1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved iexplore.exe problem! (Black Internet rootkit case)

Discussion in 'Malware and Virus Removal Archive' started by juturna, 2010/06/24.

Page 3 of 4
  1. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    I'm hoping that I did it right...


    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    copy of MBR has been found in sector 61 !
    copy of MBR has been found in sector 62 !
     
    juturna,
    #41
  2. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Before we try something else, try to run Bootkit Remover with little bit different command:
    "%userprofile%\Desktop\remover.exe" fix
     
    broni,
    #42


  3. to hide this advert.

  4. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    No go...



    Bootkit Remover version 1.0.0.1
    (c) 2009 eSage Lab
    www.esagelab.com

    USSAGE: remover.exe fix <device_name>

    Press any key to quit...
     
    juturna,
    #43
  5. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.

    Please download [color= "#CC0000"]The Avenger[/color] by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
     
    broni,
    #44
  6. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Completed script processing.

    *******************

    Finished! Terminate.
     
    juturna,
    #45
  7. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    Restart computer.

    =============================================================

    1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Begin copying here:
Drivers to delete:

Files to delete:
C:\System Volume Information\Microsoft

Registry Keys to delete:

    2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

    * Right click on the window under Input script here:, and select Paste.
    * You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    * Click on Execute
    * Answer "Yes" twice when prompted.


    3. The Avenger will automatically do the following:

    * It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete ", The Avenger will actually restart your system twice.)
    * On reboot, it will briefly open a black command window on your desktop, this is normal.
    * After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    4. Please copy/paste the content of c:\avenger.txt into your reply
     
    broni,
    #46
  8. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Edit!
    Wrong script above.
    Correct script:

    Code:
    Begin copying here:
Drivers to delete:

Folders to delete:
C:\System Volume Information\Microsoft

Registry Keys to delete:
    I apologize for a mistake.
     
    broni,
    #47
  9. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    Just wanted to note that my system only restarted once


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Folder "C:\System Volume Information\Microsoft" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
    juturna,
    #48
  10. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do you still have iexplore.exe processes running?

    I'd like to see fresh OTL Quick Scan log.
     
    broni,
    #49
  11. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    You wanted me to keep System Restore off, correct?



    OTL logfile created on: 6/26/2010 12:12:51 AM - Run 4
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Andrew\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 583.59 Gb Total Space | 298.38 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.73 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ANDREW-PC
    Current User Name: Andrew
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/26 00:05:10 | 000,031,372 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\smss.exe
    PRC - [2010/06/26 00:04:59 | 000,025,318 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\services.exe
    PRC - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    PRC - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
    PRC - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/01/28 10:45:03 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/01/28 10:44:52 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    PRC - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 19:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/02/22 19:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2008/01/01 23:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/12/21 12:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/10/15 16:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
    PRC - [2007/09/12 12:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
    PRC - [2007/08/16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
    PRC - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/07/18 09:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
    PRC - [2007/07/18 09:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
    PRC - [2007/07/18 09:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
    PRC - [2007/06/05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    MOD - [2010/01/28 10:45:09 | 000,357,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
    MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
    SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
    SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
    SRV - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
    SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/12/12 21:41:31 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/10 19:41:24 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/05/10 19:41:24 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVENG.SYS -- (NAVENG)
    DRV - [2010/04/29 13:15:55 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/02/17 14:20:20 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/01/28 10:49:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/01/28 10:45:10 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/01/28 10:45:08 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/01/28 10:45:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/01/28 10:45:07 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/01/28 10:44:54 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/01/28 10:44:54 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/01/28 10:44:43 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/01/28 10:44:43 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/01/28 10:44:41 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2009/08/28 16:18:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/08/18 12:58:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2009/06/25 04:26:56 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2008/10/27 06:26:54 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2008/10/27 06:18:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/10/27 06:18:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/10/27 06:17:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/03/27 09:27:32 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2008/01/01 23:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/11/06 05:38:10 | 007,619,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/13 07:43:00 | 000,120,320 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\physX32.sys -- (physX32)
    DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/08/08 12:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
    DRV - [2007/07/18 09:30:28 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo "
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial "
    FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.96
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.72
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 02:01:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 19:02:09 | 000,000,000 | ---D | M]

    [2009/02/18 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
    [2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/01/07 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\artur.dubovoy@gmail.com
    [2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/25 19:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/25 19:01:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/06/25 15:56:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
    O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
    O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/25 23:43:44 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/06/25 21:32:37 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Users\Andrew\Desktop\remover.exe
    [2010/06/25 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/06/25 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/06/25 18:52:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/25 18:08:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2010/06/25 18:03:25 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/06/25 18:02:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/06/25 16:00:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/06/25 15:59:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
    [2010/06/25 15:55:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/06/25 13:54:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/06/24 22:33:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
    [2010/06/24 22:33:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/06/24 22:33:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/06/24 22:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/06/24 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/22 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/06/18 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\music
    [2010/06/15 05:45:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\skypePM
    [2010/06/15 05:44:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Skype
    [2010/06/15 05:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/06/15 05:43:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/06/15 05:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/06/13 02:01:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S2
    [2010/06/11 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
    [2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
    [2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
    [2010/06/11 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
    [2010/06/02 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S1
    [2010/05/15 00:15:47 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\idol
    [2010/05/14 22:41:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Desktop
    [2010/05/14 00:50:29 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
    [2010/05/14 00:50:29 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
    [2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
    [2010/05/14 00:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
    [2010/05/14 00:46:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
    [2010/05/14 00:46:05 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
    [2010/05/14 00:46:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
    [2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
    [2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
    [2010/05/14 00:46:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
    [2010/05/14 00:46:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/05/14 00:46:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
    [2010/05/14 00:46:04 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
    [2010/05/14 00:46:04 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
    [2010/05/14 00:46:04 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
    [2010/05/14 00:46:04 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
    [2010/05/14 00:46:03 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
    [2010/05/14 00:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
    [2010/04/28 11:27:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft Help
    [2010/04/20 01:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Aixcoustic
    [2010/04/18 00:16:08 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\Korean
    [2010/04/11 03:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport

    ========== Files - Modified Within 90 Days ==========

    [2010/06/26 00:13:04 | 000,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/26 00:13:04 | 000,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/26 00:13:03 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/26 00:12:54 | 006,553,600 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
    [2010/06/26 00:06:12 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
    [2010/06/26 00:06:10 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
    [2010/06/26 00:05:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
    [2010/06/26 00:05:37 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
    [2010/06/26 00:05:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/06/26 00:05:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/06/26 00:05:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/06/26 00:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/06/26 00:05:01 | 3219,181,568 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/26 00:04:23 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TMContainer00000000000000000001.regtrans-ms
    [2010/06/26 00:04:23 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TM.blf
    [2010/06/26 00:04:11 | 003,636,727 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
    [2010/06/26 00:01:55 | 000,000,238 | ---- | M] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 4.url
    [2010/06/25 23:58:40 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
    [2010/06/25 23:57:42 | 314,920,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/06/25 23:10:04 | 000,077,312 | ---- | M] () -- C:\Users\Andrew\Desktop\mbr.exe
    [2010/06/25 21:13:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
    [2010/06/25 21:12:41 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2010/06/25 17:14:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/06/25 15:56:30 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/06/25 15:56:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/06/25 04:16:46 | 000,121,856 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/25 00:01:53 | 000,270,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/06/24 23:02:36 | 000,293,376 | ---- | M] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
    [2010/06/24 22:33:40 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/22 23:54:37 | 000,525,824 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
    [2010/06/18 12:06:43 | 000,000,192 | ---- | M] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
    [2010/06/11 23:59:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
    [2010/06/03 15:42:11 | 000,000,154 | ---- | M] () -- C:\Users\Andrew\Desktop\index12.url
    [2010/05/09 20:57:28 | 000,532,092 | ---- | M] () -- C:\Users\Andrew\Documents\youth ministries.pptx
    [2010/05/09 17:32:42 | 000,027,648 | ---- | M] () -- C:\Users\Andrew\Documents\my interview.doc
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/16 10:25:52 | 000,033,792 | ---- | M] () -- C:\Users\Andrew\Documents\essay3.doc
    [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
    [2010/04/06 02:26:54 | 000,027,136 | ---- | M] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
    [2010/04/04 16:34:22 | 000,062,074 | ---- | M] () -- C:\Windows\War3Unin.dat
    [2010/03/29 01:03:16 | 000,019,065 | ---- | M] () -- C:\Users\Andrew\Documents\midterm.docx

    ========== Files Created - No Company Name ==========

    [2010/06/25 23:56:32 | 3219,181,568 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/25 23:51:49 | 000,000,238 | ---- | C] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 4.url
    [2010/06/25 23:41:53 | 000,731,136 | ---- | C] () -- C:\Users\Andrew\Desktop\avenger.exe
    [2010/06/25 23:16:01 | 000,000,255 | ---- | C] () -- C:\Users\Andrew\mbr.log
    [2010/06/25 23:10:04 | 000,077,312 | ---- | C] () -- C:\Users\Andrew\Desktop\mbr.exe
    [2010/06/25 21:13:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/06/24 23:02:35 | 000,293,376 | ---- | C] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
    [2010/06/24 22:33:40 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/22 23:54:34 | 000,525,824 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
    [2010/06/15 05:43:07 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/06/07 02:19:46 | 000,000,192 | ---- | C] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
    [2010/06/03 15:42:11 | 000,000,154 | ---- | C] () -- C:\Users\Andrew\Desktop\index12.url
    [2010/05/14 00:50:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/05/14 00:46:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
    [2010/05/14 00:46:05 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
    [2010/05/14 00:46:05 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
    [2010/05/14 00:46:04 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
    [2010/05/14 00:46:04 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
    [2010/05/14 00:46:04 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
    [2010/05/14 00:46:03 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
    [2010/05/14 00:46:03 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
    [2010/05/09 17:32:53 | 000,532,092 | ---- | C] () -- C:\Users\Andrew\Documents\youth ministries.pptx
    [2010/05/09 17:32:41 | 000,027,648 | ---- | C] () -- C:\Users\Andrew\Documents\my interview.doc
    [2010/04/08 02:10:53 | 000,033,792 | ---- | C] () -- C:\Users\Andrew\Documents\essay3.doc
    [2010/04/06 02:26:54 | 000,027,136 | ---- | C] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
    [2010/03/29 01:03:16 | 000,019,065 | ---- | C] () -- C:\Users\Andrew\Documents\midterm.docx
    [2009/08/07 02:40:39 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2009/08/04 15:03:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/29 02:13:28 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
    [2009/03/03 13:55:58 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
    [2009/02/14 08:05:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
    [2007/04/20 09:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2009/02/24 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Absolute
    [2009/02/18 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\acccore
    [2010/01/05 03:43:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ManyCam
    [2010/06/11 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
    [2009/10/09 01:43:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ooVoo Details
    [2009/03/20 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking
    [2009/05/20 01:21:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\RenPy
    [2009/08/07 02:58:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Samsung
    [2009/10/09 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\tmp
    [2010/06/26 00:04:14 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
    juturna,
    #50
  12. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes.

    You didn't say, if you still have iexplore.exe processes running.
     
    broni,
    #51
  13. 2010/06/25
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    I forgot to mention
    Yes I am still experiencing the iexplore.exe problem
     
    juturna,
    #52
  14. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, this is not working; we'll have to reset boot sector in a different way. Hold on there.
     
    broni,
    #53
  15. 2010/06/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you have Vista DVD...

    start with step 2

    If you don't have Vista DVD...

    1. Create Vista Recovery Disc.

    Option 1:
    http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.
    At first screen click on Repair your computer:
    [​IMG]
    This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh OTL log.
     
    broni,
    #54
  16. 2010/06/26
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    After digging through the disks that came with my computer, I've found two possible disks aforementioned:

    1. Drivers and Utilities
    For Reinstalling Dell Portable Computer Software

    2. Operating System
    Reinstallation DVD
    Windows Vista Home Premium

    ... are either of these the disk needed for step mentioned on post #54?
     
    juturna,
    #55
  17. 2010/06/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #56
  18. 2010/06/26
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    Just wanted to mention that the disk worked perfectly. Computer is restarting now, will post otl log when finished.
     
    juturna,
    #57
  19. 2010/06/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Keeping my fingers crossed :)
     
    broni,
    #58
  20. 2010/06/26
    juturna

    juturna Inactive Thread Starter

    Joined:
    2010/06/21
    Messages:
    38
    Likes Received:
    0
    OTL logfile created on: 6/26/2010 1:21:23 PM - Run 5
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Andrew\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 583.59 Gb Total Space | 297.70 Gb Free Space | 51.01% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.73 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ANDREW-PC
    Current User Name: Andrew
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    PRC - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
    PRC - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/01/28 10:45:03 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/01/28 10:44:52 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    PRC - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 19:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/02/22 19:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2008/01/01 23:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/12/21 12:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/10/15 16:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
    PRC - [2007/09/12 12:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
    PRC - [2007/08/16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
    PRC - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/07/18 09:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
    PRC - [2007/07/18 09:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
    PRC - [2007/07/18 09:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
    PRC - [2007/06/05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    MOD - [2010/01/28 10:45:09 | 000,357,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
    MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
    SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
    SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
    SRV - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/12/12 21:41:31 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/10 19:41:24 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/05/10 19:41:24 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVENG.SYS -- (NAVENG)
    DRV - [2010/04/29 13:15:55 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/02/17 14:20:20 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/01/28 10:49:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/01/28 10:45:10 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/01/28 10:45:08 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/01/28 10:45:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/01/28 10:45:07 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/01/28 10:44:54 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/01/28 10:44:54 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/01/28 10:44:43 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/01/28 10:44:43 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/01/28 10:44:41 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2009/08/28 16:18:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/08/18 12:58:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2009/06/25 04:26:56 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2008/10/27 06:26:54 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2008/10/27 06:18:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/10/27 06:18:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/10/27 06:17:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/03/27 09:27:32 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2008/01/01 23:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/11/06 05:38:10 | 007,619,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007/09/13 07:43:00 | 000,120,320 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\physX32.sys -- (physX32)
    DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/08/08 12:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
    DRV - [2007/07/18 09:30:28 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo "
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial "
    FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.96
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.72
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 02:01:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 19:02:09 | 000,000,000 | ---D | M]

    [2009/02/18 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
    [2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2010/01/06 02:05:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/01/07 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\artur.dubovoy@gmail.com
    [2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/25 19:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/25 19:01:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/06/25 15:56:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
    O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
    O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{6ec2ae01-fa4d-11dd-8f58-806e6f6e6963}\Shell - " " = AutoRun
    O33 - MountPoints2\{6ec2ae01-fa4d-11dd-8f58-806e6f6e6963}\Shell\AutoRun\command - " " = E:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/25 23:43:44 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/06/25 21:32:37 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Users\Andrew\Desktop\remover.exe
    [2010/06/25 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/06/25 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/06/25 18:52:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/25 18:08:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2010/06/25 18:03:25 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/06/25 18:02:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/06/25 16:00:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/06/25 15:59:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
    [2010/06/25 15:55:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/06/25 13:54:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/06/24 22:33:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
    [2010/06/24 22:33:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/06/24 22:33:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/06/24 22:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/06/24 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/22 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/06/18 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\music
    [2010/06/15 05:45:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\skypePM
    [2010/06/15 05:44:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Skype
    [2010/06/15 05:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/06/15 05:43:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/06/15 05:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/06/13 02:01:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S2
    [2010/06/11 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
    [2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
    [2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
    [2010/06/11 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
    [2010/06/02 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S1
    [2010/05/15 00:15:47 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\idol
    [2010/05/14 22:41:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Desktop
    [2010/05/14 00:50:29 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
    [2010/05/14 00:50:29 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
    [2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
    [2010/05/14 00:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
    [2010/05/14 00:46:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
    [2010/05/14 00:46:05 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
    [2010/05/14 00:46:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
    [2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
    [2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
    [2010/05/14 00:46:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
    [2010/05/14 00:46:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/05/14 00:46:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
    [2010/05/14 00:46:04 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
    [2010/05/14 00:46:04 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
    [2010/05/14 00:46:04 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
    [2010/05/14 00:46:04 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
    [2010/05/14 00:46:03 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
    [2010/05/14 00:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
    [2010/04/28 11:27:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft Help
    [2010/04/20 01:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Aixcoustic
    [2010/04/18 00:16:08 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\Korean
    [2010/04/11 03:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport

    ========== Files - Modified Within 90 Days ==========

    [2010/06/26 13:21:50 | 006,553,600 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
    [2010/06/26 13:20:43 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
    [2010/06/26 13:20:16 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TMContainer00000000000000000001.regtrans-ms
    [2010/06/26 13:20:16 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TM.blf
    [2010/06/26 13:20:15 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
    [2010/06/26 13:20:07 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
    [2010/06/26 13:20:07 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
    [2010/06/26 13:19:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/06/26 13:19:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/06/26 13:19:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/06/26 13:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/06/26 13:19:15 | 3219,181,568 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/26 13:12:43 | 003,640,873 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
    [2010/06/26 03:06:35 | 000,729,410 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/26 03:06:35 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/26 03:06:35 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/26 00:52:46 | 000,000,238 | ---- | M] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 4.url
    [2010/06/26 00:27:50 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/06/26 00:06:10 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
    [2010/06/25 23:57:42 | 314,920,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/06/25 23:10:04 | 000,077,312 | ---- | M] () -- C:\Users\Andrew\Desktop\mbr.exe
    [2010/06/25 21:13:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
    [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
    [2010/06/25 17:14:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/06/25 15:56:30 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/06/25 15:56:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/06/25 04:16:46 | 000,121,856 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/25 00:01:53 | 000,270,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/06/24 23:02:36 | 000,293,376 | ---- | M] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
    [2010/06/24 22:33:40 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/22 23:54:37 | 000,525,824 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
    [2010/06/18 12:06:43 | 000,000,192 | ---- | M] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
    [2010/06/11 23:59:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
    [2010/06/03 15:42:11 | 000,000,154 | ---- | M] () -- C:\Users\Andrew\Desktop\index12.url
    [2010/05/09 20:57:28 | 000,532,092 | ---- | M] () -- C:\Users\Andrew\Documents\youth ministries.pptx
    [2010/05/09 17:32:42 | 000,027,648 | ---- | M] () -- C:\Users\Andrew\Documents\my interview.doc
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/16 10:25:52 | 000,033,792 | ---- | M] () -- C:\Users\Andrew\Documents\essay3.doc
    [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
    [2010/04/06 02:26:54 | 000,027,136 | ---- | M] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
    [2010/04/04 16:34:22 | 000,062,074 | ---- | M] () -- C:\Windows\War3Unin.dat
    [2010/03/29 01:03:16 | 000,019,065 | ---- | M] () -- C:\Users\Andrew\Documents\midterm.docx

    ========== Files Created - No Company Name ==========

    [2010/06/25 23:56:32 | 3219,181,568 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/25 23:51:49 | 000,000,238 | ---- | C] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 4.url
    [2010/06/25 23:41:53 | 000,731,136 | ---- | C] () -- C:\Users\Andrew\Desktop\avenger.exe
    [2010/06/25 23:16:01 | 000,000,255 | ---- | C] () -- C:\Users\Andrew\mbr.log
    [2010/06/25 23:10:04 | 000,077,312 | ---- | C] () -- C:\Users\Andrew\Desktop\mbr.exe
    [2010/06/25 21:13:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/06/24 23:02:35 | 000,293,376 | ---- | C] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
    [2010/06/24 22:33:40 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/06/22 23:54:34 | 000,525,824 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
    [2010/06/15 05:43:07 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/06/07 02:19:46 | 000,000,192 | ---- | C] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
    [2010/06/03 15:42:11 | 000,000,154 | ---- | C] () -- C:\Users\Andrew\Desktop\index12.url
    [2010/05/14 00:50:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2010/05/14 00:46:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
    [2010/05/14 00:46:05 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
    [2010/05/14 00:46:05 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
    [2010/05/14 00:46:04 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
    [2010/05/14 00:46:04 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
    [2010/05/14 00:46:04 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
    [2010/05/14 00:46:03 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
    [2010/05/14 00:46:03 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
    [2010/05/09 17:32:53 | 000,532,092 | ---- | C] () -- C:\Users\Andrew\Documents\youth ministries.pptx
    [2010/05/09 17:32:41 | 000,027,648 | ---- | C] () -- C:\Users\Andrew\Documents\my interview.doc
    [2010/04/08 02:10:53 | 000,033,792 | ---- | C] () -- C:\Users\Andrew\Documents\essay3.doc
    [2010/04/06 02:26:54 | 000,027,136 | ---- | C] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
    [2010/03/29 01:03:16 | 000,019,065 | ---- | C] () -- C:\Users\Andrew\Documents\midterm.docx
    [2009/08/07 02:40:39 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2009/08/04 15:03:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/29 02:13:28 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
    [2009/03/03 13:55:58 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
    [2009/02/14 08:05:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
    [2007/04/20 09:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2009/02/24 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Absolute
    [2009/02/18 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\acccore
    [2010/01/05 03:43:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ManyCam
    [2010/06/11 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
    [2009/10/09 01:43:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ooVoo Details
    [2009/03/20 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking
    [2009/05/20 01:21:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\RenPy
    [2009/08/07 02:58:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Samsung
    [2009/10/09 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\tmp
    [2010/06/26 13:12:59 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
    juturna,
    #59
  21. 2010/06/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'd assume, you don't have iexplore.exe running anymore?
     
    broni,
    #60
Page 3 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...