.txt&del Log.txt

A Notepad file will open. Post the contents of Log.txt in your next reply
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 macalester

macalester
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 20 June 2010 - 04:43 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR


#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 22 June 2010 - 04:28 PM

Sorry about the delay.

That looks good. Let's get an online scan as a checkup.

If all is good we can wrap up next post.

Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users