Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random music and "Congratulations, you won!" sound byte


  • This topic is locked This topic is locked
37 replies to this topic

#1 Forgotten_One

Forgotten_One

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 29 July 2010 - 10:57 PM

Background information: http://www.bleepingcomputer.com/forums/t/334936/random-music-and-congratulations-you-won-sound-byte/

Everything appears to load fine, though my computer starts up slowly. My computer doesn't feel compromised, but it's annoying to hear these things in the background.


DDS (Ver_10-03-17.01) - NTFSx86
Run by DKim at 22:16:08.82 on Thu 07/29/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2038.761 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 4
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 4
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Philips\SPC230NC\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Users\dkim\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\microsoft application virtualization

client\sftdcc.exe",
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [Procaster] "c:\program files\livestream procaster\Procaster.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SoftGridTray] "c:\program files\microsoft application virtualization client\SFTTray.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\dkim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program

files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips

spc230nc webcam\TrayMin230.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = stlcop.local
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12

\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12

\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {1A7EA5AE-22BC-4194-9330-776B2895436E} = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dkim\appdata\roaming\mozilla\firefox\profiles\d11y8btr.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}

\components\SkypeFfComponent.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref

("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-

3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-10 35456]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-10-7 35168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2006-10-26 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-10-31 5632]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-2-12 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-2-12 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-2-12 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-2-12 19304]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S3 klmd24;klmd24;c:\windows\system32\drivers\klmd.sys [2010-7-28 69456]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-12-25 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-12-25 461056]

=============== Created Last 30 ================

2010-07-28 21:57:49 69456 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-07-28 01:20:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-26 02:51:46 0 d-----w- c:\users\dkim\appdata\roaming\SUPERAntiSpyware.com
2010-07-26 02:51:39 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-25 23:09:27 0 d-----w- c:\users\dkim\appdata\roaming\SafeReturner
2010-07-25 23:09:17 0 d-----w- c:\program files\Safe Returner

==================== Find3M ====================

2010-06-27 21:22:23 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-27 21:22:23 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-27 21:22:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-07 22:25:21 148946 ----a-w- c:\windows\hpoins19.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-10-21 01:26:02 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:42:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:09 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:09 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:09 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:09 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-11-01 03:59:24 5632 ----a-w- c:\windows\inf\FUJ02E3.sys
2006-11-01 03:20:28 5888 ----a-w- c:\windows\inf\FUJ02B1.sys
2009-10-29 12:35:42 245760 --sha-w-

c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-12-03 03:38:40 32768 --sha-w- c:\windows\system32

\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008120220081203\index.dat
2008-12-03 19:27:04 32768 --sha-w- c:\windows\system32

\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008120320081204\index.dat
2009-01-24 03:33:18 32768 --sha-w- c:\windows\system32

\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012320090124\index.dat

============= FINISH: 22:17:10.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 07 August 2010 - 01:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 08 August 2010 - 11:52 AM

The only issues I've noticed is the sound clip "Congratulations, you won!" and random music plays, usually advertisements. I suppose my computer is a little slower, but I can't tell for certain. As I mentioned in the OP, my computer doesn't feel compromised, but I could be wrong. All vital passwords were changed in case.

I've run a number of programs already such as MalwareBytes, SuperAntiSpyware, ESET, TDSSRootkit Removal Tool, and updated my Java.

OTL logfile created on: 8/8/2010 10:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\dkim\Desktop

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 37.79 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S054393
Current User Name: DKim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/08 10:42:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\dkim\Desktop\OTL.exe
PRC - [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 12:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/02/12 09:04:30 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/02/12 09:04:00 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/12 09:00:56 | 000,145,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
PRC - [2009/10/07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/18 05:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\SmsClrHost.exe
PRC - [2009/04/11 01:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 01:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/23 06:04:44 | 001,230,088 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Dagent\dagent.exe
PRC - [2008/01/20 21:25:06 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/12/14 17:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
PRC - [2007/09/19 07:50:44 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/29 16:31:50 | 000,647,168 | ---- | M] (Fujitsu Computer Systems) -- C:\Program Files\Fujitsu\Utils\FjMenu.exe
PRC - [2007/04/09 08:06:16 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2006/11/17 15:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006/11/07 14:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006/08/25 17:58:16 | 000,020,480 | R--- | M] (Fujitsu Computer Systems Corporation) -- C:\Program Files\Fujitsu\Utils\FjDspMon.exe
PRC - [2006/05/05 00:59:02 | 000,020,480 | R--- | M] (Fujitsu Computer Systems Corporation) -- C:\Program Files\Fujitsu\Utils\FjEvents.exe
PRC - [2005/11/04 02:35:18 | 001,052,672 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
PRC - [2005/09/12 16:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\Windows\System32\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 10:42:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\dkim\Desktop\OTL.exe
MOD - [2009/04/11 01:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Altiris\Dagent\dagent.exe -load=default.dll,config.dll,autoupdate.dll -- (Altiris Deployment Agent)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/02/12 09:04:30 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/02/12 09:04:00 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/10/07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008/01/20 21:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/09/12 16:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/07/28 16:57:49 | 000,069,456 | ---- | M] (Kaspersky Lab, SLA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmd.sys -- (klmd24)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/12 09:04:24 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/02/12 09:04:08 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/02/12 09:04:06 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/02/12 09:03:54 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/10/07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/10/07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/01/20 21:23:01 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:01 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:01 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:00 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:00 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:00 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 21:23:00 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:22:59 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:22:59 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:22:59 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:22:59 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:22:58 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:22:58 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:22:58 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:22:58 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:22:57 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:22:57 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:22:56 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 21:22:56 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:22:55 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:22:54 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:22:36 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:22:36 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 21:22:35 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/31 17:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 15:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007/09/19 10:11:48 | 001,959,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/13 08:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/10 18:56:54 | 000,035,456 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/04/25 13:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2007/03/30 06:57:38 | 001,671,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/01/22 17:15:00 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/12/08 14:36:00 | 000,092,552 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/10/31 22:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/10/31 22:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006/10/26 05:36:54 | 000,018,944 | ---- | M] (Fujitsu Computer Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FjBtnDrv.sys -- (Fjbtndrv)
DRV - [2006/10/02 15:23:50 | 000,036,640 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/03/30 15:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2004/09/29 15:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 12:44:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 20:20:35 | 000,000,000 | ---D | M]

[2010/07/29 17:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 20:13:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/27 20:20:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/27 20:20:01 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/30 00:12:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe (Fujitsu Computer Systems)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Procaster] C:\Program Files\Livestream Procaster\Procaster.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SoftGridTray] C:\Program Files\Microsoft Application Virtualization Client\SFTTray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\dkim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = stlcop.local
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stlcop.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ("C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe") - C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\dkim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\dkim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1441b2b3-cde7-11dd-84c6-000000000000}\Shell\AutoRun\command - "" = F:\Connect.exe -- File not found
O33 - MountPoints2\{72031920-54c8-11dd-b3c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72031920-54c8-11dd-b3c6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmd24.sys - C:\Windows\System32\drivers\klmd.sys (Kaspersky Lab, SLA)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/28 16:57:49 | 000,069,456 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/07/27 20:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/27 20:20:35 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/27 20:20:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 20:20:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 20:20:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/25 21:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/25 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/08 10:44:57 | 003,407,872 | -HS- | M] () -- C:\Users\dkim\ntuser.dat
[2010/08/08 10:42:08 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 10:42:08 | 000,003,824 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 10:35:15 | 000,000,466 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/08/08 10:34:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/08 10:34:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 10:34:25 | 2137,374,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/29 22:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\dkim\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 22:59:36 | 000,065,536 | -HS- | M] () -- C:\Users\dkim\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/07/28 17:10:08 | 223,402,620 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/28 16:57:49 | 000,069,456 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/07/27 20:20:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 20:20:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 20:20:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/27 20:19:58 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/25 21:51:42 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/25 18:09:22 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2010/07/25 12:45:02 | 000,001,758 | ---- | M] () -- C:\Users\dkim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 12:45:02 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/17 22:41:54 | 000,600,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/17 22:41:54 | 000,102,956 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/17 22:41:53 | 000,698,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/27 22:41:33 | 2137,374,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/25 21:51:42 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/25 18:09:22 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Safe Returner.lnk
[2010/07/25 12:45:02 | 000,001,758 | ---- | C] () -- C:\Users\dkim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/01/21 10:11:11 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/01/21 10:09:17 | 000,000,466 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/10/20 18:34:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 10:18:36 | 000,035,168 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/15 16:03:19 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/12 11:36:47 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/03/12 11:36:47 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/03/12 11:36:47 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/12/25 16:09:29 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2008/10/28 12:41:16 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/08/29 00:09:36 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2008/08/29 00:09:36 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2008/08/27 23:57:45 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/27 23:57:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/07/01 11:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\client.INI
[2008/01/20 21:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/03/30 07:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 06:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/03/30 06:04:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/07 18:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 17:15:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/13 17:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 08:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\SATA\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:23:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 21:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 21:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dhcpcsvc6.dll
[2009/04/11 01:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\IPHLPAPI.DLL
[2009/03/08 06:22:37 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msls31.dll
[2006/11/02 04:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasadhlp.dll
[2009/04/11 01:28:23 | 000,286,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasapi32.dll
[2008/01/20 21:23:47 | 000,071,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasman.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:24 | 000,036,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rtutils.dll
[2006/11/02 04:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SensApi.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/20 21:23:50 | 000,376,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sxs.dll
[2006/11/02 04:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\tapi32.dll
[2009/04/11 01:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
[2008/01/20 21:24:22 | 000,014,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winnsi.dll
[2008/01/20 21:23:37 | 000,009,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wship6.dll
[2008/01/20 21:23:37 | 000,009,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\WSHTCPIP.DLL

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:12:53 | 017,326,080 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:12:42 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:12:53 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/28 16:57:49 | 000,069,456 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
< End of report >

Extras.txt
OTL Extras logfile created on: 8/8/2010 10:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\dkim\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 37.79 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S054393
Current User Name: DKim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1162508061-1999852495-692992123-20681\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DC6983-6C91-43E9-B474-2E5B5F897887}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{1037F2CF-3A1B-4940-8007-FA15D178B473}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{15304320-6AC7-4EDA-B678-8B1322484A4D}" = lport=2302 | protocol=17 | dir=in | name=civilization 4 - direct ip connection 1 |
"{1748CE32-76D1-4FD0-8CD4-B5100EA2848D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{1AD36FA3-6E19-4874-B3D8-42829C470F10}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{37B285B4-A772-4ACF-9BAD-CBA3A0C7CF97}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D1E9A31-2621-43C8-ADD0-E3267669D8F8}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{52C3131F-1730-4585-9FED-A388B8EA46D8}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{5E70B05E-F8EE-4AC7-8BC7-BBCEFE526B70}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{79E7F561-A177-48AC-93D5-804BB074E228}" = lport=13139 | protocol=17 | dir=in | name=civilization 4 - direct ip connection 2 |
"{7C135221-4269-4DDE-A429-BA71FD8ADED8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DE9990A-B071-427C-893D-9F4747A93303}" = lport=5358 | protocol=6 | dir=in | app=system |
"{82EA4149-9D37-4C19-8476-98E3EB3B5A23}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{875B7620-8A32-4DAA-BAFC-A65109434C3B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{89D24992-6B65-4181-B7C2-85C8995EBF6A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8D4F000F-5372-49E7-A903-9CC405EAFBD6}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A0B6344A-7006-4A54-BEA9-26304899F971}" = lport=5357 | protocol=6 | dir=in | app=system |
"{A28D75A0-304B-4D3D-8BFE-FB8857749141}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{A518CFBD-C0AA-451E-84D6-86E4D0FE2291}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A90AAE6B-1B5F-4BA5-B6CC-19C88AAD9152}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B534F011-648B-4C73-904E-32C04333C778}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{BA629F65-9802-4BE9-AD49-CCAE4764E615}" = lport=6500 | protocol=17 | dir=in | name=civilization 4 - direct ip connection 3 |
"{C0E9C52C-00D8-4A41-B92B-F061D7DFD04C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CA508884-8E79-4DFB-9198-142C6B547F68}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D37F68EE-467B-4568-9B17-038262C66AD7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{D395B6C7-8207-4171-8ED0-C30CD08FCC41}" = rport=5358 | protocol=6 | dir=out | app=system |
"{DA7139D7-DF93-4D7D-8B61-E39CA8022E4E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{E1EEA76F-B611-43E7-AB45-57FD3C84B2FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4E8D146-DD2B-44AA-92D6-70C706AF79BA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E9D038A2-EA31-4E28-A061-FB5C63C97FD6}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F3E1AE3D-5B0B-4294-9706-45738B4CFDDA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{F80CD3A2-EF41-457B-90F4-AAD3CE93C820}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{FB8B6E9D-1762-46CF-9779-5B807161E133}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B73987-3B47-47E3-AFF1-0A4CB4A952B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{048F0C27-6B91-4F15-86B5-6BB44A06536E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{06E1117E-8E1B-4C8B-9A30-41994CC397CE}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0CFBBC11-B1C3-432F-9288-6EAD3688E396}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0D706EB6-B83D-45D3-86F4-C090E32085DE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{142CB71C-C6A7-4D4C-A3BE-0789CCABEDAD}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{1A930B25-50E4-4CA6-BAEB-196AF99ADBEA}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{1A9FE678-DB77-4444-988C-B1C3FFB9E0FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DEFE79C-6840-4E3D-945C-B153E512395D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1FCADFF6-6050-4678-AA00-C9D9CC602929}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{2628A944-6541-45AD-A4BC-950F162192D3}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{29BBBF92-F2FC-4D20-B23E-6A66E4660267}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{2BC055E3-448F-4C9E-985F-CE60FEEC6B6B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{346978DC-4C42-4D71-8E6C-B0ED9F5367B3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37B50B55-4FE1-4CEB-83D0-832EF4BEC484}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{3ABAFFB2-E5C8-47FB-B723-882FCC3984C3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3BBAA788-7255-4ABB-B4CE-067C3ECD6138}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{3F5D0173-7F53-4A86-B510-6F7F4DCB2EDC}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{400E5155-C273-4AF5-A851-F698B7D89B3C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{44EE72A8-0066-4075-AEB1-9B330FE0BCD9}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
"{464D8026-DE03-4C3F-BB4E-9EC100216CF0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D8A93E4-553F-4F95-85F9-B305AA3B3757}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4EA612FE-6950-4AB4-8C56-22A22765E2FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54BA0D1B-E31C-42B5-8853-AB8326167E35}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{55E4729D-90D1-4747-BC65-D9B4DB9FEA7F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5A877A31-49A3-46B3-A69F-C808449AF649}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{5B8DC2DB-71A1-4CD2-9AFB-9C26A322DD7C}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5CD223F5-7DF6-496C-B81E-152421D9DB69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EAA7A2D-9FDC-45F6-BC13-79DA5BA2ED7A}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{5EF26BBE-4BCB-47FE-B637-4C1A6A6EC5DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{624D68F4-BD51-444A-9B61-F6C5D23FB30E}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{6ACF6E4F-A50E-44D7-B651-7ED187A06916}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6B653C6C-29A7-43AA-BEEE-D1C598960EEE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6CCE5078-D1C3-4009-8254-899748DE994D}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{7F1E0C59-50F9-4412-A649-5CC0AEBEE12A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{8AEF2E2E-2A96-4316-A65E-3B9EAB81F007}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9D125F83-58B6-458E-BC39-D8089919FFA1}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword_pitboss.exe |
"{B5CAE704-BC00-4691-B614-7622267C9F69}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B95613D3-E191-437C-B526-8575FE40A175}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C053C325-9824-41EA-8E0E-ECD61D74E5AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C632905D-8A42-400B-B20B-C7C38649279D}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{C6483F03-D708-40D4-B152-EDC3BEFC55C9}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{C7D8CA88-3C89-4678-BE82-85A64269BB37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CADF37E0-B4DB-453F-A962-B97F8B84CD15}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"{CC24D668-D297-404E-9BCF-F4BF08E732EF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{D0298751-1EE9-40C4-AB84-754EF2B91EA8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA9BF27F-4CBB-4E30-BE94-A82B4968B15E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DAA8648D-65CB-401B-9AB3-E5610DAAE6D1}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"{DF3DBE27-209A-489E-87D0-D5B46E0FA732}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5BF6EDF-CFC6-4D4B-AB61-8FE5D36701D4}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{F73DD9B4-5491-4C2C-9180-2620124AD1E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA86DE61-5559-4ADB-81B5-71B3CAB6D587}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"TCP Query User{1367368B-6F68-4AF6-A636-AA169EA659FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1772B4B1-6CBE-49E5-AEFF-2FDCBE8E5116}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{33897794-E1D6-4217-BBD2-021832CE14D4}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{3CD26116-80AB-4088-BC6C-F2E67F6B71EE}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{42430CDA-A64A-47F6-A12B-2D1F53653AF1}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"TCP Query User{43BBE3A0-57A5-425A-9BFC-4C0E6AF14008}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"TCP Query User{458CBDC4-41E4-42A3-811C-CE982D236DD3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5DBB24D8-9B97-4379-A289-9E5EFCCF5165}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{61D39912-E2ED-4BEE-9D9C-CB9274214115}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{881FBB92-92B0-43B8-830D-560EBDF301F3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{9C5978F0-6BAC-41A9-AC31-C8CA9A4B5829}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A6E79E4B-F657-4D42-8027-933857284265}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{AE4B3118-6002-4634-AC74-A2568290A744}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B3F57E84-47D5-435C-BBED-BDB06845A3D4}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"TCP Query User{B5BAFCFE-7EDB-4F4B-BABE-B02D29ABE6CF}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{C39C8856-4E68-47EA-96FC-F4BD2BA140EC}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"TCP Query User{C7827F83-78D0-4D01-8397-DCB85E535D4A}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{D73D84C2-C714-40EF-99D2-7E459EFE3461}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"TCP Query User{F5184304-8071-4DF8-87A5-B772EA6E590F}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"TCP Query User{FD599BC0-8C8A-4A7F-B926-D9F7DAB420EC}C:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe |
"TCP Query User{FDBCFC7E-9FAB-4138-81AE-9DD2D36EE49D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{00DB2B62-0E1E-4989-BDB7-D7F0C406D5DE}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{127D4DCB-0F08-4FA8-9AA1-7C59D9A6B9F3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1A004362-431E-45E3-B524-506185A96233}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
"UDP Query User{3B885E6A-8266-4120-888D-4B9540C09D2D}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"UDP Query User{3C799A7F-363A-4497-BB11-19D0538E7832}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"UDP Query User{40C81956-5DD1-4FF3-8E18-24A8D56BCBB5}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"UDP Query User{46CED033-5992-4906-A1BB-026443349566}C:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer™ tiberian sun™\sun\game.exe |
"UDP Query User{65CFE58C-E72C-4466-8CB2-5584703E1696}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{6982C3D3-0DE1-4317-B58C-1F836BFDCAA4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9918EF7D-3D00-45DF-8A20-381B84096B0D}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{ABF3937C-3E7E-41D0-97B0-172EEF27B997}C:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 gold\beyond the sword\civ4beyondsword.exe |
"UDP Query User{B87660E3-D9E2-4394-8622-063AE45920F6}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"UDP Query User{B89B4564-F6DE-48E6-9914-387F67801D64}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{BA86A7EC-7377-47FB-B20B-77F78170A0D9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CC40C6FE-FD46-4D7F-9CAF-EDCB5ABB0FDF}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{CDA09F11-7A93-45F8-81B9-4559F542C34C}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D57BED2A-FB95-4F6A-9686-0520A01E7DDA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DD709CE4-0DF4-445E-8533-267420166D2B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E0C9F2FE-49C5-4E91-B095-7E9CDDBDAC10}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{EDF307D5-A0C0-4805-96F7-42F4C227D47E}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{F6C2ABD5-A441-410D-BF3A-84382247DAFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E8B60-07D2-4B7F-97FE-0DA448606861}" = Fujitsu Button Utilities
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{30DE259E-9339-4790-8568-DFFC6BE71C8A}" = LockDown Browser 1.0.4.02
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{40C3258B-F9D1-46DF-AE97-72C1F86F2427}" = Microsoft Application Virtualization Desktop Client
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6C8D5E56-CA12-42B2-9075-044B4C7067A9}" = Altiris Deployment Agent
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7A85D628-B8BE-4BC5-BC5C-E4FD91D90502}" = Fujitsu Button Driver Component
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{091DC2B3-C957-4AB9-A3FB-526B02A166D5}" =
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{091DC2B3-C957-4AB9-A3FB-526B02A166D5}" =
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951302F9-88DA-4193-A533-B6792CCE9A1D}_is1" = Safe Returner 1.22
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus
"{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F64394E6-46D6-48F3-9701-3629D6CDD092}" = Fingerprint Sensor Minimum Install
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Cisco Connect" = Cisco Connect
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mnemosyne_is1" = Mnemosyne 1.1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"RealAlt_is1" = Real Alternative 1.8.2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StrangeEons" = Strange Eons
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 09 August 2010 - 04:21 AM

Hi,


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 August 2010 - 05:23 PM

I actually cannot disable my ESET NOD32 Antivirus because I am using a school laptop. Will that be a problem with Combofix?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 09 August 2010 - 05:29 PM

Hi,

yes, it might cause a problem. You can try to run it, but Eset will probably interfer.

IF that is the case please run MBRCheck instead:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 August 2010 - 06:47 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Enterprise Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU
System Product Name: LifeBook T4220
Logical Drives Mask: 0x00010004

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: 556991A287C2F0DCC1A523550674E87EBA4A8A21


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 10 August 2010 - 11:03 AM

Hi,
  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter 2 and press the Enter key
  5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Enter 0 and press the Enter key.
  7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 3 for Windows Vista, and then press Enter.
  8. The program will prompt for confirmation. Type 'YES' and hit Enter.
  9. Left click on the title bar (where program name and path is written).
  10. From menu chose Edit -> Select All
  11. Hit the Enter key on your keyboard to copy selected text.
  12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  13. Restart your PC.
  14. Post the text in "MBRCheck results.txt" here, please.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 10 August 2010 - 06:03 PM

I heard the sound byte again.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Enterprise Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU
System Product Name: LifeBook T4220
Logical Drives Mask: 0x00010004

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: 556991A287C2F0DCC1A523550674E87EBA4A8A21


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 12 August 2010 - 02:52 PM

Hi,

please run a new diagnostic with MBRCheck then:
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 12 August 2010 - 05:30 PM

Can you tell me if this is malicious code or not? I know my school has some code installed to lock out certain settings.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Enterprise Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU
System Product Name: LifeBook T4220
Logical Drives Mask: 0x00010004

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: 556991A287C2F0DCC1A523550674E87EBA4A8A21


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Edited by Forgotten_One, 12 August 2010 - 05:31 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 12 August 2010 - 05:47 PM

Hi,

this is definitely malicious. It is the infection that makes you hear those audio ads.

Have you rebooted between running the fix and running the next diagnostic scan?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 12 August 2010 - 06:05 PM

I thought I did, but I'll run your previous instructions and try again.

#14 Forgotten_One

Forgotten_One
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 12 August 2010 - 07:46 PM

I apologize for the double post, but I thought what happened in the past hour necessitated a new post. It was nearly a disaster. A Microsoft update ran at the end of the restart and then Windows did not start normally. Another attempt to reboot normally resulted in a blue screen. Rebooting in Safe Mode completed the update, though it took a long time. After the update completed, I rebooted normally, held my breath, and watched my laptop load normally.

I was greeted with "Congratulations, you won!" For once, I think I was glad I heard that.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Enterprise Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU
System Product Name: LifeBook T4220
Logical Drives Mask: 0x00010004

Kernel Drivers (total 169):
0x82A14000 \SystemRoot\system32\ntkrnlpa.exe
0x82DCD000 \SystemRoot\system32\hal.dll
0x80604000 \SystemRoot\system32\kdcom.dll
0x8060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067B000 \SystemRoot\system32\PSHED.dll
0x8068C000 \SystemRoot\system32\BOOTVID.dll
0x80694000 \SystemRoot\system32\CLFS.SYS
0x806D5000 \SystemRoot\system32\CI.dll
0x83407000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83483000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83490000 \SystemRoot\system32\drivers\acpi.sys
0x834D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x834DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x834E7000 \SystemRoot\system32\drivers\pci.sys
0x8350E000 \SystemRoot\System32\drivers\partmgr.sys
0x8351D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83520000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8352A000 \SystemRoot\system32\drivers\volmgr.sys
0x83539000 \SystemRoot\System32\drivers\volmgrx.sys
0x83583000 \SystemRoot\system32\drivers\intelide.sys
0x8358A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83598000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x835C5000 \SystemRoot\System32\drivers\mountmgr.sys
0x835D5000 \SystemRoot\system32\drivers\atapi.sys
0x835DD000 \SystemRoot\system32\drivers\ataport.SYS
0x807B5000 \SystemRoot\system32\drivers\msahci.sys
0x807BF000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x807C8000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x807EE000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8360A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8363C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8364C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x836BD000 \SystemRoot\system32\drivers\ndis.sys
0x837C8000 \SystemRoot\system32\drivers\msrpc.sys
0x88806000 \SystemRoot\system32\drivers\NETIO.SYS
0x88841000 \SystemRoot\System32\drivers\tcpip.sys
0x8892B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B1A000 \SystemRoot\system32\drivers\volsnap.sys
0x88B53000 \SystemRoot\System32\Drivers\spldr.sys
0x88B5B000 \SystemRoot\System32\Drivers\mup.sys
0x88B6A000 \SystemRoot\System32\drivers\ecache.sys
0x88B91000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88BB5000 \SystemRoot\system32\drivers\disk.sys
0x88BC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88BE7000 \SystemRoot\system32\DRIVERS\agp440.sys
0x88BF7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8896F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8897A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88983000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C405000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CA07000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CAA6000 \SystemRoot\System32\drivers\watchdog.sys
0x8CAB2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CABD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CAFB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CB0A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CB97000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8CE06000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CEC5000 \SystemRoot\system32\DRIVERS\ozscr.sys
0x8CEDC000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x8CEE7000 \SystemRoot\system32\drivers\tpm.sys
0x8CEF5000 \SystemRoot\system32\DRIVERS\FjBtnDrv.sys
0x8CEFA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CF0A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CF11000 \SystemRoot\system32\DRIVERS\serial.sys
0x8CF2B000 \SystemRoot\system32\DRIVERS\wacompen.sys
0x8CF31000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0x8CF33000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CF46000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF51000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CF7C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF7E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CF89000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x8CF91000 \SystemRoot\system32\drivers\irenum.sys
0x8CF9A000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CFA0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88992000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CFCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CFDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CFF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CBCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CBED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C9EB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x889D3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8D204000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8D28D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D29D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D29F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D2C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D2D3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D2E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D315000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D31E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D326000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D402000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D337000 \SystemRoot\system32\drivers\portcls.sys
0x8D364000 \SystemRoot\system32\drivers\drmk.sys
0x8D60E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D709000 \SystemRoot\system32\drivers\modem.sys
0x8D72E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D737000 \SystemRoot\System32\Drivers\Null.SYS
0x8D73E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D745000 \SystemRoot\system32\DRIVERS\easdrv.sys
0x8D754000 \SystemRoot\System32\drivers\vga.sys
0x8D760000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D781000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D789000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D791000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D79C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D7AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D7B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D7C9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D7DD000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0x8D389000 \SystemRoot\system32\drivers\afd.sys
0x8DC0B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DC3D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DC53000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DC61000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DC74000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8DC96000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8DC9C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DCD8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DCE2000 \SystemRoot\system32\drivers\csc.sys
0x8DD3D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DD54000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8DD5D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DD6A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DD75000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8DD7F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95C00000 \SystemRoot\System32\win32k.sys
0x8DD90000 \SystemRoot\System32\drivers\Dxapi.sys
0x95E20000 \SystemRoot\System32\TSDDD.dll
0x95E40000 \SystemRoot\System32\cdd.dll
0x95E50000 \SystemRoot\System32\ATMFD.DLL
0x8DDA9000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x81C08000 \SystemRoot\system32\drivers\spsys.sys
0x81CB8000 \SystemRoot\system32\DRIVERS\irda.sys
0x81CD6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81CE6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81D10000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81D1A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81D2D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x81D36000 \SystemRoot\system32\drivers\HTTP.sys
0x81DA3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81DBC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81DD1000 \SystemRoot\system32\drivers\mrxdav.sys
0x8DDB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8809000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8842000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA8872000 \SystemRoot\system32\DRIVERS\eamon.sys
0xA88BF000 \SystemRoot\system32\drivers\peauth.sys
0xA899D000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA980F000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xA989B000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xA98D1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA98EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA98FA000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9921000 \SystemRoot\System32\DRIVERS\srv.sys
0xA996F000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xA9978000 \SystemRoot\system32\drivers\tdtcp.sys
0xA9983000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA998F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA99C2000 \??\C:\Windows\system32\CCM\prepdrv.sys
0xA99E6000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA99C6000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x77750000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
608 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1696 C:\Windows\System32\wisptis.exe
1708 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1968 C:\Windows\System32\svchost.exe
1980 C:\Windows\System32\spoolsv.exe
2036 C:\Windows\System32\svchost.exe
1100 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1840 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
124 C:\Windows\System32\svchost.exe
616 C:\Windows\System32\o2flash.exe
712 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
2324 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2344 C:\Windows\System32\svchost.exe
2380 C:\Windows\System32\svchost.exe
2404 C:\Windows\System32\SearchIndexer.exe
2436 C:\Program Files\Altiris\Dagent\dagent.exe
2580 C:\Windows\System32\CCM\CcmExec.exe
2616 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
2984 C:\Windows\System32\taskeng.exe
3436 WmiPrvSE.exe
3976 C:\Windows\System32\taskeng.exe
2484 C:\Windows\System32\wisptis.exe
1224 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
3120 C:\Program Files\Microsoft Application Virtualization Client\sftdcc.exe
2056 C:\Windows\System32\dwm.exe
4472 C:\Windows\explorer.exe
4400 C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
1452 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3144 C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
4656 C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
4216 C:\Windows\RtHDVCpl.exe
4524 C:\Windows\Philips\SPC230NC\Monitor.exe
4512 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
4720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4744 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4888 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4768 C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
1032 C:\Program Files\Fujitsu\Utils\FjDspMon.exe
5276 C:\Program Files\Fujitsu\Utils\FjEvents.exe
3820 C:\Windows\System32\igfxext.exe
5680 C:\Windows\System32\wbem\unsecapp.exe
5340 C:\Windows\System32\igfxsrvc.exe
324 WmiPrvSE.exe
4952 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5572 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5116 C:\Program Files\Mozilla Firefox\firefox.exe
4788 C:\Windows\servicing\TrustedInstaller.exe
6116 WmiPrvSE.exe
5376 C:\Windows\System32\SearchProtocolHost.exe
4372 C:\Windows\System32\svchost.exe
4304 C:\Users\dkim\Desktop\MBRCheck.exe
4284 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: FUJITSUMHW2100BH, Rev: 00000012

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 556991A287C2F0DCC1A523550674E87EBA4A8A21


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

Edited by Forgotten_One, 12 August 2010 - 07:46 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:17 PM

Posted 15 August 2010 - 09:26 AM

Hi,

I am very sorry to hear that. Glad things worked out.

Are you still getting the sound bytes?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users