Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with suspected rootkit (detected by Symantec SEP as Trojan.ADH)


  • This topic is locked This topic is locked
14 replies to this topic

#1 chill86

chill86

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 September 2010 - 10:38 PM

Win7 32 bit machine

Symantec SEP 11 detects multiple APQ****.tmp and DWH****.tmp files as Trojan.ADH threats. The "****" are just random alpha-numeric characters.
The APQ****.tmp files are contained in the C:\ProgramData\Symantec\SRTSP\Quarantine folder.
The DWH****.tmp files are always found by SEP to be located in the User\AppData\Local\temp folder on the C drive.

SEP will detect these tmp files once or twice a week, and the detections come in waves of 10-100 detections at a time. Based on some reading I have done on the bleepingcomputer forums so far, I believe I may be infected with some sort of nasty rootkit. And I have no idea how to remove it. When I run a full system scan in Symantec SEP, it always finds nothing which doesn't surprise me since it seems that these rootkits are not detectable by Symantec.

This has been going on for about 2 weeks now with symantec going crazy in waves detecting these tmp files, and they are all quarantined until the next wave comes every few days. I suspect that something nasty is brewing on this machine, and I need help removing it.

DDS.txt is posted below and the Attach.txt and Ark.txt files are also attached to this posting.

_______________________________________________________

DDS.txt log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by chill at 14:28:59.58 on Sat 09/04/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2943.1533 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\chill.AMD\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\chill.amd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: amazon.com\www
Trusted Zone: amd.com
Trusted Zone: amd.com\amdonline
Trusted Zone: amd.com\cpg
Trusted Zone: amd.com\cpgportal
Trusted Zone: amd.com\cpgproject
Trusted Zone: amd.com\gcsfm
Trusted Zone: amd.com\gisportal
Trusted Zone: amd.com\hcldms
Trusted Zone: amd.com\mss
Trusted Zone: amd.com\mssportal
Trusted Zone: amd.com\myamd
Trusted Zone: amd.com\myemail
Trusted Zone: amd.com\MyHR
Trusted Zone: amd.com\myprojects
Trusted Zone: amd.com\myprojectteams
Trusted Zone: amd.com\myteams
Trusted Zone: amd.com\mywork
Trusted Zone: amd.com\project
Trusted Zone: amd.com\sapcitrix
Trusted Zone: amd.com \wrms
Trusted Zone: amdcentral
Trusted Zone: amdonline
Trusted Zone: asiaespec
Trusted Zone: ausb3rmwp01
Trusted Zone: cdw
Trusted Zone: cdw.com\www
Trusted Zone: citrixwebqa
Trusted Zone: conrad.de\www1.business
Trusted Zone: corporateexpress.de\connect
Trusted Zone: cpg
Trusted Zone: cpgportal
Trusted Zone: cpgproject
Trusted Zone: csgpweb2
Trusted Zone: dell.com\valuechain
Trusted Zone: dell.com\vccluster2
Trusted Zone: gisportal
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: hagemeyerce.com\down
Trusted Zone: hcldms
Trusted Zone: hoffmann-gmbh.de\de
Trusted Zone: insight.ca
Trusted Zone: insight.com
Trusted Zone: insight.com\uk
Trusted Zone: insight.com\www.corp
Trusted Zone: insight.com\www.marketplace.corp
Trusted Zone: kroschke.com\shop
Trusted Zone: metafore.ca\e-buy
Trusted Zone: mrose24.de\www
Trusted Zone: mss
Trusted Zone: mssportal
Trusted Zone: mutiaranet
Trusted Zone: myamd
Trusted Zone: myamd-qa
Trusted Zone: mygreatlakes.org\www
Trusted Zone: MyHR
Trusted Zone: myie6
Trusted Zone: myithelp
Trusted Zone: myprojects
Trusted Zone: myprojectteams
Trusted Zone: myqs
Trusted Zone: myteams
Trusted Zone: myteamsdrs
Trusted Zone: myteamssgp
Trusted Zone: mywork
Trusted Zone: pngqssts
Trusted Zone: printmedia.de\vubt001
Trusted Zone: project
Trusted Zone: qualitycenter
Trusted Zone: rockbox.org\build
Trusted Zone: rockbox.org\www
Trusted Zone: rs-components.com\order
Trusted Zone: sapcitrix
Trusted Zone: schweitzer-online.de\www
Trusted Zone: shi.com\roundtrip
Trusted Zone: spngmes01
Trusted Zone: spngweb5
Trusted Zone: ssgpopt13
Trusted Zone: storesonline
Trusted Zone: swagelok.com\b2b-de
Trusted Zone: thgeyer.de\www
Trusted Zone: vwr.com\de
Trusted Zone: weather.com\www
Trusted Zone: worldaccess
Trusted Zone: amd.com
Trusted Zone: amd.com\amdonline
Trusted Zone: amd.com\cpg
Trusted Zone: amd.com\cpgportal
Trusted Zone: amd.com\cpgproject
Trusted Zone: amd.com\gcsfm
Trusted Zone: amd.com\gisportal
Trusted Zone: amd.com\hcldms
Trusted Zone: amd.com\mss
Trusted Zone: amd.com\mssportal
Trusted Zone: amd.com\myamd
Trusted Zone: amd.com\myemail
Trusted Zone: amd.com\MyHR
Trusted Zone: amd.com\myprojects
Trusted Zone: amd.com\myprojectteams
Trusted Zone: amd.com\myteams
Trusted Zone: amd.com\mywork
Trusted Zone: amd.com\project
Trusted Zone: amd.com\sapcitrix
Trusted Zone: amd.com \wrms
Trusted Zone: amdcentral
Trusted Zone: amdonline
Trusted Zone: asiaespec
Trusted Zone: ausb3rmwp01
Trusted Zone: cdw
Trusted Zone: cdw.com\www
Trusted Zone: citrixwebqa
Trusted Zone: conrad.de\www1.business
Trusted Zone: corporateexpress.de\connect
Trusted Zone: cpg
Trusted Zone: cpgportal
Trusted Zone: cpgproject
Trusted Zone: csgpweb2
Trusted Zone: gisportal
Trusted Zone: hagemeyerce.com\down
Trusted Zone: hcldms
Trusted Zone: hoffmann-gmbh.de\de
Trusted Zone: insight.ca
Trusted Zone: insight.com
Trusted Zone: insight.com\uk
Trusted Zone: insight.com\www.corp
Trusted Zone: insight.com\www.marketplace.corp
Trusted Zone: kroschke.com\shop
Trusted Zone: metafore.ca\e-buy
Trusted Zone: mrose24.de\www
Trusted Zone: mss
Trusted Zone: mssportal
Trusted Zone: mutiaranet
Trusted Zone: myamd
Trusted Zone: myamd-qa
Trusted Zone: MyHR
Trusted Zone: myie6
Trusted Zone: myithelp
Trusted Zone: myprojects
Trusted Zone: myprojectteams
Trusted Zone: myqs
Trusted Zone: myteams
Trusted Zone: myteamsdrs
Trusted Zone: myteamssgp
Trusted Zone: mywork
Trusted Zone: pngqssts
Trusted Zone: printmedia.de\vubt001
Trusted Zone: project
Trusted Zone: qualitycenter
Trusted Zone: rs-components.com\order
Trusted Zone: sapcitrix
Trusted Zone: schweitzer-online.de\www
Trusted Zone: shi.com\roundtrip
Trusted Zone: spngmes01
Trusted Zone: spngweb5
Trusted Zone: ssgpopt13
Trusted Zone: storesonline
Trusted Zone: swagelok.com\b2b-de
Trusted Zone: thgeyer.de\www
Trusted Zone: vwr.com\de
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://ausb3rmwp01/arsys/apps/shared
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://aus-vpn.amd.com/CACHE/stc/5/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C4866628-AD07-4309-B3AB-DB6A8627FEAD} - hxxp://myvoicemail/ciscopca/controls/MediaMasENU.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-29 222568]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-6-15 26168]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-24 2477304]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2010-7-29 41264]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-1 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-1 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-29 36640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-4-9 520704]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-14 1153368]

=============== Created Last 30 ================

2010-09-04 04:28:58 0 d-----w- c:\users\chill.amd\appdata\roaming\Malwarebytes
2010-09-04 04:28:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 04:28:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 04:28:45 0 d-----w- c:\programdata\Malwarebytes
2010-09-04 04:28:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 02:24:45 0 d-----w- c:\program files\Sophos
2010-09-01 14:28:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32_01009.Wdf
2010-09-01 14:28:01 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-08-30 14:57:44 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-30 13:20:34 0 d-----w- c:\windows\wlansvc
2010-08-28 19:47:51 0 d-----w- c:\programdata\Sun
2010-08-28 19:47:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 18:14:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-28 18:14:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-28 18:13:10 0 d-----w- c:\program files\iPod
2010-08-28 18:13:09 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-28 18:13:09 0 d-----w- c:\program files\iTunes
2010-08-28 18:11:20 0 d-----w- c:\programdata\Apple Computer
2010-08-28 18:09:52 0 d-----w- c:\program files\Bonjour
2010-08-28 18:09:34 0 d-----w- c:\programdata\Apple
2010-08-25 13:50:40 0 d-----w- c:\users\chill.amd\appdata\roaming\HD Tune Pro
2010-08-25 13:50:17 0 d-----w- c:\program files\HD Tune Pro
2010-08-19 19:09:11 0 d-----w- c:\users\chill.amd\.AMD Power Monitor Settings
2010-08-19 19:08:36 42552 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-08-12 13:34:00 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 13:34:00 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 13:34:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-12 13:31:52 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-06 16:13:51 39 ----a-w- c:\windows\vbaddin.ini
2010-08-06 16:01:28 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-08-06 16:00:45 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-06 15:58:58 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-06 15:58:02 0 d-----w- c:\program files\Microsoft Analysis Services

==================== Find3M ====================

2010-09-04 00:57:28 7207328 ----a-w- c:\windows\system32\perfh00A.dat
2010-09-04 00:57:28 6893768 ----a-w- c:\windows\system32\prfh0404.dat
2010-09-04 00:57:28 6877566 ----a-w- c:\windows\system32\prfh0804.dat
2010-09-04 00:57:28 2402274 ----a-w- c:\windows\system32\perfc00A.dat
2010-09-04 00:57:28 2370364 ----a-w- c:\windows\system32\prfc0804.dat
2010-09-04 00:57:28 2365450 ----a-w- c:\windows\system32\prfc0404.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 03:17:01 24 ----a-w- c:\users\chill.amd\appdata\roaming\omubwk.dat
2010-07-21 21:52:14 40848 ----a-w- c:\windows\system32\drivers\point32.sys
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 05:10:58 505232 ----a-w- c:\windows\system32\ipcoin80.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 21:53:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 21:53:24 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 21:53:18 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2009-10-05 02:49:43 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-10-05 02:49:43 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-10-05 02:49:43 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-10-05 02:49:43 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-10-05 02:27:30 31548 ----a-w- c:\windows\inf\perflib\0404\perfd.dat
2009-10-05 02:27:30 31548 ----a-w- c:\windows\inf\perflib\0404\perfc.dat
2009-10-05 02:27:30 117840 ----a-w- c:\windows\inf\perflib\0404\perfi.dat
2009-10-05 02:27:30 117840 ----a-w- c:\windows\inf\perflib\0404\perfh.dat
2009-10-05 02:22:27 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat
2009-10-05 02:22:27 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat
2009-10-05 02:22:27 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat
2009-10-05 02:22:27 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-31 20:03:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-12-31 20:03:41 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-31 20:03:41 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:30:04.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 13 September 2010 - 04:16 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 13 September 2010 - 12:56 PM

Thanks Elise...
here are the OTL logs:

OTL:
-------------------
OTL logfile created on: 9/13/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\chill.AMD\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 102.77 Gb Free Space | 68.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 975.82 Mb Total Space | 932.91 Mb Free Space | 95.60% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUSL110983
Current User Name: chill
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 10:47:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\chill.AMD\Desktop\OTL.exe
PRC - [2010/08/05 21:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/08/05 21:05:52 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/07/01 19:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/06 19:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 19:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/08 16:25:36 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/03/02 09:51:54 | 000,088,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
PRC - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/27 16:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/12/16 22:05:12 | 005,730,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2008/08/16 17:44:56 | 000,308,536 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/08/16 17:44:50 | 001,127,736 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe
PRC - [2008/08/16 17:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2007/02/21 18:14:24 | 001,183,744 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/13 10:47:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\chill.AMD\Desktop\OTL.exe
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/05 21:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 19:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 18:24:02 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/05/06 19:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 19:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/08 16:25:36 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6C9C.tmp -- (MEMSWEEP2)
DRV - [2010/09/09 20:41:52 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/19 03:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100912.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/19 03:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100912.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/05/31 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2010/04/05 10:44:20 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/03/25 06:08:44 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/03/25 06:08:44 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/03/25 06:08:44 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/03/08 14:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 14:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 14:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/02/08 09:27:23 | 002,661,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/12/18 17:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/24 10:00:20 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/24 10:00:20 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/29 16:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/01 12:46:14 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/07/01 12:46:12 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/07/01 12:46:04 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/05/22 04:52:38 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/24 13:32:30 | 000,041,264 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdTools.sys -- (AmdTools)
DRV - [2009/04/22 14:32:20 | 000,042,552 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2009/04/20 15:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/04/09 21:06:10 | 000,520,704 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/04/07 15:32:50 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/02/03 13:23:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/09/24 05:29:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2008/04/24 17:26:28 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-249263827-1212357926-315576832-24042\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-249263827-1212357926-315576832-24042\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-249263827-1212357926-315576832-24042\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy/proxy.pac



O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-249263827-1212357926-315576832-24042..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-249263827-1212357926-315576832-24042..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\chill.AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: amd.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([amdonline] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([cpg] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([cpgportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([cpgproject] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([gcsfm] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([gisportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([hcldms] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([mss] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([mssportal] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([myamd] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([myemail] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([MyHR] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([myprojects] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([myprojectteams] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([myteams] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([mywork] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([project] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([sapcitrix] http in Trusted sites)
O15 - HKLM\..Trusted Domains: amd.com ([wrms] https in Local intranet)
O15 - HKLM\..Trusted Domains: amd.com ([wrms] https in Trusted sites)
O15 - HKLM\..Trusted Domains: amdcentral ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: amdonline ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: asiaespec ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cdw ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15 - HKLM\..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpg ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpgportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: cpgproject ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: gisportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hcldms ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.ca ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.ca ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15 - HKLM\..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15 - HKLM\..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15 - HKLM\..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mss ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mssportal ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myamd ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myamd-qa ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: MyHR ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myie6 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myithelp ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myprojects ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myqs ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteams ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: mywork ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: pngqssts ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15 - HKLM\..Trusted Domains: project ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15 - HKLM\..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15 - HKLM\..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: storesonline ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15 - HKLM\..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: vwr.com ([de] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([amdcentral] http in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([amdonline] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([amdvault] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([ausev1] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([ausev2] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([ausev3] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([ausev4] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([cpg] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([cpgportal] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([cpgproject] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([gcsfm] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([gisportal] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([hcldms] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([mss] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([mssportal] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([myamd] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([myemail] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([MyHR] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([myprojects] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([myprojectteams] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([myteams] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([mywork] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([project] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([sapcitrix] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([sausev1] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([sausev2] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([sausev3] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([sausev4] * in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([wrms] https in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amd.com ([wrms] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amdcentral ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amdonline ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: amdvault ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: asiaespec ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ausev1 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ausev2 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ausev3 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ausev4 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: cdw ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: cpg ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: cpgportal ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: cpgproject ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: dell.com ([valuechain] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: dell.com ([vccluster2] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: gisportal ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: hcldms ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.ca ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.ca ([]https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mss ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mssportal ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myamd ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myamd-qa ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mygreatlakes.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: MyHR ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myie6 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myithelp ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myprojects ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myqs ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myteams ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: mywork ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: news8austin.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: pngqssts ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: project ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: rockbox.org ([build] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: rockbox.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: sausev1 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: sausev2 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: sausev3 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: sausev4 ([]* in Local intranet)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: somafm.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: storesonline ([]http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: vwr.com ([de] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: weather.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-249263827-1212357926-315576832-24042\..Trusted Domains: worldaccess ([]http in Trusted sites)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://ausb3rmwp01/arsys/apps/shared (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://aus-vpn.amd.com/CACHE/stc/5/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C4866628-AD07-4309-B3AB-DB6A8627FEAD} http://myvoicemail/ciscopca/controls/MediaMasENU.cab (AvMediaMasterCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 163.181.12.1 163.181.12.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amd.com
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19fb092f-facf-11de-841c-001a4b6ff06c}\Shell - "" = AutoRun
O33 - MountPoints2\{19fb092f-facf-11de-841c-001a4b6ff06c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{72b8510c-0e00-11df-a2cd-001a6bf0ae88}\Shell - "" = AutoRun
O33 - MountPoints2\{72b8510c-0e00-11df-a2cd-001a6bf0ae88}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{72b8510c-0e00-11df-a2cd-001a6bf0ae88}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{72b8510c-0e00-11df-a2cd-001a6bf0ae88}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{a3ff5d67-ebe3-11de-9b6c-001a6bf0ae88}\Shell - "" = AutoRun
O33 - MountPoints2\{a3ff5d67-ebe3-11de-9b6c-001a6bf0ae88}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 10:47:48 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\chill.AMD\Desktop\OTL.exe
[2010/09/09 20:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/05 13:48:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/09/03 23:28:58 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\Malwarebytes
[2010/09/03 23:28:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/03 23:28:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/03 23:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/03 23:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/03 21:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/09/01 09:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/09/01 08:11:13 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\Outlook Files
[2010/08/30 08:20:34 | 000,000,000 | ---D | C] -- C:\Windows\wlansvc
[2010/08/28 14:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/28 14:33:26 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\chill.AMD\Desktop\procexp.exe
[2010/08/28 13:14:14 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\Apple Computer
[2010/08/28 13:14:14 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Local\Apple Computer
[2010/08/28 13:14:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/28 13:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/28 13:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/28 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/28 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Local\Apple
[2010/08/28 13:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/28 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/25 08:50:40 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\HD Tune Pro
[2010/08/25 08:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010/08/19 14:09:11 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\.AMD Power Monitor Settings
[2010/08/06 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/06 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/06 11:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/08/06 11:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/06 10:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/08/06 10:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/08/06 10:56:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/05 21:07:44 | 000,107,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2010/08/05 21:06:20 | 000,087,408 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2010/07/31 21:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/07/29 11:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/07/29 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/29 08:17:17 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2010/07/29 08:17:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\CCM
[2010/07/29 08:13:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ccmsetup
[2010/07/26 16:44:36 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/07/23 09:25:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/22 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}
[2010/07/13 22:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/07/13 22:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/01 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\mIRC
[2010/07/01 22:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/07/01 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Local\Broadcom
[2010/07/01 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\Bluetooth Exchange Folder
[2010/07/01 19:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/06/30 20:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/30 15:32:53 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\4Team
[2010/06/30 11:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/29 21:53:31 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\NPS
[2010/06/29 21:53:10 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\My Art
[2010/06/29 20:49:35 | 000,123,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdm.sys
[2010/06/29 20:49:35 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bus.sys
[2010/06/29 20:49:35 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdfl.sys
[2010/06/29 20:49:35 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cmnt.sys
[2010/06/29 20:49:35 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cm.sys
[2010/06/29 20:49:35 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_whnt.sys
[2010/06/29 20:49:35 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_wh.sys
[2010/06/29 20:48:03 | 000,222,568 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/06/29 20:47:46 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\My NPS Files
[2010/06/29 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Roaming\Samsung
[2010/06/29 20:47:35 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\Documents\Samsung
[2010/06/29 20:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/06/29 20:44:06 | 000,000,000 | ---D | C] -- C:\Users\chill.AMD\AppData\Local\Downloaded Installations
[2010/06/29 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010/06/29 20:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

========== Files - Modified Within 90 Days ==========

[2010/09/13 12:43:53 | 008,912,896 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat
[2010/09/13 12:39:28 | 000,018,142 | ---- | M] () -- C:\Users\chill.AMD\Desktop\chill current roles.docx
[2010/09/13 11:41:11 | 000,781,712 | ---- | M] () -- C:\Users\chill.AMD\Desktop\Dell_RMA_Dashboard_r365.xlsx
[2010/09/13 11:39:04 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 11:39:04 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 10:47:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\chill.AMD\Desktop\OTL.exe
[2010/09/13 10:47:38 | 000,133,632 | ---- | M] () -- C:\Users\chill.AMD\Desktop\RKUnhookerLE.EXE
[2010/09/13 08:18:51 | 000,000,000 | ---- | M] () -- C:\t184.1
[2010/09/13 08:18:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 08:18:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 08:17:59 | 2314,706,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 16:09:32 | 002,583,594 | -H-- | M] () -- C:\Users\chill.AMD\AppData\Local\IconCache.db
[2010/09/10 11:10:30 | 000,029,191 | ---- | M] () -- C:\Users\chill.AMD\Desktop\RE_AMD_Programming_codes_for_Symbol_barcode_scanner.dvs
[2010/09/09 21:08:01 | 000,001,262 | ---- | M] () -- C:\Users\chill.AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/09/09 20:41:52 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/09 20:41:52 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/09 20:41:52 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/09 15:19:08 | 000,011,149 | ---- | M] () -- C:\Users\chill.AMD\Documents\ASN_73580_765502 Genco Grfx 9-9-10.xlsx
[2010/09/09 14:19:47 | 000,014,343 | ---- | M] () -- C:\Users\chill.AMD\Desktop\Home note.docx
[2010/09/08 16:20:57 | 000,000,299 | ---- | M] () -- C:\Users\chill.AMD\Clint EQ.eqf
[2010/09/08 11:20:41 | 000,020,084 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/07 11:18:58 | 000,017,796 | ---- | M] () -- C:\Users\chill.AMD\Documents\CTS Houston ASN_75224_458079908153.xlsx
[2010/09/07 11:02:28 | 000,065,482 | ---- | M] () -- C:\Users\chill.AMD\Desktop\RMA 60175714 page1.pdf
[2010/09/07 11:01:58 | 000,028,914 | ---- | M] () -- C:\Users\chill.AMD\Desktop\RMA 60175714 page2.pdf
[2010/09/07 09:27:18 | 007,257,856 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/09/07 09:27:18 | 007,180,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/07 09:27:18 | 006,944,296 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/09/07 09:27:18 | 006,928,094 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/09/07 09:27:18 | 002,419,890 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/09/07 09:27:18 | 002,389,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/07 09:27:18 | 002,387,980 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/09/07 09:27:18 | 002,383,066 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/09/07 09:27:18 | 000,005,684 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/03 10:24:17 | 000,013,453 | ---- | M] () -- C:\Users\chill.AMD\Documents\Copy of G34 Cray units-a.xlsx
[2010/09/03 09:03:11 | 000,025,206 | RHS- | M] () -- C:\Users\chill.AMD\ntuser.pol
[2010/09/01 09:39:04 | 000,109,216 | ---- | M] () -- C:\Users\chill.AMD\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/01 09:38:33 | 000,415,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/01 09:28:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/08/31 13:19:57 | 000,931,562 | ---- | M] () -- C:\Users\chill.AMD\Desktop\CPU Fusion Execution Roadmap 2Q10 v.7.5.pdf
[2010/08/27 21:59:35 | 000,013,484 | ---- | M] () -- C:\Users\chill.AMD\Documents\envelope.docx
[2010/08/27 13:52:42 | 000,007,604 | ---- | M] () -- C:\Users\chill.AMD\AppData\Local\resmon.resmoncfg
[2010/08/26 15:22:15 | 000,014,237 | ---- | M] () -- C:\Users\chill.AMD\Desktop\scrap&trash label.docx
[2010/08/26 15:20:45 | 000,061,867 | ---- | M] () -- C:\Users\chill.AMD\Desktop\OPN decoder query screenshots.docx
[2010/08/20 11:34:52 | 000,015,939 | ---- | M] () -- C:\Users\chill.AMD\Desktop\Changes_to_vacation_policy.dvs
[2010/08/18 15:58:39 | 000,011,116 | ---- | M] () -- C:\Users\chill.AMD\Documents\8-18-2010 Dell RMA closures.xlsx
[2010/08/18 13:25:59 | 000,013,615 | ---- | M] () -- C:\Users\chill.AMD\Documents\PCE Tech RMAs.xlsx
[2010/08/17 21:38:34 | 000,001,892 | ---- | M] () -- C:\Users\chill.AMD\Desktop\SomaFM.m3u
[2010/08/06 11:45:43 | 000,001,101 | ---- | M] () -- C:\Users\chill.AMD\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/08/06 11:24:50 | 000,000,901 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/08/06 11:13:51 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/08/06 10:58:20 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/08/06 10:05:00 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/08/06 08:44:37 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/08/05 21:07:44 | 000,107,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2010/08/05 21:06:20 | 000,087,408 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2010/07/29 08:18:23 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2010/07/29 08:18:23 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2010/07/27 20:30:10 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 20:30:10 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 20:30:10 | 000,065,536 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TM.blf
[2010/07/26 22:46:21 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TMContainer00000000000000000002.regtrans-ms
[2010/07/26 22:46:21 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 22:46:21 | 000,065,536 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TM.blf
[2010/07/26 19:44:39 | 000,000,000 | ---- | M] () -- C:\t1d0.1
[2010/07/23 12:09:16 | 000,001,277 | ---- | M] () -- C:\Users\chill.AMD\AppData\Roaming\Roaming - Shortcut.lnk
[2010/07/23 08:18:01 | 000,000,120 | ---- | M] () -- C:\Users\chill.AMD\AppData\Local\Umewexetedabe.dat
[2010/07/23 08:17:55 | 000,000,000 | ---- | M] () -- C:\Users\chill.AMD\AppData\Local\Sfumofeginu.bin
[2010/07/22 22:17:01 | 000,000,024 | ---- | M] () -- C:\Users\chill.AMD\AppData\Roaming\omubwk.dat
[2010/07/15 13:23:55 | 000,000,008 | ---- | M] () -- C:\Users\chill.AMD\Documents\config.dat
[2010/07/14 10:53:20 | 000,018,760 | ---- | M] () -- C:\Users\chill.AMD\Documents\ASN_73580_755102.xlsx
[2010/07/13 23:53:06 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TMContainer00000000000000000002.regtrans-ms
[2010/07/13 23:53:06 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 23:53:06 | 000,065,536 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TM.blf
[2010/07/13 14:20:10 | 001,477,120 | ---- | M] () -- C:\Users\chill.AMD\Documents\Copy of AMD- 07-13-2010_AMD comments.xls
[2010/07/07 08:59:29 | 000,014,209 | ---- | M] () -- C:\Users\chill.AMD\Documents\RMAPrealertForShipment31131558.xlsx
[2010/07/01 19:44:30 | 000,000,892 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/06/30 16:20:16 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 16:20:16 | 000,524,288 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 16:20:16 | 000,065,536 | -HS- | M] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TM.blf
[2010/06/30 11:31:57 | 000,012,985 | ---- | M] () -- C:\Users\chill.AMD\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/06/29 20:50:53 | 000,002,112 | ---- | M] () -- C:\Users\chill.AMD\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/06/24 13:27:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/22 20:42:56 | 009,622,016 | ---- | M] () -- C:\Users\chill.AMD\Desktop\RockboxUtility.exe
[2010/06/22 13:48:39 | 000,054,035 | ---- | M] () -- C:\Users\chill.AMD\Documents\ASN_73580_750471.xlsx

========== Files Created - No Company Name ==========

[2010/09/13 12:39:27 | 000,018,142 | ---- | C] () -- C:\Users\chill.AMD\Desktop\chill current roles.docx
[2010/09/13 10:47:37 | 000,133,632 | ---- | C] () -- C:\Users\chill.AMD\Desktop\RKUnhookerLE.EXE
[2010/09/13 10:44:19 | 000,781,712 | ---- | C] () -- C:\Users\chill.AMD\Desktop\Dell_RMA_Dashboard_r365.xlsx
[2010/09/13 08:18:51 | 000,000,000 | ---- | C] () -- C:\t184.1
[2010/09/10 11:10:34 | 000,029,191 | ---- | C] () -- C:\Users\chill.AMD\Desktop\RE_AMD_Programming_codes_for_Symbol_barcode_scanner.dvs
[2010/09/09 15:17:51 | 000,011,149 | ---- | C] () -- C:\Users\chill.AMD\Documents\ASN_73580_765502 Genco Grfx 9-9-10.xlsx
[2010/09/09 14:18:37 | 000,014,343 | ---- | C] () -- C:\Users\chill.AMD\Desktop\Home note.docx
[2010/09/08 16:20:57 | 000,000,299 | ---- | C] () -- C:\Users\chill.AMD\Clint EQ.eqf
[2010/09/07 11:18:57 | 000,017,796 | ---- | C] () -- C:\Users\chill.AMD\Documents\CTS Houston ASN_75224_458079908153.xlsx
[2010/09/07 11:01:58 | 000,028,914 | ---- | C] () -- C:\Users\chill.AMD\Desktop\RMA 60175714 page2.pdf
[2010/09/07 11:01:30 | 000,065,482 | ---- | C] () -- C:\Users\chill.AMD\Desktop\RMA 60175714 page1.pdf
[2010/09/03 10:24:16 | 000,013,453 | ---- | C] () -- C:\Users\chill.AMD\Documents\Copy of G34 Cray units-a.xlsx
[2010/09/01 09:28:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/08/31 13:19:57 | 000,931,562 | ---- | C] () -- C:\Users\chill.AMD\Desktop\CPU Fusion Execution Roadmap 2Q10 v.7.5.pdf
[2010/08/28 12:56:28 | 000,001,262 | ---- | C] () -- C:\Users\chill.AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/08/28 12:56:28 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/08/27 21:58:51 | 000,013,484 | ---- | C] () -- C:\Users\chill.AMD\Documents\envelope.docx
[2010/08/26 14:13:53 | 000,061,867 | ---- | C] () -- C:\Users\chill.AMD\Desktop\OPN decoder query screenshots.docx
[2010/08/25 15:44:13 | 000,014,237 | ---- | C] () -- C:\Users\chill.AMD\Desktop\scrap&trash label.docx
[2010/08/20 11:35:01 | 000,015,939 | ---- | C] () -- C:\Users\chill.AMD\Desktop\Changes_to_vacation_policy.dvs
[2010/08/18 15:58:21 | 000,011,116 | ---- | C] () -- C:\Users\chill.AMD\Documents\8-18-2010 Dell RMA closures.xlsx
[2010/08/18 13:25:01 | 000,013,615 | ---- | C] () -- C:\Users\chill.AMD\Documents\PCE Tech RMAs.xlsx
[2010/08/17 20:13:57 | 000,001,892 | ---- | C] () -- C:\Users\chill.AMD\Desktop\SomaFM.m3u
[2010/08/10 09:00:29 | 000,000,000 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\FnF4.txt
[2010/08/06 13:36:56 | 000,006,074 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\OfflineVaultPH.log
[2010/08/06 11:45:43 | 000,001,101 | ---- | C] () -- C:\Users\chill.AMD\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/07/29 08:18:23 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/07/29 08:18:23 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2010/07/29 08:17:17 | 000,000,474 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/07/27 20:30:10 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 20:30:10 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 20:30:10 | 000,065,536 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{fc712921-99c8-11df-93ad-001a6bf0ae88}.TM.blf
[2010/07/26 22:42:00 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TMContainer00000000000000000002.regtrans-ms
[2010/07/26 22:42:00 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 22:42:00 | 000,065,536 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{68045565-992f-11df-acf4-c030ea620187}.TM.blf
[2010/07/26 19:44:39 | 000,000,000 | ---- | C] () -- C:\t1d0.1
[2010/07/23 12:09:16 | 000,001,277 | ---- | C] () -- C:\Users\chill.AMD\AppData\Roaming\Roaming - Shortcut.lnk
[2010/07/22 22:19:04 | 000,000,000 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\Sfumofeginu.bin
[2010/07/22 22:19:02 | 000,000,120 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\Umewexetedabe.dat
[2010/07/22 22:17:00 | 000,000,024 | ---- | C] () -- C:\Users\chill.AMD\AppData\Roaming\omubwk.dat
[2010/07/19 09:16:32 | 009,622,016 | ---- | C] () -- C:\Users\chill.AMD\Desktop\RockboxUtility.exe
[2010/07/14 10:53:18 | 000,018,760 | ---- | C] () -- C:\Users\chill.AMD\Documents\ASN_73580_755102.xlsx
[2010/07/13 23:11:01 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TMContainer00000000000000000002.regtrans-ms
[2010/07/13 23:11:01 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 23:11:01 | 000,065,536 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{e3abc22f-8ef6-11df-8f06-001a6bf0ae88}.TM.blf
[2010/07/13 14:17:01 | 001,477,120 | ---- | C] () -- C:\Users\chill.AMD\Documents\Copy of AMD- 07-13-2010_AMD comments.xls
[2010/07/07 08:59:28 | 000,014,209 | ---- | C] () -- C:\Users\chill.AMD\Documents\RMAPrealertForShipment31131558.xlsx
[2010/06/30 16:20:16 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/30 16:20:16 | 000,524,288 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 16:20:16 | 000,065,536 | -HS- | C] () -- C:\Users\chill.AMD\ntuser.dat{94f6eddd-8474-11df-92d5-001a4b6ff06c}.TM.blf
[2010/06/30 11:31:39 | 000,012,985 | ---- | C] () -- C:\Users\chill.AMD\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/06/29 20:50:53 | 000,002,112 | ---- | C] () -- C:\Users\chill.AMD\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/06/29 20:48:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/06/29 20:48:03 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/06/24 13:27:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/22 13:46:03 | 000,054,035 | ---- | C] () -- C:\Users\chill.AMD\Documents\ASN_73580_750471.xlsx
[2010/06/07 10:47:28 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/06/04 13:56:02 | 000,000,284 | ---- | C] () -- C:\Windows\hondaesm.ini
[2010/05/12 11:14:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/08 09:27:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/12/01 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\QSwitch.txt
[2009/12/01 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\DSwitch.txt
[2009/12/01 14:09:55 | 000,000,000 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\AtStart.txt
[2009/10/27 08:50:12 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/14 21:37:24 | 000,007,604 | ---- | C] () -- C:\Users\chill.AMD\AppData\Local\resmon.resmoncfg
[2009/10/06 09:12:07 | 000,000,171 | ---- | C] () -- C:\Users\chill.AMD\AppData\Roaming\wfcwin32.log
[2009/10/05 11:53:12 | 000,048,586 | ---- | C] () -- C:\ProgramData\xpif-v02030a.dtd
[2009/10/04 23:26:15 | 000,020,084 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/05/21 23:53:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/09 21:05:54 | 016,614,648 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

========== LOP Check ==========

[2009/10/04 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\chill\AppData\Roaming\AMD
[2009/10/04 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\chill\AppData\Roaming\Cisco
[2010/01/21 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\chill\AppData\Roaming\FreeFLVConverter
[2009/10/05 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\chill\AppData\Roaming\ICAClient
[2010/08/02 22:20:30 | 000,000,000 | ---D | M] -- C:\Users\chill\AppData\Roaming\uTorrent
[2010/06/30 15:32:55 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\4Team
[2010/03/02 17:06:23 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\Acronis
[2010/07/23 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\Cisco
[2010/08/25 08:50:40 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\HD Tune Pro
[2010/07/27 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\ICAClient
[2010/05/12 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\MP3SkypeRecorder
[2010/07/13 22:42:39 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\Mp3tag
[2010/03/29 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\MuldeR
[2010/09/08 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\PrimoPDF
[2010/06/07 11:45:18 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\rockbox.org
[2010/06/29 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\Samsung
[2009/10/06 12:27:39 | 000,000,000 | ---D | M] -- C:\Users\chill.AMD\AppData\Roaming\Xerox
[2010/08/27 08:03:55 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras Log:
--------------------
OTL Extras logfile created on: 9/13/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\chill.AMD\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 102.77 Gb Free Space | 68.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 975.82 Mb Total Space | 932.91 Mb Free Space | 95.60% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUSL110983
Current User Name: chill
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"4445:TCP:*:enabled:EnstartPortException" = 4445:TCP:*:enabled:EnstartPortException

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"3c1e2616-5dc7-4d45-99c4-0f61c8496868" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Winnt\enstart.exe|Name=Enstart Inbound Rule Allow App|Desc=Enstart is a program used by AMD security|
"{9190A726-D6A1-4001-8AE4-18A172516375}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=4445|Name=Enstart Inbound Rule Allow Port|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{06CA7DEB-32CE-0A7A-5D61-DDC89AAE440C}" = CCC Help Italian
"{0B94C9D3-0653-8CC8-041B-D51960BEDC14}" = CCC Help French
"{1456909B-1F22-AA6A-CA1E-42AE54B38C01}" = CCC Help Russian
"{1A1AA798-8093-4673-9C03-17442A95C136}" = CARE 9.0.0
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}" = HP ESU for Microsoft Windows 7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 21
"{28853F2A-C528-5C70-863E-EF7B003CF1B0}" = CCC Help Czech
"{2C2A3441-DD17-964F-A040-E3C71FFFA1D1}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF76FA9-A60C-59A2-66D4-5FA65604D79E}" = CCC Help Norwegian
"{4261B2F4-DEDB-4D75-CED7-0A4D4A0B5FB3}" = Catalyst Control Center InstallProxy
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FB8B01-4FC0-4BD0-B636-8F9148DD7D7F}" = CCC Help German
"{49969CB0-E41B-E108-F149-EC79F52D1593}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9C7ECB-323F-68E0-1258-AF993897EC53}" = Catalyst Control Center Graphics Full Existing
"{54dcbccb-c905-46dc-b6e6-48563d0e9e55}" = LameXP
"{584FEC63-52EB-9A71-11A0-A59691B6C92B}" = Catalyst Control Center Localization All
"{6586A58D-E818-65C1-6251-D8206CD3B019}" = Catalyst Control Center Graphics Light
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46BF31-4FBE-4A04-89AA-8C90D70B97A4}" = CCC Help Dutch
"{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2143F6-87A6-7B2E-9B95-C2967DC003EF}" = CCC Help Japanese
"{8ECFDF05-AFAC-3F7A-33B1-7FE41ED8FBC1}" = CCC Help Polish
"{8F2895E3-55EA-DF79-FA18-4ADF91B0C85D}" = ccc-core-static
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A9461747-B8C2-446E-B335-B39385284226}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{F461CAA7-70D7-49BB-A681-8A187001290A}" =
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90E0180A-A7BB-BCB5-5B09-0CC22BADC71C}" = CCC Help Turkish
"{915FB759-FCFD-8B6C-0694-9C3FF1850DE3}" = ccc-utility
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{9474B65C-60C8-F304-14F7-51F4FA2D5AC6}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95BF40DC-DF23-1B60-EBE3-FFFD30547E3E}" = Catalyst Control Center Graphics Full New
"{95CB1780-3690-7633-793B-B255102F303A}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EFD6808-5CEB-6D63-6A83-19686DCF3DC6}" = CCC Help Swedish
"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{A990D795-F751-39DA-DDD4-07ED04CEC7CE}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{B1D91C0E-303B-B1DE-CD43-1E1BED500B0F}" = CCC Help Portuguese
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B574EC78-9A1A-4FFA-B64D-7AE2A8A61E7C}" = AMD Power Monitor
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7155589-A12F-405A-9A8E-AFE0830F4E50}" = AMD FACT
"{BCE52F08-2716-6F73-192D-1D6708C3A904}" = CCC Help Thai
"{C0CCC753-FD2C-3050-2BB4-BFDB23D67851}" = CCC Help Chinese Standard
"{C37EADA2-5EF1-4D79-94A0-A47B53E37261}" = CCC Help Korean
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3202159-2D02-8631-9588-05DAEE456AE6}" = CCC Help Danish
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EBA7EF44-A596-23D9-B1D4-178030A3C833}" = CCC Help Greek
"{EE54087E-1C90-5A20-E66F-907B5B3B5225}" = CCC Help Spanish
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F9E2FB00-511C-C047-73E4-BE19367AC27E}" = CCC Help Finnish
"{FA272494-8DEA-43CF-9BFF-652553C04265}" = Symantec Endpoint Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"HD Tune Pro_is1" = HD Tune Pro 4.50
"InstallShield_{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mp3tag" = Mp3tag v2.45a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-249263827-1212357926-315576832-24042\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b7551993a6b01c64" = CSE Database Scrubber
"Datamart Graph Studio 2.x(pdetomcat)" = Datamart Graph Studio 2.x(pdetomcat)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2010 9:24:30 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 9:24:30 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 9:24:30 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 8/5/2010 4:08:17 PM | Computer Name = AUSL110983.amd.com | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/5/2010 5:26:52 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 5:26:52 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 5:26:53 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 5:26:53 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/5/2010 5:26:53 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 8/6/2010 11:02:27 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Microsoft Office Communicator 2007' could
not be shut down.

[ Cisco AnyConnect VPN Client Events ]
Error - 9/9/2010 4:09:07 PM | Computer Name = AUSL110983.amd.com | Source = vpnui | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: .\PreferenceMgr.cpp Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 9/9/2010 4:09:19 PM | Computer Name = AUSL110983.amd.com | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 9/9/2010 4:09:19 PM | Computer Name = AUSL110983.amd.com | Source = vpndownloader | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: ..\Api\PreferenceMgr.cpp
Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 9/9/2010 4:09:20 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: .\PreferenceMgr.cpp Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 9/9/2010 4:09:32 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67108866
Description = Function: CAutoProxy::DownloadFileThreadFunc File: .\AutoProxy.cpp Line:
385 Invoked Function: InternetOpenUrl Return Code: 12007 (0x00002EE7) Description:
The server name or address could not be resolved

Error - 9/9/2010 4:10:28 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
1295 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 9/9/2010 4:10:28 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 0.0.0.0 Netmask:
0.0.0.0 Gateway: 10.224.8.1 Interface: 10.224.14.209 Metric: 1

Error - 9/9/2010 4:10:28 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
226 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 9/9/2010 4:10:28 PM | Computer Name = AUSL110983.amd.com | Source = vpnui | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: .\PreferenceMgr.cpp Line:
877 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
LocalLanAccess

Error - 9/9/2010 5:47:26 PM | Computer Name = AUSL110983.amd.com | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ Media Center Events ]
Error - 1/15/2010 10:54:40 AM | Computer Name = AUSL110983.amd.com | Source = MCUpdate | ID = 0
Description = 8:54:38 AM - Error connecting to the internet. 8:54:38 AM - Unable
to contact server..

[ System Events ]
Error - 9/9/2010 4:05:23 PM | Computer Name = AUSL110983.amd.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain AMD due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/9/2010 4:05:26 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. cool.gif Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 9/9/2010 4:06:10 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/9/2010 5:51:48 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/9/2010 6:00:46 PM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/9/2010 8:05:40 PM | Computer Name = AUSL110983.amd.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain AMD due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/10/2010 9:09:06 AM | Computer Name = AUSL110983.amd.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain AMD due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/10/2010 9:09:07 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/10/2010 9:12:31 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/13/2010 9:28:38 AM | Computer Name = AUSL110983.amd.com | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.


< End of report >

RKU Unhooker Log:
-------------------
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x99201000 C:\Windows\system32\DRIVERS\atikmdag.sys 4788224 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E3F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E3F000 PnpManager 4259840 bytes
0x82E3F000 RAW 4259840 bytes
0x82E3F000 WMIxWDM 4259840 bytes
0xA1460000 Win32k 2400256 bytes
0xA1460000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8FC50000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100912.005\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8B438000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B015000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x98C00000 C:\Windows\system32\DRIVERS\AGRSM.sys 1073152 bytes (LSI Corp, SoftModem Device Driver)
0x99692000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B212000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8AC8B000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x822F4000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82219000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8AD36000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9573C000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x98034000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8B182000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9562E000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x823FB000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8288E000 C:\Windows\system32\drivers\ADIHdAud.sys 327680 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x823AC000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xA1710000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8FC05000 C:\Windows\System32\Drivers\SRTSP.SYS 307200 bytes (Symantec Corporation, Symantec AutoProtect)
0x824BA000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AE97000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8ADB5000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x829B4000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8282D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8AC49000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x957A6000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B5BB000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B2C9000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x99782000 C:\Windows\system32\DRIVERS\b57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0x8229E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x99749000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E08000 ACPI_HAL 225280 bytes
0x82E08000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8AF70000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x981A9000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8258F000 C:\Windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8B34D000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x95688000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B581000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x828DE000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AEF7000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8B408000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x95601000 C:\Windows\System32\Drivers\SYMTDI.SYS 184320 bytes (Symantec Corporation, Network Dispatch Driver)
0x825D1000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8B144000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x82926000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8AE2E000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B390000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B307000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8FD9C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8AF44000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8297B000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x98137000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB02AF000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8238B000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x980E1000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AFD4000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8244C000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8AFB5000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x82514000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x956C1000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0xA16F0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x98092000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x98D60000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x822D9000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x956FF000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x98D7B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82950000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8290D000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x980BB000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82561000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8253D000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x98114000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x98159000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x98171000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x98188000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8AE00000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x98D20000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8AF25000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xB02D0000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100912.005\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x997BE000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B16F000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82800000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x95719000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x997E7000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x98102000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x82969000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B37F000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x98DAA000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8AFA4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8287D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8AE63000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8AC30000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x956E0000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x981ED000 C:\Windows\system32\DRIVERS\AmdLLD.sys 65536 bytes (Advanced Micro Devices, AMD Low Level Device Driver)
0x981DD000 C:\Windows\system32\DRIVERS\AmdTools.sys 65536 bytes (Advanced Micro Devices, AMD Special Tools Driver)
0x98DBB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B32C000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x98DCB000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9572C000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8AE87000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x82505000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x980D3000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x956F1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B000000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8AEE9000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B1DF000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x98000000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8ADA7000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x997DA000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x98D13000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x82582000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x98D06000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x825C4000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x8299E000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FDF2000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x980AF000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x82871000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82555000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
0x8FDE6000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x82200000 C:\Windows\system32\DRIVERS\Accelerometer.sys 45056 bytes (Hewlett-Packard Company, HP Accelerometer)
0x8AE7C000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x98D96000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x98DEC000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AC25000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x98D55000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x98D37000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8B200000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9812C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8AE17000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AE58000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x98D4B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x957F1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x957E7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9819F000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x98DE2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x82533000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8FDD5000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x824B0000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8AF67000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xB02A6000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8AF3B000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x98DA1000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x829AB000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x8B1ED000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8B344000 C:\Windows\system32\DRIVERS\hpdskflt.sys 36864 bytes (Hewlett-Packard Company, HP Disk Filter - SATA/RAID)
0x82579000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 36864 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xB034E000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x98D42000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0xA16C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B5B2000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x997D1000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8AC00000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AC41000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8AE74000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B33C000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8AC09000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B3E7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B3EF000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8B3F7000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B400000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8220E000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FDDF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x98DDB000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8AEE2000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x956BA000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x98DF7000 C:\Windows\System32\Drivers\SYMREDRV.SYS 20480 bytes (Symantec Corporation, Redirector Filter Driver)
0x82215000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8220B000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x825FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x825C2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x072D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 102400 bytes
0x08020000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 1150976 bytes
0x00300000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 118784 bytes
0x03B60000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 118784 bytes
0x77ED0000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 1196032 bytes
0x07430000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 135168 bytes
0x5DD20000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 143360 bytes
0x073C0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 151552 bytes
0x081F0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 159744 bytes
0x799E0000 Hidden Image-->System.ServiceModel.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 1605632 bytes
0x07B90000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 1740800 bytes
0x07830000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 217088 bytes
0x07870000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 233472 bytes
0x50110000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 2375680 bytes
0x00560000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 28672 bytes
0x007B0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 28672 bytes
0x01340000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x01370000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x03E90000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x04350000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x046C0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x046B0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x046D0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x04D80000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x04D90000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x052C0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x05330000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x054B0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06140000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06110000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06180000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06150000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06310000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06360000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x068E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x068A0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06910000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06B70000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x072C0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06C00000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06C40000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06C20000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06C10000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x06C60000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x07090000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x070B0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x07310000 Hidden Image-->atixclib.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x07330000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x07340000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x07380000 Hidden Image-->Branding.dll [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x073B0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 28672 bytes
0x05440000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 299008 bytes
0x07530000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 315392 bytes
0x01260000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 36864 bytes
0x01250000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 36864 bytes
0x01310000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x03CA0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x03CE0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x040D0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x04300000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x05240000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x06340000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x06A40000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x06FB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x06F70000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x070D0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x071A0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x07120000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 36864 bytes
0x074D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 372736 bytes
0x07D40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 372736 bytes
0x56100000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 380928 bytes
0x07130000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 413696 bytes
0x07970000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 413696 bytes
0x07580000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 413696 bytes
0x07460000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 446464 bytes
0x7B0E0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 4476928 bytes
0x00500000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 45056 bytes
0x00520000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 45056 bytes
0x01330000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x013F0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x03EA0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x06350000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x068D0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x06A60000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x06FA0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 45056 bytes
0x077B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 503808 bytes
0x797D0000 Hidden Image-->System.ServiceModel.dll [ EPROCESS 0x85A41030 ] PID: 1072, 528384 bytes
0x03CD0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x03CF0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x03FC0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x042E0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x04D70000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x06320000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x06900000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x06C30000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x06F80000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x070C0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x072B0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0x07300000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 53248 bytes
0xB030EF2E Unknown thread object [ ETHREAD 0x86C97D48 ] , 600 bytes
0xB0266F2E Unknown thread object [ ETHREAD 0x856F4D48 ] , 600 bytes
0x08570000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 602112 bytes
0x06F90000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 61440 bytes
0x07000000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 61440 bytes
0x07040000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 61440 bytes
0x070A0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 61440 bytes
0x07100000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 61440 bytes
0x78FD0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 6197248 bytes
0x515B0000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 659456 bytes
0x52FD0000 Hidden Image-->System.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 671744 bytes
0x08140000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 684032 bytes
0x00530000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8678A030 ] PID: 1412, 69632 bytes
0x01380000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 69632 bytes
0x03C80000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 69632 bytes
0x05490000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 69632 bytes
0x06BC0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 69632 bytes
0x07020000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 69632 bytes
0x07E50000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 700416 bytes
0x078B0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 724992 bytes
0x062F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 77824 bytes
0x068B0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 77824 bytes
0x06FE0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 77824 bytes
0x087F0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 806912 bytes
0x08990000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 823296 bytes
0x50040000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x85A41030 ] PID: 1072, 847872 bytes
0x01350000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 86016 bytes
0x06880000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 86016 bytes
0x07390000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 86016 bytes
0x03CB0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 94208 bytes
0x06120000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 94208 bytes
0x07070000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x85593D40 ] PID: 2108, 94208 bytes


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 13 September 2010 - 01:10 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 13 September 2010 - 02:23 PM

Hi Elise...
I wasn't sure if I was supposed to attached the Combofix log or paste it....pasted it below...let me know if you need it attached.

Thanks,
Clint

--------------------------------

ComboFix 10-09-12.04 - chill 09/13/2010 13:55:55.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2943.1573 [GMT -5:00]
Running from: c:\users\chill.AMD\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}
c:\users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}\chrome.manifest
c:\users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}\chrome\content\_cfg.js
c:\users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}\chrome\content\overlay.xul
c:\users\chill.AMD\AppData\Local\{60CC4F25-59F9-4138-90B1-86D438157299}\install.rdf
c:\users\chill\AppData\Local\{CD78D45C-C1B5-45C3-80AD-0D7F80DEFFDF}
c:\users\chill\AppData\Local\{CD78D45C-C1B5-45C3-80AD-0D7F80DEFFDF}\chrome\content\overlay.xul
c:\users\chill\AppData\Local\{CD78D45C-C1B5-45C3-80AD-0D7F80DEFFDF}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-13 19:04 . 2010-09-13 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-13 19:04 . 2010-09-13 19:04 -------- d-----w- c:\users\chill\AppData\Local\temp
2010-09-07 13:09 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-09-05 18:48 . 2010-09-05 18:48 -------- d-----w- c:\windows\system32\Adobe
2010-09-04 04:28 . 2010-09-04 04:28 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\Malwarebytes
2010-09-04 04:28 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 04:28 . 2010-09-04 04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-04 04:28 . 2010-09-04 04:28 -------- d-----w- c:\programdata\Malwarebytes
2010-09-04 04:28 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 02:24 . 2010-09-08 19:49 -------- d-----w- c:\program files\Sophos
2010-09-01 14:28 . 2010-09-01 14:28 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-08-30 15:57 . 2010-08-30 15:57 -------- d-----w- c:\users\chill\AppData\Roaming\Apple Computer
2010-08-30 14:57 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-30 13:20 . 2010-08-30 13:20 -------- d-----w- c:\windows\wlansvc
2010-08-28 19:47 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 18:14 . 2010-08-28 18:18 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\Apple Computer
2010-08-28 18:14 . 2010-08-28 18:14 -------- d-----w- c:\users\chill.AMD\AppData\Local\Apple Computer
2010-08-28 18:14 . 2010-09-08 19:56 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-28 18:13 . 2010-08-28 18:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-28 18:11 . 2010-09-08 20:01 -------- d-----w- c:\program files\QuickTime
2010-08-28 18:11 . 2010-09-08 20:00 -------- d-----w- c:\programdata\Apple Computer
2010-08-28 18:11 . 2010-08-28 18:11 -------- d-----w- c:\users\chill.AMD\AppData\Local\Apple
2010-08-28 18:09 . 2010-09-08 19:56 -------- d-----w- c:\program files\Common Files\Apple
2010-08-28 18:09 . 2010-08-28 18:11 -------- d-----w- c:\programdata\Apple
2010-08-25 13:50 . 2010-08-25 13:50 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\HD Tune Pro
2010-08-25 13:50 . 2010-08-26 15:04 -------- d-----w- c:\program files\HD Tune Pro
2010-08-19 19:09 . 2010-08-19 19:09 -------- d-----w- c:\users\chill.AMD\.AMD Power Monitor Settings
2010-08-19 19:08 . 2009-04-22 19:32 42552 ----a-w- c:\windows\system32\drivers\AmdLLD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 01:41 . 2009-10-05 12:43 -------- d-----w- c:\program files\Symantec
2010-09-10 01:41 . 2009-10-05 12:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-10 01:41 . 2009-10-05 12:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-10 01:41 . 2009-10-05 12:45 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-10 01:41 . 2009-10-05 12:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-10 01:28 . 2010-04-08 19:29 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\Skype
2010-09-10 01:17 . 2010-05-12 16:14 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\skypePM
2010-09-09 13:27 . 2010-07-14 03:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-09 13:27 . 2010-07-14 03:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-08 19:58 . 2010-03-10 14:28 -------- d-----w- c:\program files\Java
2010-09-08 19:58 . 2010-03-10 14:28 -------- d-----w- c:\program files\Common Files\Java
2010-09-08 18:57 . 2010-06-07 15:49 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\PrimoPDF
2010-09-07 14:27 . 2009-10-05 02:50 7257856 ----a-w- c:\windows\system32\perfh00A.dat
2010-09-07 14:27 . 2009-10-05 02:50 2419890 ----a-w- c:\windows\system32\perfc00A.dat
2010-09-07 14:27 . 2009-10-05 02:28 6944296 ----a-w- c:\windows\system32\prfh0404.dat
2010-09-07 14:27 . 2009-10-05 02:28 2383066 ----a-w- c:\windows\system32\prfc0404.dat
2010-09-07 14:27 . 2009-10-05 02:23 6928094 ----a-w- c:\windows\system32\prfh0804.dat
2010-09-07 14:27 . 2009-10-05 02:23 2387980 ----a-w- c:\windows\system32\prfc0804.dat
2010-09-06 19:28 . 2009-11-04 01:02 -------- d-----w- c:\users\chill\AppData\Roaming\vlc
2010-09-06 19:12 . 2009-10-05 03:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 00:28 . 2009-10-05 03:42 109216 ----a-w- c:\users\chill\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-01 14:39 . 2009-10-06 13:05 109216 ----a-w- c:\users\chill.AMD\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-01 14:28 . 2010-09-01 14:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32_01009.Wdf
2010-08-19 19:08 . 2010-07-29 16:28 -------- d-----w- c:\program files\AMD
2010-08-19 19:07 . 2010-07-29 16:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-19 13:49 . 2009-10-05 14:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 13:38 . 2009-10-05 02:01 -------- d-----w- c:\programdata\Microsoft Help
2010-08-06 16:23 . 2009-10-05 03:19 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-08-06 16:02 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-06 16:01 . 2010-08-06 16:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-06 16:00 . 2010-08-06 16:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-06 16:00 . 2010-08-06 16:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-06 16:00 . 2009-10-05 02:03 -------- d-----w- c:\program files\Microsoft.NET
2010-08-06 15:59 . 2010-08-06 15:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-06 15:58 . 2010-08-06 15:58 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-06 02:07 . 2010-08-06 02:07 107888 ----a-w- c:\windows\system32\SymVPN.dll
2010-08-06 02:06 . 2010-08-06 02:06 87408 ----a-w- c:\windows\system32\FwsVpn.dll
2010-08-03 03:20 . 2010-08-01 02:24 -------- d-----w- c:\users\chill\AppData\Roaming\uTorrent
2010-08-01 04:33 . 2010-08-01 02:10 -------- d-----w- c:\users\chill\AppData\Roaming\Winamp
2010-08-01 02:24 . 2010-08-01 02:24 -------- d-----w- c:\program files\uTorrent
2010-07-29 06:30 . 2010-08-12 13:33 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 13:33 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 01:28 . 2009-10-06 13:17 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\ICAClient
2010-07-27 02:47 . 2010-07-27 02:47 120 ----a-w- c:\users\chill\AppData\Local\Umewexetedabe.dat
2010-07-27 02:47 . 2010-07-27 02:47 0 ----a-w- c:\users\chill\AppData\Local\Sfumofeginu.bin
2010-07-23 20:19 . 2009-10-05 03:34 -------- d-----w- c:\programdata\Cisco
2010-07-23 20:18 . 2009-10-06 23:31 -------- d-----w- c:\users\chill.AMD\AppData\Roaming\Cisco
2010-07-23 13:18 . 2010-07-23 03:19 120 ----a-w- c:\users\chill.AMD\AppData\Local\Umewexetedabe.dat
2010-07-23 13:17 . 2010-07-23 03:19 0 ----a-w- c:\users\chill.AMD\AppData\Local\Sfumofeginu.bin
2010-07-23 03:17 . 2010-07-23 03:17 24 ----a-w- c:\users\chill.AMD\AppData\Roaming\omubwk.dat
2010-07-21 21:52 . 2010-07-21 21:52 40848 ----a-w- c:\windows\system32\drivers\point32.sys
2010-07-14 04:01 . 2010-07-14 04:01 388096 ----a-r- c:\users\chill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-30 06:25 . 2010-08-12 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 05:10 . 2010-06-30 05:10 505232 ----a-w- c:\windows\system32\ipcoin80.dll
2010-06-22 02:47 . 2010-08-12 13:34 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 13:34 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 13:34 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 13:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 13:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 13:33 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 13:31 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 13:33 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 21:53 . 2010-06-15 21:53 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 21:53 . 2010-02-27 02:34 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-15 21:53 . 2010-06-15 21:53 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 21:53 . 2010-06-15 21:53 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-15 21:53 . 2010-06-15 21:53 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-22 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5730144]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-07 115560]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\chill.AMD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-04-10 520704]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6C9C.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-04-08 222568]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2009-04-24 41264]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-31 102448]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-04-05 36640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: amazon.com\www
Trusted Zone: amd.com
Trusted Zone: amd.com\amdonline
Trusted Zone: amd.com\cpg
Trusted Zone: amd.com\cpgportal
Trusted Zone: amd.com\cpgproject
Trusted Zone: amd.com\gcsfm
Trusted Zone: amd.com\gisportal
Trusted Zone: amd.com\hcldms
Trusted Zone: amd.com\mss
Trusted Zone: amd.com\mssportal
Trusted Zone: amd.com\myamd
Trusted Zone: amd.com\myemail
Trusted Zone: amd.com\MyHR
Trusted Zone: amd.com\myprojects
Trusted Zone: amd.com\myprojectteams
Trusted Zone: amd.com\myteams
Trusted Zone: amd.com\mywork
Trusted Zone: amd.com\project
Trusted Zone: amd.com\sapcitrix
Trusted Zone: amd.com \wrms
Trusted Zone: amdcentral
Trusted Zone: amdonline
Trusted Zone: asiaespec
Trusted Zone: ausb3rmwp01
Trusted Zone: cdw
Trusted Zone: cdw.com\www
Trusted Zone: citrixwebqa
Trusted Zone: conrad.de\www1.business
Trusted Zone: corporateexpress.de\connect
Trusted Zone: cpg
Trusted Zone: cpgportal
Trusted Zone: cpgproject
Trusted Zone: csgpweb2
Trusted Zone: dell.com\valuechain
Trusted Zone: dell.com\vccluster2
Trusted Zone: gisportal
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: hagemeyerce.com\down
Trusted Zone: hcldms
Trusted Zone: hoffmann-gmbh.de\de
Trusted Zone: insight.ca
Trusted Zone: insight.com
Trusted Zone: insight.com\uk
Trusted Zone: insight.com\www.corp
Trusted Zone: insight.com\www.marketplace.corp
Trusted Zone: kroschke.com\shop
Trusted Zone: metafore.ca\e-buy
Trusted Zone: mrose24.de\www
Trusted Zone: mss
Trusted Zone: mssportal
Trusted Zone: mutiaranet
Trusted Zone: myamd
Trusted Zone: myamd-qa
Trusted Zone: mygreatlakes.org\www
Trusted Zone: MyHR
Trusted Zone: myie6
Trusted Zone: myithelp
Trusted Zone: myprojects
Trusted Zone: myprojectteams
Trusted Zone: myqs
Trusted Zone: myteams
Trusted Zone: myteamsdrs
Trusted Zone: myteamssgp
Trusted Zone: mywork
Trusted Zone: news8austin.com\www
Trusted Zone: pngqssts
Trusted Zone: printmedia.de\vubt001
Trusted Zone: project
Trusted Zone: qualitycenter
Trusted Zone: rockbox.org\build
Trusted Zone: rockbox.org\www
Trusted Zone: rs-components.com\order
Trusted Zone: sapcitrix
Trusted Zone: schweitzer-online.de\www
Trusted Zone: shi.com\roundtrip
Trusted Zone: somafm.com
Trusted Zone: spngmes01
Trusted Zone: spngweb5
Trusted Zone: ssgpopt13
Trusted Zone: storesonline
Trusted Zone: swagelok.com\b2b-de
Trusted Zone: thgeyer.de\www
Trusted Zone: vwr.com\de
Trusted Zone: weather.com\www
Trusted Zone: worldaccess
Trusted Zone: amd.com
Trusted Zone: amd.com\amdonline
Trusted Zone: amd.com\cpg
Trusted Zone: amd.com\cpgportal
Trusted Zone: amd.com\cpgproject
Trusted Zone: amd.com\gcsfm
Trusted Zone: amd.com\gisportal
Trusted Zone: amd.com\hcldms
Trusted Zone: amd.com\mss
Trusted Zone: amd.com\mssportal
Trusted Zone: amd.com\myamd
Trusted Zone: amd.com\myemail
Trusted Zone: amd.com\MyHR
Trusted Zone: amd.com\myprojects
Trusted Zone: amd.com\myprojectteams
Trusted Zone: amd.com\myteams
Trusted Zone: amd.com\mywork
Trusted Zone: amd.com\project
Trusted Zone: amd.com\sapcitrix
Trusted Zone: amd.com \wrms
Trusted Zone: amdcentral
Trusted Zone: amdonline
Trusted Zone: asiaespec
Trusted Zone: ausb3rmwp01
Trusted Zone: cdw
Trusted Zone: cdw.com\www
Trusted Zone: citrixwebqa
Trusted Zone: conrad.de\www1.business
Trusted Zone: corporateexpress.de\connect
Trusted Zone: cpg
Trusted Zone: cpgportal
Trusted Zone: cpgproject
Trusted Zone: csgpweb2
Trusted Zone: gisportal
Trusted Zone: hagemeyerce.com\down
Trusted Zone: hcldms
Trusted Zone: hoffmann-gmbh.de\de
Trusted Zone: insight.ca
Trusted Zone: insight.com
Trusted Zone: insight.com\uk
Trusted Zone: insight.com\www.corp
Trusted Zone: insight.com\www.marketplace.corp
Trusted Zone: kroschke.com\shop
Trusted Zone: metafore.ca\e-buy
Trusted Zone: mrose24.de\www
Trusted Zone: mss
Trusted Zone: mssportal
Trusted Zone: mutiaranet
Trusted Zone: myamd
Trusted Zone: myamd-qa
Trusted Zone: MyHR
Trusted Zone: myie6
Trusted Zone: myithelp
Trusted Zone: myprojects
Trusted Zone: myprojectteams
Trusted Zone: myqs
Trusted Zone: myteams
Trusted Zone: myteamsdrs
Trusted Zone: myteamssgp
Trusted Zone: mywork
Trusted Zone: pngqssts
Trusted Zone: printmedia.de\vubt001
Trusted Zone: project
Trusted Zone: qualitycenter
Trusted Zone: rs-components.com\order
Trusted Zone: sapcitrix
Trusted Zone: schweitzer-online.de\www
Trusted Zone: shi.com\roundtrip
Trusted Zone: spngmes01
Trusted Zone: spngweb5
Trusted Zone: ssgpopt13
Trusted Zone: storesonline
Trusted Zone: swagelok.com\b2b-de
Trusted Zone: thgeyer.de\www
Trusted Zone: vwr.com\de
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://aus-vpn.amd.com/CACHE/stc/5/binaries/vpnweb.cab
DPF: {C4866628-AD07-4309-B3AB-DB6A8627FEAD} - hxxp://myvoicemail/ciscopca/controls/MediaMasENU.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-Symantec Antvirus
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6C9C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-13 14:08:33
ComboFix-quarantined-files.txt 2010-09-13 19:08

Pre-Run: 117,778,194,432 bytes free
Post-Run: 121,153,060,864 bytes free

- - End Of File - - 37786D7C3F759FA734E7D417CAC5FB8B


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 13 September 2010 - 02:56 PM

Hello again,

Firstly download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 13 September 2010 - 07:52 PM

Elise,

Whenever I try to right-click and install DelDomains file, I get an "installation failed" message...

-Clint

Attached Files



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 14 September 2010 - 05:20 AM

In that case, could you please access internet options and delete any Trusted Sites that you haven't add yourself?

Please run also MBAM as instructed and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 September 2010 - 12:17 PM

Elise,
I was able to remove the trusted sites/zones through the regedit after backing up the registry completely.
Please see the MBAM full scan log below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4614

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/14/2010 12:15:15 PM
mbam-log-2010-09-14 (12-15-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 259495
Time elapsed: 59 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 September 2010 - 12:23 PM

Just for kicks, I ran a MBAM "Quick Scan" after the Rogue Antivirus registry entry was removed during the last full MBAM scan. here is the log from this follow-up MBAM quick scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4614

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/14/2010 12:22:33 PM
mbam-log-2010-09-14 (12-22-33).txt

Scan type: Quick scan
Objects scanned: 150689
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 14 September 2010 - 12:24 PM

Do you have any problems left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 September 2010 - 01:59 PM

Hello Elise:

It appears that I don't have any problems left at this point in time. I ran the ESET online scan and no threats were found. Please see the attached ESET completion printscreen....

i assume I can consider myself clean at this point?

Attached Files

  • Attached File  eset.jpg   42.44KB   2 downloads


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 14 September 2010 - 02:24 PM

Yes you can. laugh.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 chill86

chill86
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 14 September 2010 - 02:53 PM

thank you very much Elise...i believe you can close this topic now...really appreciate the help here...

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,310 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:15 PM

Posted 14 September 2010 - 03:10 PM

You are most welcome. smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users