Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with HDD Fix


  • This topic is locked This topic is locked
13 replies to this topic

#1 thedeep10

thedeep10

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 04 January 2011 - 09:23 AM

Shows the usual "hard drive low," "hard drive missing," etc. Pop ups whenever I try to start an app. I ran MBAM right off the bat. I will post that log. It cleaned 6 problems. I don't SEEM to have further problems, but....!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5452

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/3/2011 11:08:58 PM
mbam-log-2011-01-03 (23-08-58).txt

Scan type: Quick scan
Objects scanned: 173083
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\all users\application data\lbsydyrdlalnvk.exe (Trojan.FakeAlert) -> 1720 -> Unloaded process successfully.

Memory Modules Infected:
c:\documents and settings\all users\application data\qunmkniyhjtwbe.dll (Rogue.FakeHDD) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LBSYdYrDlalNvk.exe (Trojan.FakeAlert) -> Value: LBSYdYrDlalNvk.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\qunmkniyhjtwbe.dll (Rogue.FakeHDD) -> Delete on reboot.
c:\documents and settings\all users\application data\lbsydyrdlalnvk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\vgdth0glgzbgx.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

The DDS.txt log


DDS (Ver_10-12-12.02) - NTFSx86
Run by John Curtis at 23:44:11.75 on Mon 01/03/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.375 [GMT -5:00]

AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\John Curtis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://andrewlinks.net
uInternet Settings,ProxyServer = http=127.0.0.1:58848
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Anonymizer Core Browser Helper Object: {2f2fbf0d-254f-11d5-b1e5-0050dad7af62} - c:\program files\anonymizer\core\Anonymizer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Anonymizer Toolbar: {c14dc52f-b4d9-11d5-b1e6-0050dad7af62} - c:\program files\anonymizer\toolbar\AnonymizerBar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [PestPatrol Control Center] c:\program files\pestpatrol\PPControl.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [kmw_run.exe] kmw_run.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AtiPTA] atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [xrpimyey] c:\documents and settings\networkservice\local settings\application data\xasruphcu\getbspstssd.exe
dRun: [eouagitl] c:\documents and settings\networkservice\local settings\application data\ltfhyrmqk\cikbyjdtssd.exe
dRun: [gouxamtc] c:\documents and settings\networkservice\local settings\application data\gouppjgme\rpbdiovtssd.exe
dRun: [xdmuvrsk] c:\documents and settings\networkservice\local settings\application data\mcoadwpds\mrdpststssd.exe
dRun: [xvkdisks] c:\documents and settings\networkservice\local settings\application data\rhulcwvki\qlwbyvwtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\purdue~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\connected.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ebay.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - hxxp://www.callwave.com/include/cab/CWDL_DownLoad.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37860.8220601852
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
TCP: {5AAA12BA-3D4C-481C-84D8-43AB96E832A8} = 216.165.129.158,208.67.222.222
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johncu~1\applic~1\mozilla\firefox\profiles\8fhzosi7.default user\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58848
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-9-15 127744]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-10 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-1-24 93872]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-10 88176]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2010-1-10 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-10 144704]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2004-7-5 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2004-7-5 23744]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-9-15 36224]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-10 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-10 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-10 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-10 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1ca396b90d07086;Google Update Service (gupdate1ca396b90d07086);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1a2.tmp --> c:\windows\system32\1A2.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-10 34248]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-4 1251720]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-9-15 134912]
S4 NAVAP;NAVAP;c:\windows\system32\drivers\NAVAP.SYS [2004-7-5 184416]
S4 S100mtnt;S100mtnt; [x]

=============== Created Last 30 ================

2010-12-15 10:42:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:39:13 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-06 19:22:49 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-06 19:22:49 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-06 19:22:49 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-06 19:22:49 -------- d-----w- c:\program files\Xvid

==================== Find3M ====================

2011-01-04 04:11:22 7304 ----a-w- c:\windows\TMP0001.TMP
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05:36 667136 ----a-w- c:\windows\system32\wininet.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 23:46:28.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 06 January 2011 - 12:43 PM

Ran a full MBAM scan. Got 12 more items. Log here:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5452

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/4/2011 10:19:30 PM
mbam-log-2011-01-04 (22-19-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 348945
Time elapsed: 2 hour(s), 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP116\A0023393.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP116\A0023405.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0031697.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0032691.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0032697.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0033695.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0034696.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0034703.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0034704.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP138\A0034707.dll (Rogue.FakeHDD) -> Quarantined and deleted successfully.

#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 09 January 2011 - 06:28 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



IMPORTANT NOTE: :exclame:

If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.txt & attach.txt logs.



Regards,
Georgi :hello:

cXfZ4wS.png


#4 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 09 January 2011 - 08:44 PM

I am having a problem. I downloaded GMER. Unzipped it. Clicked on the file and it opens...RUNNING. If I make any attempt to click on it, I get the "not responding" note. So, I can't tell it I don't want a full scan because that choice is never available, it goes immediately to scanning when I open it. Fix?

I should add, it worked fine last week. I have downloaded both versions and tried them--same result.

Edited by thedeep10, 09 January 2011 - 08:45 PM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 09 January 2011 - 08:53 PM

Hi thedeep10 and :welcome:

I will be handling your log to help you get cleaned up.
Please give me some time to look it over and I will get back to you as soon as possible.
However here is 03.50 am so I'll get some sleep now. Posted Image
See ya tomorrow as I'm very tired and I might just fall asleep during typing..stay tuned. :wink:


Regards,
Georgi :hello:

cXfZ4wS.png


#6 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 09 January 2011 - 10:03 PM

Here's my new DDS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by John Curtis at 18:56:59.43 on Sun 01/09/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.269 [GMT -5:00]

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\John Curtis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:58848
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Anonymizer Core Browser Helper Object: {2f2fbf0d-254f-11d5-b1e5-0050dad7af62} - c:\program files\anonymizer\core\Anonymizer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Anonymizer Toolbar: {c14dc52f-b4d9-11d5-b1e6-0050dad7af62} - c:\program files\anonymizer\toolbar\AnonymizerBar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [PestPatrol Control Center] c:\program files\pestpatrol\PPControl.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [kmw_run.exe] kmw_run.exe
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AtiPTA] atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [xrpimyey] c:\documents and settings\networkservice\local settings\application data\xasruphcu\getbspstssd.exe
dRun: [eouagitl] c:\documents and settings\networkservice\local settings\application data\ltfhyrmqk\cikbyjdtssd.exe
dRun: [gouxamtc] c:\documents and settings\networkservice\local settings\application data\gouppjgme\rpbdiovtssd.exe
dRun: [xdmuvrsk] c:\documents and settings\networkservice\local settings\application data\mcoadwpds\mrdpststssd.exe
dRun: [xvkdisks] c:\documents and settings\networkservice\local settings\application data\rhulcwvki\qlwbyvwtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\purdue~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\connected.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ebay.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - hxxp://www.callwave.com/include/cab/CWDL_DownLoad.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37860.8220601852
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
TCP: {5AAA12BA-3D4C-481C-84D8-43AB96E832A8} = 216.165.129.158,208.67.222.222
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johncu~1\applic~1\mozilla\firefox\profiles\8fhzosi7.default user\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58848
FF - prefs.js: network.proxy.type - 1

============= SERVICES / DRIVERS ===============

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-9-15 127744]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-10 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-1-24 93872]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2011-1-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2011-1-4 144704]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2004-7-5 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2004-7-5 23744]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-9-15 36224]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2011-1-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-10 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-10 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-10 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 gupdate1ca396b90d07086;Google Update Service (gupdate1ca396b90d07086);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\103.tmp --> c:\windows\system32\103.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-10 34248]
S3 rootrepeal2;rootrepeal2;\??\c:\windows\system32\drivers\rootrepeal2.sys --> c:\windows\system32\drivers\rootrepeal2.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-4 1251720]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-9-15 134912]
S4 NAVAP;NAVAP;c:\windows\system32\drivers\NAVAP.SYS [2004-7-5 184416]
S4 S100mtnt;S100mtnt; [x]

=============== Created Last 30 ================

2011-01-06 18:55:51 -------- d-----w- c:\documents and settings\john curtis\DoctorWeb
2011-01-06 18:29:07 -------- d-----w- c:\program files\VS Revo Group
2011-01-04 14:56:55 -------- d-----w- c:\docume~1\johncu~1\applic~1\McAfee
2011-01-04 14:40:17 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2011-01-04 14:38:58 -------- d-----w- c:\program files\common files\McAfee
2011-01-04 14:38:51 -------- d-----w- c:\program files\McAfee.com
2011-01-04 14:37:50 -------- d-----w- c:\program files\McAfee
2010-12-15 10:42:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:39:13 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2011-01-09 16:02:21 7304 ----a-w- c:\windows\TMP0001.TMP
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05:36 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05:35 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:59:07 369664 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:59:27.06 ===============

Attached Files



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 10 January 2011 - 03:26 PM

Hello thedeep10 ! Welcome to BleepingComputer Forums! :welcome:


Sorry for the delay.


My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





I noticed some programs which I find as unnecessary.

DVDSentry - I do not believe this program will be effective.

LiveUpdate Notice (Symantec Corporation) - these are leftovers from Norton Antivirus 2004 no longer installed on your PC.
Symantec Technical Support Web Controls

PestPatrol - This is the oldest version...The newest one is called CA Antispyware...


Did you purposely install them ?
You can uninstall them via ADD or Remove Programs from the Control Panel (if you wish).
If you decide to keep them, please disable them as they could interfere with the fix.


Additional note about SUPERAntispyware. SUPERAntispyware Free Edition do not provide real-time protection so not needed to start with Windows.

Double-click on SUPERAntispyware icon to start it.
Select Preferences => Under the General and Startup tab => uncheck the box Start SUPERAntispyware when Windows starts.





STEP 1



We need to create a OTL Report.


:exclame: IMPORTANT NOTE: Please log into your admin account before proceeding with the scan.


  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:

    * Click on Scan All Users checkbox given at the top.Posted Image
    * Under File Scans, change File age to 90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized





STEP 2



Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



Regards,
Georgi

cXfZ4wS.png


#8 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 10 January 2011 - 04:33 PM

Here are the OTL logs:
OTL logfile created on: 1/10/2011 4:14:45 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\John Curtis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.45 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 136.21 Gb Free Space | 91.38% Space Free | Partition Type: NTFS

Computer Name: THEDEEP | User Name: John Curtis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 16:13:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Curtis\Desktop\OTL.exe
PRC - [2010/12/11 14:25:29 | 012,584,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/11/30 13:54:33 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/16 11:46:51 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/17 19:30:48 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/07/30 19:35:30 | 000,093,312 | ---- | M] (SPSS Inc.) -- C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe
PRC - [2009/07/30 19:35:04 | 000,036,480 | ---- | M] (SPSS Inc.) -- C:\Program Files\SPSSInc\PASWStatistics18\spssengine.exe
PRC - [2009/05/13 23:24:26 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/05/08 16:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/05/08 09:33:16 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/05/01 15:34:14 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/04/09 11:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/04/09 08:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/12/31 13:46:20 | 000,286,720 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
PRC - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/13 20:29:44 | 004,755,456 | ---- | M] (Thomson ResearchSoft) -- C:\Program Files\EndNote X1\EndNote.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/11/04 14:04:48 | 000,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/01/27 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIABA.EXE
PRC - [2004/01/24 20:26:22 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2003/05/27 12:48:58 | 000,106,496 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\SYSTEM32\kmw_run.exe
PRC - [2003/05/27 12:47:56 | 000,167,936 | ---- | M] () -- C:\WINDOWS\SYSTEM32\kmw_show.exe
PRC - [2002/08/14 18:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/05/08 09:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe
PRC - [2001/12/20 21:04:16 | 000,307,200 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\atiptaxx.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 16:13:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Curtis\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/07/11 20:46:20 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
MOD - [2009/07/11 20:32:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
MOD - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
MOD - [2008/04/13 19:12:10 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wow32.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wsock32.dll
MOD - [2008/04/13 19:12:04 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\riched20.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rsaenh.dll
MOD - [2007/10/13 20:21:26 | 001,533,280 | ---- | M] (Thomson ResearchSoft) -- C:\Program Files\Common Files\Thomson ResearchSoft\Cwyw\EndNote Cwyw.dll
MOD - [2003/05/27 12:48:32 | 000,110,592 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\SYSTEM32\kmw_dll.dll
MOD - [2002/09/03 14:59:39 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\tsappcmp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/13 23:24:26 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/05/08 16:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/05/08 11:54:34 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/05/08 09:33:16 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/05/01 15:34:14 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/04/09 11:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 08:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/06/19 17:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/01/31 21:11:33 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2004/09/11 13:19:09 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2002/07/30 16:15:24 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2002/05/08 09:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal2.sys -- (rootrepeal2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\103.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 14:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2009/05/13 23:25:06 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/05/13 23:25:06 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/05/13 23:25:06 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/05/13 23:25:06 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/05/13 23:24:34 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/04/09 14:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/02/19 13:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ArcHlp.sys -- (archlp)
DRV - [2008/06/19 17:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2007/11/06 12:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 07:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/03/07 18:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 18:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/01/24 20:26:23 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/24 20:26:23 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/01/24 20:26:23 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/01/24 20:26:23 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/24 20:26:23 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/05 12:38:02 | 000,184,416 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NAVAP.SYS -- (NAVAP)
DRV - [2003/05/27 12:59:24 | 000,092,288 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_SYS.sys -- (KMW_SYS)
DRV - [2003/05/27 12:58:36 | 000,005,248 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 16:38:10 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 16:37:36 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 16:31:28 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/09/03 15:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2002/09/03 14:58:07 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2002/09/03 14:58:07 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2002/09/03 14:58:06 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2002/09/03 14:58:06 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2002/09/03 14:56:53 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2002/09/03 14:52:49 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2002/09/03 14:52:48 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2002/09/03 14:52:48 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2002/09/03 14:45:16 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2002/09/03 14:37:08 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys -- (hsf_msft)
DRV - [2002/09/03 14:37:08 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.sys -- (V124)
DRV - [2002/09/03 14:37:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.sys -- (K56)
DRV - [2002/09/03 14:37:08 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.sys -- (Fallback)
DRV - [2002/09/03 14:37:08 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.sys -- (SoftFax)
DRV - [2002/09/03 14:37:08 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.sys -- (Fsks)
DRV - [2002/09/03 14:37:08 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.sys -- (basic2)
DRV - [2002/09/03 14:37:08 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.sys -- (Rksample)
DRV - [2002/09/03 14:37:08 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.sys -- (Tones)
DRV - [2002/09/03 14:36:01 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2002/09/03 14:34:50 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2002/09/03 14:33:35 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2002/09/03 14:33:34 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2002/09/03 14:33:21 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/07/30 16:15:40 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/05/13 18:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/05/07 16:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002/05/07 16:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://education.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://education.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58848
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Firefox\components [2011/01/05 17:02:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/12/11 21:54:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/06 16:17:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/26 20:35:06 | 000,000,000 | ---D | M]

[2010/11/04 15:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Extensions
[2010/11/04 15:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/09 20:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\extensions
[2010/05/05 18:51:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/02 05:10:31 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2008/07/16 18:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\8fhzosi7.Default User\extensions
[2008/07/16 18:19:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\8fhzosi7.Default User\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/07/16 18:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\ngwew541.default\extensions
[2008/07/16 18:19:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John Curtis\Application Data\Mozilla\Firefox\Profiles\ngwew541.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/09 07:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2003/05/15 02:59:03 | 000,004,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2007/10/10 16:24:00 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_03050024.dll
[2009/12/17 19:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/10/09 07:48:00 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/01/10 00:55:53 | 000,000,727 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Anonymizer Core Browser Helper Object) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Anonymizer Toolbar) - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - C:\Program Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\IME\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKU\.DEFAULT..\Run: [eouagitl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ltfhyrmqk\cikbyjdtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [gouxamtc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gouppjgme\rpbdiovtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [xdmuvrsk] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mcoadwpds\mrdpststssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [xrpimyey] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xasruphcu\getbspstssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [xvkdisks] C:\Documents and Settings\NetworkService\Local Settings\Application Data\rhulcwvki\qlwbyvwtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [eouagitl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ltfhyrmqk\cikbyjdtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [gouxamtc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gouppjgme\rpbdiovtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [xdmuvrsk] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mcoadwpds\mrdpststssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [xrpimyey] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xasruphcu\getbspstssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [xvkdisks] C:\Documents and Settings\NetworkService\Local Settings\Application Data\rhulcwvki\qlwbyvwtssd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Purdue University VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\connected.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: ebay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (CWDL_DownLoadControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37860.8220601852 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup/downloader/imloader.cab (IMDownloader Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\John Curtis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Curtis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/04 22:49:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b6cfaf2c-d77e-11dc-8520-000bdb4aa0e6}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfaf2c-d77e-11dc-8520-000bdb4aa0e6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6cfaf2c-d77e-11dc-8520-000bdb4aa0e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/01/10 16:13:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Curtis\Desktop\OTL.exe
[2011/01/09 20:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Curtis\Desktop\gmer
[2011/01/06 14:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Curtis\Desktop\tdsskiller
[2011/01/06 13:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Curtis\DoctorWeb
[2011/01/06 13:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/06 13:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Curtis\Start Menu\Programs\Revo Uninstaller
[2011/01/06 13:28:11 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\John Curtis\Desktop\revosetup.exe
[2011/01/04 09:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Curtis\Application Data\McAfee
[2011/01/04 09:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/01/04 09:40:17 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2011/01/04 09:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/01/04 09:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/01/04 09:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/12/26 09:58:27 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Curtis\Desktop\mbam-setup.exe
[2010/12/15 05:42:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 05:39:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/11 21:53:06 | 008,150,816 | ---- | C] (Mozilla) -- C:\Documents and Settings\John Curtis\Desktop\Firefox Setup 3.5.16.exe
[2010/12/11 20:30:17 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\John Curtis\Desktop\install_flash_player.exe
[2010/12/10 21:55:27 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\John Curtis\Desktop\QuickTimeInstaller.exe
[2010/12/10 20:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2010/12/10 20:14:08 | 008,582,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\John Curtis\Desktop\Firefox Setup 3.6.13.exe
[2010/12/06 14:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2010/12/06 14:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/11/18 13:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/05 00:05:36 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/10/13 09:54:41 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 09:54:40 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 09:54:22 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/01/10 16:13:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Curtis\Desktop\OTL.exe
[2011/01/10 15:36:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 14:36:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 14:24:52 | 000,006,100 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/01/10 13:50:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/10 09:20:43 | 013,399,040 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/01/10 09:20:35 | 009,746,432 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/01/10 09:19:36 | 000,008,577 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/01/10 09:19:09 | 000,012,644 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/10 09:16:49 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Purdue University VPN Client.lnk
[2011/01/10 09:16:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/09 20:25:34 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\John Curtis\Desktop\gmer.zip
[2011/01/09 19:55:03 | 1072,779,264 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/01/07 15:04:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/06 14:11:50 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\John Curtis\Desktop\tdsskiller.zip
[2011/01/06 13:29:08 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\John Curtis\Desktop\Revo Uninstaller.lnk
[2011/01/06 13:28:26 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\John Curtis\Desktop\revosetup.exe
[2011/01/04 09:53:00 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/01/04 09:39:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/01/04 09:39:28 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/01/03 23:40:05 | 087,804,072 | ---- | M] () -- C:\Documents and Settings\John Curtis\Desktop\McAfee_VSP_en-US_24M_R1.exe
[2011/01/03 21:43:36 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\VGdth0GlgZbGX
[2011/01/03 21:37:09 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8LhhqZ2jVg64jxb
[2010/12/26 10:00:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John Curtis\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/26 09:59:06 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Curtis\Desktop\mbam-setup.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 05:12:51 | 000,327,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 21:19:43 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/11 21:55:00 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\John Curtis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/11 21:55:00 | 000,001,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/11 21:53:43 | 008,150,816 | ---- | M] (Mozilla) -- C:\Documents and Settings\John Curtis\Desktop\Firefox Setup 3.5.16.exe
[2010/12/11 20:30:18 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\John Curtis\Desktop\install_flash_player.exe
[2010/12/10 21:58:53 | 038,147,376 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\John Curtis\Desktop\QuickTimeInstaller.exe
[2010/12/10 20:14:08 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\John Curtis\Desktop\Firefox Setup 3.6.13.exe
[2010/12/07 10:41:55 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\John Curtis\Application Data\3082.356
[2010/11/18 13:41:59 | 000,002,456 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/07 05:25:59 | 000,437,114 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 05:25:59 | 000,069,416 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/05 00:05:36 | 001,510,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/11/05 00:05:36 | 000,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/11/05 00:05:36 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/11/05 00:05:36 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/11/05 00:05:36 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/11/05 00:05:36 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/11/05 00:05:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/11/05 00:05:35 | 003,076,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/11/05 00:05:35 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/11/05 00:05:35 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/11/05 00:05:35 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/11/05 00:05:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/11/05 00:05:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/11/03 07:59:07 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/10/24 12:13:48 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\John Curtis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/09 20:25:32 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\John Curtis\Desktop\gmer.zip
[2011/01/06 14:11:19 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\John Curtis\Desktop\tdsskiller.zip
[2011/01/06 13:29:08 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\John Curtis\Desktop\Revo Uninstaller.lnk
[2011/01/04 09:53:18 | 000,008,577 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2011/01/04 09:53:00 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/01/04 09:39:29 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/01/04 09:39:27 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/01/03 23:32:04 | 087,804,072 | ---- | C] () -- C:\Documents and Settings\John Curtis\Desktop\McAfee_VSP_en-US_24M_R1.exe
[2011/01/03 21:43:36 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VGdth0GlgZbGX
[2011/01/03 21:37:09 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8LhhqZ2jVg64jxb
[2010/12/10 20:28:18 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\John Curtis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/10 20:28:18 | 000,001,541 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/07 10:36:59 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\John Curtis\Application Data\3082.356
[2010/12/06 14:22:49 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/06 14:22:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/06 14:22:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/09/15 20:39:32 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/09/15 20:00:24 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2010/08/01 21:13:48 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2009/10/28 17:58:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/10/28 17:58:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/10/28 17:51:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/27 19:51:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/06/19 17:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/02/22 19:49:22 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/22 19:49:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2008/02/22 19:48:08 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/11/21 12:17:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/08/30 14:39:02 | 000,000,160 | ---- | C] () -- C:\WINDOWS\RISXTD.INI
[2007/08/30 14:38:52 | 000,000,027 | ---- | C] () -- C:\WINDOWS\Risxtd32.INI
[2006/10/03 15:05:54 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/07 08:46:35 | 000,002,456 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/16 20:45:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/03/16 20:45:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unace.dll
[2005/11/03 16:36:53 | 000,007,821 | ---- | C] () -- C:\WINDOWS\System32\wer8274.ini
[2005/06/08 12:27:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\ClikBook.ini
[2005/06/08 12:06:14 | 000,000,312 | ---- | C] () -- C:\WINDOWS\clk2pdf.ini
[2004/12/12 16:55:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\spm1316.ini
[2004/10/17 12:22:39 | 000,007,824 | ---- | C] () -- C:\WINDOWS\System32\mtc2608.ini
[2004/10/11 20:00:38 | 000,001,534 | ---- | C] () -- C:\WINDOWS\System32\MTC.ini
[2004/08/22 19:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2004/07/05 12:04:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\platmsg.dll
[2004/07/05 12:04:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2004/07/05 12:04:29 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/07/05 12:04:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll
[2004/07/05 12:03:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/05 12:03:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2004/07/05 12:03:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/05 12:03:56 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2004/07/05 12:03:56 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/05 12:03:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2004/07/05 12:03:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/07/05 12:03:16 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2004/07/05 12:03:11 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2004/07/05 12:03:11 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2004/07/05 12:03:11 | 000,001,902 | ---- | C] () -- C:\WINDOWS\WINFTP.INI
[2004/07/05 12:03:11 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004/07/05 12:03:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2004/07/05 12:03:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/07/05 12:03:10 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2004/07/05 12:03:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2004/07/05 12:03:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/05 12:03:10 | 000,000,036 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2004/07/05 12:03:09 | 000,000,742 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2004/07/05 12:03:09 | 000,000,426 | ---- | C] () -- C:\WINDOWS\PAEDIT.INI
[2004/07/05 12:03:09 | 000,000,289 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2004/07/05 12:03:09 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2004/07/05 12:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/05 12:03:08 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/05 12:03:08 | 000,000,775 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2004/07/05 12:03:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/05 12:02:31 | 000,000,602 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/05 12:02:31 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/07/05 12:02:30 | 000,004,741 | ---- | C] () -- C:\WINDOWS\IF40LE.INI
[2004/07/05 12:02:30 | 000,000,512 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2004/02/12 15:48:56 | 000,005,022 | ---- | C] () -- C:\Program Files\UPDATES.TXT
[2004/02/12 15:48:56 | 000,001,368 | ---- | C] () -- C:\Program Files\BATCHIMP.TXT
[2004/02/12 15:48:56 | 000,001,210 | ---- | C] () -- C:\Program Files\SOLIHULL.TXT
[2004/01/24 09:39:41 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/08/22 12:15:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Curtis\Application Data\dm.ini
[2003/08/03 09:51:27 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\John Curtis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 1/10/2011 4:14:45 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\John Curtis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.45 Gb Free Space | 54.33% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 136.21 Gb Free Space | 91.38% Space Free | Partition Type: NTFS

Computer Name: THEDEEP | User Name: John Curtis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:deprecated com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\paswstat.com" = C:\Program Files\SPSSInc\Statistics17\paswstat.com:*:Disabled:Statistics17:com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\paswstat.exe" = C:\Program Files\SPSSInc\Statistics17\paswstat.exe:*:Disabled:Statistics17:exe -- (SPSS Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\Firefox\firefox.exe" = C:\Program Files\Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Purdue University VPN Client 5.0.01.0600
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel® Pro Alerting Agent, Version 3.0.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69259999-5859-44F2-A44A-FD161EF15F2D}" = Foundations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Purdue University VPN Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"CRCheck32_is1" = CRCheck32 .87
"DivX Player" = DivX Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EndNote" = EndNote
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"if40leUninstall" = Presto! ImageFolio LE
"InterActual Player" = InterActual Player
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (0.8.)" = Mozilla Firefox (0.8.)
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PageManager" = Presto! PageManager
"PageType" = Presto! PageType
"PAUninstall" = Presto! PhotoAlbum
"PhotoWorks" = PhotoWorks v2.41
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Radio@Netscape Plus" = Radio@Netscape Plus
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"SecureFX" = VanDyke Software SecureFX 4.5
"Silent Package Run-Time Sample" = EPSON C88+ User's Guide
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 3:33:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:33:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:36:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:36:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:39:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:39:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:42:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:42:23 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 3:45:24 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/10/2011 3:45:24 PM | Computer Name = THEDEEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 1/6/2011 10:47:02 PM | Computer Name = THEDEEP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{5AAA12BA-3D4C-481C-84D8-43AB96E832A8}
because another computer on the network has the same name. The server could not
start.

Error - 1/6/2011 11:54:07 PM | Computer Name = THEDEEP | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 1/7/2011 10:57:54 AM | Computer Name = THEDEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000BDB4AA0E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/7/2011 7:25:46 PM | Computer Name = THEDEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000BDB4AA0E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/8/2011 7:44:04 AM | Computer Name = THEDEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000BDB4AA0E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/8/2011 11:15:30 AM | Computer Name = THEDEEP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{5AAA12BA-3D4C-481C-84D8-43AB96E832A8}
because another computer on the network has the same name. The server could not
start.

Error - 1/9/2011 1:55:43 AM | Computer Name = THEDEEP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{5AAA12BA-3D4C-481C-84D8-43AB96E832A8}
because another computer on the network has the same name. The server could not
start.

Error - 1/9/2011 12:02:46 PM | Computer Name = THEDEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000BDB4AA0E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/9/2011 8:13:49 PM | Computer Name = THEDEEP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/10/2011 10:16:35 AM | Computer Name = THEDEEP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000BDB4AA0E6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >


And the RKUnhooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0D0000 C:\WINDOWS\System32\ati3duag.dll 2695168 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6C74000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1601536 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF362000 C:\WINDOWS\System32\ativvaxx.dll 1409024 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF6B0A000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF18EB000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xF750E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6A7E000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 573440 bytes (Conexant Systems, WinACHSF driver)
0xF6973000 C:\WINDOWS\system32\drivers\smwdm.sys 540672 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF1406000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF447C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF175F000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xF687B000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF466F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF16DF000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF18A4000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 282624 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF0FCB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF475A000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xBF09A000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF4449000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF4715000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF14A6000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF68D9000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7652000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF1A6B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF74E1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF0CD0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF44EC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF45FA000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6C15000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 159744 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xF4648000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF75FC000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF4622000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF0ACC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF694F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6C3C000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6A17000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF45D8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4517000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75C4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF69F7000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 131072 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF7622000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF4403000 C:\WINDOWS\system32\drivers\archlp.sys 122880 bytes
0xF6931000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xF1887000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xF74C7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF6A65000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 102400 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF75E4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF43EB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6A4E000 C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys 94208 bytes (Kensington Technology Group, Kensington MouseWorks WDM Driver)
0xF759B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF691A000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF47B5000 C:\WINDOWS\system32\drivers\SBREdrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xF1F76000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6A3A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6C60000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF46C8000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF1124000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF75B2000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7641000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6909000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF1CC8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7891000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7871000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78C1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78A1000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF20CB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6E5B000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76E1000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF182F000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF7861000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78D1000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76C1000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF78F1000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7701000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7741000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7881000 C:\WINDOWS\system32\drivers\Imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF76B1000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78E1000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76A1000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6E8B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76F1000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7911000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF78B1000 C:\WINDOWS\System32\Drivers\ArcCD.SYS 36864 bytes (ArcSoft Inc., ArcCD.sys ReadOnly)
0xF76D1000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77F1000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6E0B000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF1C30000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF7901000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6DFB000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF0D9B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF6E1B000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7949000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xF7A99000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79B9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A91000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AA1000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79A1000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF79D9000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7981000 C:\WINDOWS\System32\drivers\NetAlrt.sys 28672 bytes (Intel Corporation, Netalrt Driver)
0xF7921000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7951000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7AA9000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7979000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7941000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79C1000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7A51000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 24576 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xF7A89000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79A9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7991000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF79B1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7971000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7929000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7961000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7969000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7959000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79F9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF2043000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7B2D000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF22DB000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF15FB000 C:\WINDOWS\System32\drivers\PlatAlrt.sys 16384 bytes (Intel Corporation, Platalrt Driver)
0xF748E000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7AB1000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF442D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B7D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF16CB000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7486000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B9D000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF686B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7BF3000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7C2D000 C:\WINDOWS\System32\Drivers\ArcRec.SYS 8192 bytes (ArcSoft Inc., File System Recognizer for ArcUdfs)
0xF7C27000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BF5000 C:\WINDOWS\system32\DRIVERS\CVirtA.sys 8192 bytes (Cisco Systems, Inc., Cisco Systems VPN Adapter)
0xF7BA5000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BB1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7C25000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7BA1000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BEF000 C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys 8192 bytes (Kensington Technology Group, Kensington MouseWorks Keyboard Class Filter Driver)
0xF7BF1000 C:\WINDOWS\System32\DRIVERS\KMW_Lib.sys 8192 bytes (Kensington Technology Group, Kensington MouseWorks Library Driver)
0xF7C29000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7C19000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7C2B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BF7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BF9000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7BA3000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D0C000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D69000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7CE4000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7DC2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D6A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C69000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05350000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 1183744 bytes
0x03AC0000 Hidden Image-->CLI.Aspect.Welcome.Local.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 118784 bytes
0x037B0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 1200128 bytes
0x048E0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 1249280 bytes
0x04660000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 1265664 bytes
0x05BF0000 Hidden Image-->CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 143360 bytes
0x05B90000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 151552 bytes
0x03DD0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 192512 bytes
0x05730000 Hidden Image-->CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 2797568 bytes
0x05A30000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 282624 bytes
0x01240000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x036D0000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x03930000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05010000 Hidden Image-->ACE.Graphics.VideoOverlay.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x055B0000 Hidden Image-->CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05640000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05620000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05790000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x056F0000 Hidden Image-->DEM.Graphics.I0600.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05770000 Hidden Image-->DEM.Graphics.I0602.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x057C0000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x05890000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x058E0000 Hidden Image-->CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 28672 bytes
0x01240000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x03990000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x03A10000 Hidden Image-->CLI.Caste.Local.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x03A80000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x06220000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x062C0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x06330000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x06680000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x066A0000 Hidden Image-->CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 28672 bytes
0x04760000 Hidden Image-->ATIDEMGR.dll [ EPROCESS 0x87293B88 ] PID: 1692, 299008 bytes
0x038B0000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 307200 bytes
0x033A0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x87293B88 ] PID: 1692, 307200 bytes
0x033A0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 307200 bytes
0x03D50000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 307200 bytes
0x05F90000 Hidden Image-->CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 315392 bytes
0x03B40000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 356352 bytes
0x05B30000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 364544 bytes
0x05530000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05060000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x03700000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x01260000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x03970000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x049C0000 Hidden Image-->CLI.Aspect.MultiVPU2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x04A00000 Hidden Image-->CLI.Aspect.MultiVPU.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x04A40000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x04C30000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x04F70000 Hidden Image-->CLI.Aspect.DisplaysColour.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.VideoOverlay.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05040000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05080000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05190000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x052D0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05300000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05360000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05510000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05600000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05570000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05720000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05750000 Hidden Image-->CLI.Aspect.WorkstationConfig.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x058B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x05900000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 36864 bytes
0x06620000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06550000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06260000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x039F0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x03910000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x01260000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x039D0000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x061F0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06240000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06350000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06380000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06490000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x065B0000 Hidden Image-->CLI.Aspect.VideoOverlay.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06570000 Hidden Image-->CLI.Aspect.DisplaysColour.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x065F0000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x065D0000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06660000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x06640000 Hidden Image-->CLI.Aspect.WorkstationConfig.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x066C0000 Hidden Image-->CLI.Aspect.MultiVPU2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x066E0000 Hidden Image-->CLI.Aspect.MultiVPU.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 36864 bytes
0x047B0000 Hidden Image-->System.Management.dll [ EPROCESS 0x87293B88 ] PID: 1692, 380928 bytes
0x04A90000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 438272 bytes
0x040D0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 446464 bytes
0x00DC0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x011C0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x03910000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x049A0000 Hidden Image-->CLI.Aspect.MultiVPU2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x049E0000 Hidden Image-->CLI.Aspect.MultiVPU.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x04A20000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x04FD0000 Hidden Image-->CLI.Aspect.VideoOverlay.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x04FB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x050C0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x050A0000 Hidden Image-->CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x05120000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x05340000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x055D0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 45056 bytes
0x00DC0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 45056 bytes
0x011C0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 45056 bytes
0x063C0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 45056 bytes
0x063A0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 45056 bytes
0x06590000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 45056 bytes
0x041B0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 454656 bytes
0x04E50000 Hidden Image-->CLI.Aspect.Radeon3DLegacy.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 454656 bytes
0x04B80000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 503808 bytes
0x06160000 Hidden Image-->CLI.Aspect.MultiVPU.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 512000 bytes
0x06060000 Hidden Image-->CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 512000 bytes
0x01220000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x03950000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x04F90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x04BF0000 Hidden Image-->CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x04C10000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x04F50000 Hidden Image-->CLI.Aspect.DisplaysColour.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x05440000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x05490000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x05470000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x054B0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 53248 bytes
0x06470000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 53248 bytes
0x01220000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 53248 bytes
0x038F0000 Hidden Image-->CLI.Foundation.Clients.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 53248 bytes
0x064C0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 53248 bytes
0x03E90000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 577536 bytes
0x03FB0000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 585728 bytes
0x05320000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x03840000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x04BC0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x05380000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x05550000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x056A0000 Hidden Image-->CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 61440 bytes
0x039B0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 61440 bytes
0x06530000 Hidden Image-->CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 61440 bytes
0x050F0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x05150000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x053D0000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x05410000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x05670000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x05800000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x05840000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x87293B88 ] PID: 1692, 69632 bytes
0x03A40000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x06290000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x06300000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x063F0000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x06440000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x06500000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 69632 bytes
0x03C50000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 708608 bytes
0x05E90000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 708608 bytes
0x04470000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 716800 bytes
0x011F0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x87293B88 ] PID: 1692, 77824 bytes
0x011F0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 77824 bytes
0x042F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 806912 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 823296 bytes
0x054E0000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 86016 bytes
0x05140000 Hidden Image-->CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 880640 bytes
0x05D00000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 905216 bytes
0x036A0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x87293B88 ] PID: 1692, 94208 bytes
0x03960000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 94208 bytes
0x04CF0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x8753FDA0 ] PID: 964, 978944 bytes

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 11 January 2011 - 06:39 AM

Hi thedeep10, :)



Thanks for the logs !



Viewpoint Manager


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



STEP 1



We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848
    IE - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58848
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 58848
    FF - prefs.js..network.proxy.type: 1
    O2 - BHO: (Anonymizer Core Browser Helper Object) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
    O3 - HKLM\..\Toolbar: (Anonymizer Toolbar) - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - C:\Program Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll File not found
    O4 - HKU\.DEFAULT..\Run: [eouagitl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ltfhyrmqk\cikbyjdtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [gouxamtc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gouppjgme\rpbdiovtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [xdmuvrsk] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mcoadwpds\mrdpststssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [xrpimyey] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xasruphcu\getbspstssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [xvkdisks] C:\Documents and Settings\NetworkService\Local Settings\Application Data\rhulcwvki\qlwbyvwtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [eouagitl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ltfhyrmqk\cikbyjdtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [gouxamtc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\gouppjgme\rpbdiovtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [xdmuvrsk] C:\Documents and Settings\NetworkService\Local Settings\Application Data\mcoadwpds\mrdpststssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [xrpimyey] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xasruphcu\getbspstssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [xvkdisks] C:\Documents and Settings\NetworkService\Local Settings\Application Data\rhulcwvki\qlwbyvwtssd.exe File not found
    O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: ebay.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    [2011/01/03 21:43:36 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\VGdth0GlgZbGX
    [2011/01/03 21:37:09 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8LhhqZ2jVg64jxb
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    :Commands
    [Reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



STEP 2



  • I see you have Malwarebytes' Anti-Malware installed on your computer.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.



Please reply back to let me know how things are going.
Do you still experience any issues ?




Regards,
Georgi

cXfZ4wS.png


#10 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 11 January 2011 - 11:16 AM

Here's the OTL log:

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2959274535-3273448985-4037818499-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 58848 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\eouagitl deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\gouxamtc deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\xdmuvrsk deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\xrpimyey deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\xvkdisks deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\eouagitl not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\gouxamtc not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\xdmuvrsk not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\xrpimyey not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\xvkdisks not found.
Registry key HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ebay.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ not found.
Registry key HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2959274535-3273448985-4037818499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
C:\Documents and Settings\All Users\Application Data\VGdth0GlgZbGX moved successfully.
C:\Documents and Settings\All Users\Application Data\8LhhqZ2jVg64jxb moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.20.1 log created on 01112011_104011

and the MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5504

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/11/2011 11:14:29 AM
mbam-log-2011-01-11 (11-14-29).txt

Scan type: Quick scan
Objects scanned: 174684
Time elapsed: 17 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBAM did not find anything. I "think" I am o.k., but that may just be an illusion.

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 11 January 2011 - 02:31 PM

Hello thedeep10, :)



STEP 1



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



STEP 2



Updating tasks



Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader X to your PC's desktop.

Uninstall:

- Adobe Reader 9.4.1

via Start => Control Panel > Add/Remove Programs

Install the new downloaded updated software.

Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

Posted Image

Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 4 x instead.

Foxit Reader 4x offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.





Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment 6u23 and save it to your desktop.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.


Java™ 6 Update 18


  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.





Your Mozilla Firefox is out of date!
You can download and install the latest version 3.6.13 from here if you want.
You can do a backup of your existing profile using Mozbackup or FEBE just in case before performing the update.





It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.



Tell me how are things now in your next reply.



Regards,
Georgi

cXfZ4wS.png


#12 thedeep10

thedeep10
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 11 January 2011 - 07:34 PM

Here is the ESET file. I'm curious. I've run, at this point, four or five (?) programs, including MBAM, which I consider to be a pretty good tool, and yet, ESET finds 10 problems! How is that?

C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\10\78d6980a-43676a4a Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\16\7f534b10-5fab9b63 multiple threats deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\18\4f46b492-63bd89ec multiple threats deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\43\556445eb-2f50e350 probably a variant of Win32/Agent.ERYPENX trojan deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\63\7a86423f-3f28e31f a variant of OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\63\7a86423f-484f249b a variant of OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Documents and Settings\John Curtis\Application Data\Sun\Java\Deployment\cache\6.0\63\7a86423f-70409a5b a variant of OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Documents and Settings\John Curtis\Local Settings\temp\jar_cache5172266167409169785.tmp a variant of Java/TrojanDownloader.OpenStream.NAX trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OJJM0BY0\107ac47ca1ceb6c762a5a4740039f3c4e97b3011811[2].js JS/Fraud.NAB trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OJJM0BY0\chicken-pot-pie-you-can-make-in-minutes[1] HTML/ScrInject.B.Gen virus deleted - quarantined

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:01 AM

Posted 12 January 2011 - 03:51 AM

Hi thedeep10, :)



Nothing special in the results. ESET detects this on many machines...
Malwarebytes is an antispyware application whereas Mcafee and Eset are programs.
Malwarebytes does not scan inside of zip files (archives) and can't check non executable files..
Although there are similarities these are two different applications and you need both.



I have some final words for you.



All Clean :thumbsup:



Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean :)



Cleanup


=> To remove all of the tools we used and the files and folders they created, please do the following:


  • Please reopen Posted Image on your desktop.
  • In the upper right click CleanUp
    Posted Image
  • This will delete OTL and will clean up after it.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.



Clear your Java Cache


Click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Update your AntiVirus Software


  • Make sure that you keep your antivirus updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


Visit Microsoft's Windows Update Site Frequently


It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Personally I use PrivateFirewall.

However it can be a bit complicated if you are newbie in firewall configuration...


Install an AntiSpyware Program


An effective scanner that you already have is Malwarebytes Anti-Malware.

Other highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan.


Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware



Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.
Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems, so my advice is; Stay away from them!
:thumbup2:



Follow this list and your potential for being infected again will reduce dramatically.


Regards,
Georgi

cXfZ4wS.png


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:01 AM

Posted 16 January 2011 - 06:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users