1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect / rootkit suspected

Discussion in 'Malware and Virus Removal Archive' started by MattC, 2011/01/05.

Page 1 of 2
  1. 2011/01/05
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    [Resolved] Google redirect / rootkit suspected

    Hi

    I have had this problem for the past few weeks and it seems very persistent.

    Basically it redirects my google search results to either advertising or infected pages (in both Mozilla and IE) and sometimes a Java applet runs and installs some kind of fake antivirus.

    I've tried using at least 6 different free anti-malware/virus applications to no avail, most find some infection and remove it but sooner or later the problem recurs.

    I tried running ComboFix and during the scan I get a BSOD usually with iastor.sys as the culprit. So possibly that's infected.

    I can't run GMER, I tried running it in safe mode once and a few minutes in the scan I got a BSOD with PFN_LIST_CORRUPT error.

    I also ran it outside safe mode and got an immediate BSOD.

    The results from my logs

    MBAM:
    MBRCHECK

    DDS

     
    MattC,
    #1
  2. 2011/01/05
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    I will try running GMER again after this (perhaps unchecking devices) and see if I can get any logs.

    I would greatly appreciate any advice on sorting this out as it's getting really annoying.
     
    MattC,
    #2


  3. to hide this advert.

  4. 2011/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Please, do NOT wrap logs in quotes.

    You're running two AV programs, Emsisoft Anti-Malware and Avast.
    One of them has to go. Your choice.

    Now....you're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #3
  5. 2011/01/05
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    Thanks for the advice - I will follow your instructions and post back.

    I also managed to run a GMER scan, here are the results:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-06 15:38:24
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.11.0
    Running: 6unltdsh.exe; Driver: C:\Users\Lyndon\AppData\Local\Temp\aglyapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x82BACF68]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x82BAD230]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x82BAC9D8]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x82BAD52C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 209 824B896C 3 Bytes [68, CF, BA]
    .text ntkrnlpa.exe!KeSetEvent + 20D 824B8970 3 Bytes [30, D2, BA]
    .text ntkrnlpa.exe!KeSetEvent + 621 824B8D84 3 Bytes [D8, C9, BA]
    .text ntkrnlpa.exe!KeSetEvent + 6E5 824B8E48 3 Bytes [2C, D5, BA]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtProtectVirtualMemory 77964D34 5 Bytes JMP 000F000A
    .text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 77965674 5 Bytes JMP 0014000A
    .text C:\Windows\system32\svchost.exe[852] ntdll.dll!KiUserExceptionDispatcher 77965DC8 5 Bytes JMP 000E000A
    .text C:\Windows\system32\svchost.exe[852] ole32.dll!CoCreateInstance 763D9EA6 5 Bytes JMP 0080000A
    .text C:\Windows\system32\svchost.exe[852] USER32.dll!GetCursorPos 76950B88 5 Bytes JMP 010E000A
    .text C:\Windows\explorer.exe[1564] ntdll.dll!NtProtectVirtualMemory 77964D34 5 Bytes JMP 0098000A
    .text C:\Windows\explorer.exe[1564] ntdll.dll!NtWriteVirtualMemory 77965674 5 Bytes JMP 0099000A
    .text C:\Windows\explorer.exe[1564] ntdll.dll!KiUserExceptionDispatcher 77965DC8 5 Bytes JMP 0097000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD3200BEVT-75ZCT1___________________11.01A11#4&37fe8b4c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e24b42
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e24b42@001ee16ab4ef 0x88 0xB6 0xC7 0xCC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e24b42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e24b42@001ee16ab4ef 0x88 0xB6 0xC7 0xCC ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
    MattC,
    #4
  6. 2011/01/05
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    Ok, here are my TDM KIller results:

    2011/01/06 15:59:59.0839 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/06 15:59:59.0839 ================================================================================
    2011/01/06 15:59:59.0839 SystemInfo:
    2011/01/06 15:59:59.0839
    2011/01/06 15:59:59.0839 OS Version: 6.0.6002 ServicePack: 2.0
    2011/01/06 15:59:59.0839 Product type: Workstation
    2011/01/06 15:59:59.0839 ComputerName: DELL_XPS_M1530
    2011/01/06 15:59:59.0839 UserName: Lyndon
    2011/01/06 15:59:59.0839 Windows directory: C:\Windows
    2011/01/06 15:59:59.0839 System windows directory: C:\Windows
    2011/01/06 15:59:59.0839 Processor architecture: Intel x86
    2011/01/06 15:59:59.0839 Number of processors: 2
    2011/01/06 15:59:59.0839 Page size: 0x1000
    2011/01/06 15:59:59.0839 Boot type: Normal boot
    2011/01/06 15:59:59.0839 ================================================================================
    2011/01/06 16:00:00.0338 Initialize success
    2011/01/06 16:00:03.0255 ================================================================================
    2011/01/06 16:00:03.0255 Scan started
    2011/01/06 16:00:03.0255 Mode: Manual;
    2011/01/06 16:00:03.0255 ================================================================================
    2011/01/06 16:00:04.0535 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/01/06 16:00:04.0644 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/01/06 16:00:04.0925 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/01/06 16:00:05.0018 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/01/06 16:00:05.0595 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/01/06 16:00:05.0829 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/01/06 16:00:05.0970 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/01/06 16:00:06.0095 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/01/06 16:00:06.0204 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/01/06 16:00:06.0344 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/01/06 16:00:06.0563 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/01/06 16:00:06.0641 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/01/06 16:00:06.0797 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/01/06 16:00:06.0921 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
    2011/01/06 16:00:07.0124 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/01/06 16:00:07.0233 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/01/06 16:00:07.0592 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/01/06 16:00:07.0795 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/01/06 16:00:08.0778 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2011/01/06 16:00:08.0871 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2011/01/06 16:00:09.0386 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2011/01/06 16:00:09.0527 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/06 16:00:09.0667 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/01/06 16:00:10.0073 AVerBDA6x (174a1ea55d292ca2593c9d09d11cf0a5) C:\Windows\system32\DRIVERS\AVerBDA716x.sys
    2011/01/06 16:00:11.0461 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\Windows\system32\drivers\bdfm.sys
    2011/01/06 16:00:11.0664 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\Windows\system32\DRIVERS\bdfsfltr.sys
    2011/01/06 16:00:11.0835 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
    2011/01/06 16:00:12.0631 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/01/06 16:00:12.0803 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/01/06 16:00:12.0974 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/06 16:00:13.0161 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/01/06 16:00:13.0364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/01/06 16:00:14.0051 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/01/06 16:00:14.0690 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/01/06 16:00:14.0971 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/01/06 16:00:15.0642 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/01/06 16:00:15.0860 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/01/06 16:00:16.0547 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/06 16:00:16.0781 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/01/06 16:00:17.0124 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/01/06 16:00:17.0342 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/01/06 16:00:17.0561 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
    2011/01/06 16:00:17.0935 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
    2011/01/06 16:00:18.0122 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/01/06 16:00:18.0372 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
    2011/01/06 16:00:19.0043 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/06 16:00:19.0292 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/06 16:00:19.0511 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/01/06 16:00:19.0698 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/01/06 16:00:20.0025 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/06 16:00:20.0306 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/01/06 16:00:20.0509 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/06 16:00:20.0727 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/01/06 16:00:20.0837 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/01/06 16:00:21.0071 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/06 16:00:21.0398 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/01/06 16:00:21.0695 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/06 16:00:21.0960 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/06 16:00:22.0319 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    2011/01/06 16:00:22.0459 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/01/06 16:00:22.0865 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/01/06 16:00:23.0021 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/01/06 16:00:23.0192 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/01/06 16:00:23.0442 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/01/06 16:00:23.0613 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/01/06 16:00:24.0206 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/06 16:00:25.0813 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/06 16:00:28.0371 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/01/06 16:00:28.0793 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/06 16:00:29.0526 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/06 16:00:29.0651 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/06 16:00:29.0729 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/01/06 16:00:29.0822 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/06 16:00:30.0836 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/06 16:00:31.0585 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/01/06 16:00:31.0663 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/01/06 16:00:31.0772 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/06 16:00:32.0568 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/01/06 16:00:32.0661 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\Windows\system32\DRIVERS\HssDrv.sys
    2011/01/06 16:00:32.0786 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/01/06 16:00:32.0864 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/01/06 16:00:33.0519 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/06 16:00:33.0644 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
    2011/01/06 16:00:33.0738 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
    2011/01/06 16:00:33.0816 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/01/06 16:00:34.0487 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/01/06 16:00:35.0204 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/06 16:00:35.0750 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/06 16:00:35.0875 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/06 16:00:36.0405 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/01/06 16:00:37.0825 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/01/06 16:00:38.0106 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
    2011/01/06 16:00:38.0184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/01/06 16:00:38.0418 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/01/06 16:00:39.0245 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/06 16:00:40.0290 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/01/06 16:00:40.0368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/01/06 16:00:40.0461 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/06 16:00:40.0649 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/06 16:00:40.0883 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/06 16:00:41.0148 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/01/06 16:00:41.0288 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
    2011/01/06 16:00:41.0444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/06 16:00:42.0037 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/01/06 16:00:42.0240 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/01/06 16:00:43.0535 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/01/06 16:00:44.0268 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/01/06 16:00:44.0377 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/01/06 16:00:44.0533 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/01/06 16:00:44.0627 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/01/06 16:00:44.0892 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
    2011/01/06 16:00:44.0985 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
    2011/01/06 16:00:45.0750 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
    2011/01/06 16:00:46.0140 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
    2011/01/06 16:00:46.0218 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
    2011/01/06 16:00:46.0343 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/01/06 16:00:46.0421 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/06 16:00:47.0060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/06 16:00:47.0232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/06 16:00:47.0653 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/06 16:00:47.0731 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
    2011/01/06 16:00:47.0856 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/01/06 16:00:48.0215 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/06 16:00:48.0339 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/01/06 16:00:48.0511 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/06 16:00:48.0605 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/06 16:00:49.0182 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/06 16:00:50.0305 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/06 16:00:50.0835 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/01/06 16:00:53.0285 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/01/06 16:00:53.0441 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/01/06 16:00:53.0799 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/01/06 16:00:54.0377 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/06 16:00:54.0642 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/06 16:00:54.0985 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/06 16:00:55.0188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/06 16:00:55.0344 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/06 16:00:55.0531 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/06 16:00:55.0625 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/01/06 16:00:55.0781 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/06 16:00:56.0139 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/01/06 16:00:57.0559 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/06 16:00:57.0824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/06 16:00:59.0025 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/06 16:00:59.0135 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/06 16:01:00.0617 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/06 16:01:00.0695 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/06 16:01:02.0255 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    2011/01/06 16:01:03.0939 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/01/06 16:01:04.0158 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/01/06 16:01:06.0014 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/06 16:01:06.0981 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/06 16:01:07.0574 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/01/06 16:01:08.0463 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/01/06 16:01:09.0353 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/06 16:01:11.0225 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/01/06 16:01:12.0941 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/01/06 16:01:14.0360 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/01/06 16:01:17.0886 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    2011/01/06 16:01:18.0900 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    2011/01/06 16:01:19.0274 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/06 16:01:20.0039 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/01/06 16:01:20.0288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/01/06 16:01:20.0413 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/01/06 16:01:20.0928 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/01/06 16:01:21.0209 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    2011/01/06 16:01:21.0474 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/01/06 16:01:21.0911 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2011/01/06 16:01:22.0129 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
    2011/01/06 16:01:22.0472 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
    2011/01/06 16:01:22.0909 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
    2011/01/06 16:01:23.0049 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/01/06 16:01:23.0283 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/06 16:01:23.0393 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/01/06 16:01:23.0517 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
    2011/01/06 16:01:23.0658 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/06 16:01:23.0767 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys
    2011/01/06 16:01:23.0892 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/01/06 16:01:24.0063 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/01/06 16:01:24.0329 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/01/06 16:01:24.0438 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/06 16:01:24.0641 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/06 16:01:25.0670 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/06 16:01:25.0779 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/06 16:01:26.0076 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/06 16:01:26.0169 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/06 16:01:26.0419 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/06 16:01:26.0559 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/06 16:01:26.0684 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/06 16:01:26.0747 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/06 16:01:27.0761 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/06 16:01:27.0948 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
    2011/01/06 16:01:28.0073 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/01/06 16:01:28.0213 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/01/06 16:01:28.0307 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/01/06 16:01:28.0400 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/01/06 16:01:28.0525 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/06 16:01:28.0681 RTL8187 (a12a7665323c99958a208b6b31cfc624) C:\Windows\system32\DRIVERS\wg111v2.sys
    2011/01/06 16:01:28.0806 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/01/06 16:01:29.0726 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/01/06 16:01:29.0804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/01/06 16:01:30.0101 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/01/06 16:01:30.0210 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/06 16:01:30.0834 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/01/06 16:01:31.0614 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/01/06 16:01:31.0863 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/01/06 16:01:31.0957 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/06 16:01:32.0784 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/01/06 16:01:33.0798 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/06 16:01:35.0311 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/01/06 16:01:35.0405 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/01/06 16:01:35.0514 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/01/06 16:01:35.0623 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/01/06 16:01:35.0841 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/06 16:01:35.0951 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/01/06 16:01:36.0231 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/01/06 16:01:36.0855 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/06 16:01:37.0479 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/06 16:01:37.0604 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/06 16:01:37.0760 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
    2011/01/06 16:01:37.0916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/06 16:01:38.0072 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/01/06 16:01:38.0259 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/01/06 16:01:38.0556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/01/06 16:01:38.0681 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    2011/01/06 16:01:38.0899 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/01/06 16:01:39.0492 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/06 16:01:39.0913 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/06 16:01:40.0599 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\Windows\system32\Drivers\tcusb.sys
    2011/01/06 16:01:40.0724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/06 16:01:40.0818 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/06 16:01:41.0161 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/06 16:01:41.0333 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/06 16:01:41.0520 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/06 16:01:41.0629 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/01/06 16:01:41.0879 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/06 16:01:42.0113 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/01/06 16:01:43.0251 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/06 16:01:43.0517 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/01/06 16:01:44.0078 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/01/06 16:01:44.0967 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/01/06 16:01:45.0045 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/01/06 16:01:45.0373 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/06 16:01:45.0482 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/01/06 16:01:45.0591 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/06 16:01:46.0137 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/01/06 16:01:46.0262 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/06 16:01:46.0403 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/06 16:01:47.0120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/01/06 16:01:47.0292 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/01/06 16:01:47.0401 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/06 16:01:48.0150 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/06 16:01:48.0290 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2011/01/06 16:01:48.0462 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/06 16:01:48.0602 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/01/06 16:01:48.0961 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/01/06 16:01:49.0055 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/01/06 16:01:49.0211 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/01/06 16:01:50.0037 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/01/06 16:01:50.0693 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/06 16:01:51.0067 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/01/06 16:01:51.0395 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/01/06 16:01:52.0050 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/01/06 16:01:52.0752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/06 16:01:52.0767 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/06 16:01:53.0033 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/01/06 16:01:54.0140 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/06 16:01:54.0343 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/06 16:01:55.0170 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/01/06 16:01:56.0075 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/06 16:01:56.0215 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/06 16:01:56.0324 X4HSX32 (72e8f37e00dcbd7432c7824570a3a7aa) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
    2011/01/06 16:01:56.0699 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
    2011/01/06 16:01:56.0761 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/06 16:01:56.0777 ================================================================================
    2011/01/06 16:01:56.0777 Scan finished
    2011/01/06 16:01:56.0777 ================================================================================
    2011/01/06 16:01:56.0792 Detected object count: 1
    2011/01/06 16:02:06.0183 \HardDisk0 - will be cured after reboot
    2011/01/06 16:02:06.0183 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/06 16:02:08.0445 Deinitialize success
     
    MattC,
    #5
  7. 2011/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
    We just killed a rootkit!

    How is redirection?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2011/01/07
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    Ok, unfortunately I shut my PC down before running ComboFix and it installed 15 updates.

    Then I ran ComboFix and this is the log:

    ComboFix 11-01-06.05 - Lyndon 07/01/2011 23:22:44.2.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1719 [GMT 11:00]
    Running from: c:\users\Lyndon\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Lyndon\.COMMgr
    c:\users\Lyndon\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
    .

    2011-01-07 12:33 . 2011-01-07 12:36 -------- d-----w- c:\users\Lyndon\AppData\Local\temp
    2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-07 12:33 . 2011-01-07 12:33 -------- d-----w- c:\users\freenet\AppData\Local\temp
    2011-01-06 23:37 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-01-06 23:37 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
    2011-01-06 23:37 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-01-06 23:36 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-01-06 23:36 . 2010-11-16 01:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{511B1DEB-66FA-4B7F-9A4F-C61508721A35}\mpengine.dll
    2011-01-06 23:35 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-01-06 05:13 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2011-01-06 05:13 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-01-06 05:12 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-01-06 05:12 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-01-06 05:12 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-01-06 05:12 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-01-06 05:12 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-01-06 05:10 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2011-01-06 05:10 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2011-01-06 05:10 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-01-06 05:10 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-01-06 05:09 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2011-01-06 05:08 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-01-06 05:08 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-01-06 05:08 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-01-06 05:08 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-01-06 05:08 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2011-01-06 05:08 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2011-01-06 05:08 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-01-03 06:15 . 2011-01-03 06:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-12-31 11:22 . 2011-01-07 12:01 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-12-31 08:01 . 2010-12-31 08:01 -------- d-----w- c:\users\Lyndon\AppData\Roaming\BitDefender
    2010-12-31 08:00 . 2011-01-01 10:53 -------- d-----w- c:\programdata\BitDefender
    2010-12-31 08:00 . 2010-12-31 08:00 -------- d-----w- c:\program files\BitDefender
    2010-12-31 07:58 . 2011-01-07 12:03 -------- d-----w- c:\program files\Common Files\BitDefender
    2010-12-22 06:21 . 2011-01-05 07:16 -------- d-----w- C:\Bioshock.PC-Rip.Full.Game.English
    2010-12-21 02:45 . 2011-01-06 04:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-12-20 08:28 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-20 08:28 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-20 08:28 . 2009-07-03 14:13 121344 ----a-w- c:\windows\system32\lagarith.dll
    2010-12-20 08:28 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-20 08:28 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-20 08:28 . 2010-12-11 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-20 08:28 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-20 08:28 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-18 12:54 . 2010-12-18 12:54 1291264 ----a-w- c:\windows\is-46SKH.exe
    2010-12-18 11:06 . 2010-12-18 11:06 -------- d-----w- c:\users\Lyndon\AppData\Roaming\LEAPS
    2010-12-18 11:04 . 2010-12-18 11:04 -------- d-----w- c:\program files\Pegasys Inc
    2010-12-18 10:41 . 2010-12-18 10:41 -------- d-----w- c:\users\Lyndon\AppData\Roaming\Pegasys Inc
    2010-12-18 07:24 . 2010-12-03 19:43 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2010-12-18 07:24 . 2010-12-03 19:43 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2010-12-12 11:29 . 2010-09-07 13:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-12 11:29 . 2010-09-07 13:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-12 11:29 . 2010-09-07 13:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-12 11:29 . 2010-09-07 13:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-12 11:29 . 2010-09-07 13:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-12 11:28 . 2010-09-07 14:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-12 11:28 . 2010-09-07 14:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-12 11:28 . 2010-12-12 11:28 -------- d-----w- c:\programdata\Alwil Software
    2010-12-12 11:28 . 2010-12-12 11:28 -------- d-----w- c:\program files\Alwil Software
    2010-12-12 11:06 . 2010-12-26 10:04 -------- d-----w- c:\programdata\MFAData
    2010-12-12 07:31 . 2010-07-16 03:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2010-12-12 07:31 . 2010-07-16 03:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2010-12-12 07:31 . 2010-11-16 23:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-12-12 07:31 . 2010-11-16 23:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-12-12 07:31 . 2010-11-24 23:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-12-12 07:31 . 2010-11-24 23:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-12-12 07:30 . 2010-11-24 23:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-12-12 07:30 . 2010-12-26 09:54 -------- d-----w- c:\program files\PC Tools Security
    2010-12-12 07:30 . 2010-12-12 07:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-12-12 07:30 . 2010-12-12 07:30 -------- d-----w- c:\users\Lyndon\AppData\Roaming\PC Tools
    2010-12-12 07:13 . 2010-12-12 07:30 -------- d-----w- c:\programdata\PC Tools

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 07:09 . 2010-07-11 11:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-07-11 11:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-10 23:50 . 2010-11-28 06:07 0 ----a-w- c:\users\Lyndon\AppData\Local\Vnani.bin
    2010-10-18 23:41 . 2009-10-03 05:28 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-13 14:36 . 2010-10-13 14:36 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-13 14:36 . 2010-10-13 14:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2008-08-16 07:42 . 2008-08-16 07:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 07:42 . 2008-08-16 07:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 07:42 . 2008-08-16 07:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 07:42 . 2008-08-16 07:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 07:43 . 2008-08-16 07:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 07:42 . 2008-08-16 07:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 07:42 . 2008-08-16 07:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-20 22:41 . 2008-05-20 22:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-20 22:41 . 2008-05-20 22:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-20 22:41 . 2008-05-20 22:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 03:58 . 2008-06-05 03:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 07:42 . 2008-08-16 07:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-11-20 09:17 . 2009-11-20 09:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @= "{F2F31467-B1AC-4df0-AE79-FD5FA085E22B} "
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @= "{A3E208F7-0E3A-4182-A7A6-B169D5D691AA} "
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Google Update "= "c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
    "OEM02Mon.exe "= "c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "PSQLLauncher "= "c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
    "DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "dldnmon.exe "= "c:\program files\Dell V105\dldnmon.exe" [2008-03-17 668912]
    "dldnamon "= "c:\program files\Dell V105\dldnamon.exe" [2008-03-17 16624]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-20 30192]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-28 76304]
    "AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
    "Acrobat Assistant 7.0 "= "c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
    "SolidWorks_CheckForUpdates "= "c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    Citrix XenApp.lnk - c:\windows\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2009-5-9 73728]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-29 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    "DisableCAD "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-07-23 00:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-16 15:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-01-30 83240]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
    R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2008-12-24 36928]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-19 206336]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-10 691696]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-24 239168]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S1 aswSP;aswSP; [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe [2008-03-04 595184]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
    S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-01-31 1290240]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:25]

    2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:25]

    2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000Core.job
    - c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 08:00]

    2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000UA.job
    - c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 08:00]

    2010-12-14 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-23 05:32]

    2011-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-23 05:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080723
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8074
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: cyber-deployment.com
    FF - ProfilePath - c:\users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - prefs.js: keyword.URL -
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-07 23:36
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3902896408-854116899-3687545058-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "?? "=hex:aa,5a,63,c8,15,d1,5b,5b,4b,f6,ab,20,02,99,7f,ad,bd,0f,96,37,18,2b,e6,
    a2,91,13,a9,b3,ee,03,f5,72,e6,8b,e5,66,ee,2b,a9,72,91,d0,4a,bd,9c,30,28,fc,\
    "?? "=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(560)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\McAfee\MSK\MskSrver.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\windows\ehome\ehsched.exe
    c:\windows\ehome\ehRecvr.exe
    c:\progra~1\mcafee\msc\mcuimgr.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-07 23:47:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-07 12:46
    ComboFix2.txt 2010-07-11 13:36

    Pre-Run: 49,749,274,624 bytes free
    Post-Run: 49,328,697,344 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - D7C72F5D7D7AC296A041CC08B3555709
     
    MattC,
    #7
  9. 2011/01/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #8
  10. 2011/01/11
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    Okay I ran ComboFix with the CFSCript, below are the results.

    Everything seems fine now - haven't had any redirection problems as yet:

    ComboFix 11-01-09.02 - Lyndon 10/01/2011 22:44:43.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3069.1684 [GMT 11:00]
    Running from: c:\users\Lyndon\Desktop\ComboFix.exe
    Command switches used :: c:\users\Lyndon\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Lyndon\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp
    c:\users\Lyndon\AppData\Local\temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
    c:\users\Lyndon\AppData\Local\temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp

    Infected copy of c:\windows\system32\imm32.dll was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\imm32.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
    .

    2011-01-10 11:54 . 2011-01-10 11:54 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-01-10 11:54 . 2011-01-10 11:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-10 11:54 . 2011-01-10 11:54 -------- d-----w- c:\users\freenet\AppData\Local\temp
    2011-01-10 11:54 . 2011-01-10 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-08 11:29 . 2010-11-16 01:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48180468-E077-44E9-A577-AD236EED231E}\mpengine.dll
    2011-01-07 12:33 . 2011-01-10 12:29 -------- d-----w- c:\users\Lyndon\AppData\Local\temp
    2011-01-06 23:37 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
    2011-01-06 23:37 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
    2011-01-06 23:37 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-01-06 23:36 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-01-06 23:35 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-01-06 05:13 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2011-01-06 05:13 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-01-06 05:12 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-01-06 05:12 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-01-06 05:12 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-01-06 05:12 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-01-06 05:12 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-01-06 05:10 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2011-01-06 05:10 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2011-01-06 05:10 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-01-06 05:10 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-01-06 05:09 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2011-01-06 05:08 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-01-06 05:08 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-01-06 05:08 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-01-06 05:08 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-01-06 05:08 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2011-01-06 05:08 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2011-01-06 05:08 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-01-03 06:15 . 2011-01-03 06:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-12-31 11:22 . 2011-01-07 12:01 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-12-31 08:01 . 2010-12-31 08:01 -------- d-----w- c:\users\Lyndon\AppData\Roaming\BitDefender
    2010-12-31 08:00 . 2011-01-01 10:53 -------- d-----w- c:\programdata\BitDefender
    2010-12-31 08:00 . 2010-12-31 08:00 -------- d-----w- c:\program files\BitDefender
    2010-12-31 07:58 . 2011-01-07 12:03 -------- d-----w- c:\program files\Common Files\BitDefender
    2010-12-22 06:21 . 2011-01-05 07:16 -------- d-----w- C:\Bioshock.PC-Rip.Full.Game.English
    2010-12-21 02:45 . 2011-01-06 04:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-12-20 08:28 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-20 08:28 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-20 08:28 . 2009-07-03 14:13 121344 ----a-w- c:\windows\system32\lagarith.dll
    2010-12-20 08:28 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-20 08:28 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-12-20 08:28 . 2010-12-11 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-20 08:28 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-20 08:28 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-18 12:54 . 2010-12-18 12:54 1291264 ----a-w- c:\windows\is-46SKH.exe
    2010-12-18 11:06 . 2010-12-18 11:06 -------- d-----w- c:\users\Lyndon\AppData\Roaming\LEAPS
    2010-12-18 11:04 . 2010-12-18 11:04 -------- d-----w- c:\program files\Pegasys Inc
    2010-12-18 10:41 . 2010-12-18 10:41 -------- d-----w- c:\users\Lyndon\AppData\Roaming\Pegasys Inc
    2010-12-18 07:24 . 2010-12-03 19:43 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2010-12-18 07:24 . 2010-12-03 19:43 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2010-12-12 11:29 . 2010-09-07 13:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-12 11:29 . 2010-09-07 13:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-12 11:29 . 2010-09-07 13:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-12 11:29 . 2010-09-07 13:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-12 11:29 . 2010-09-07 13:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-12 11:28 . 2010-09-07 14:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-12 11:28 . 2010-09-07 14:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-12 11:28 . 2010-12-12 11:28 -------- d-----w- c:\programdata\Alwil Software
    2010-12-12 11:28 . 2010-12-12 11:28 -------- d-----w- c:\program files\Alwil Software
    2010-12-12 11:06 . 2010-12-26 10:04 -------- d-----w- c:\programdata\MFAData
    2010-12-12 07:31 . 2010-07-16 03:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2010-12-12 07:31 . 2010-07-16 03:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2010-12-12 07:31 . 2010-11-16 23:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-12-12 07:31 . 2010-11-16 23:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-12-12 07:31 . 2010-11-24 23:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-12-12 07:31 . 2010-11-24 23:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-12-12 07:30 . 2010-11-24 23:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-12-12 07:30 . 2010-12-26 09:54 -------- d-----w- c:\program files\PC Tools Security
    2010-12-12 07:30 . 2010-12-12 07:47 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-12-12 07:30 . 2010-12-12 07:30 -------- d-----w- c:\users\Lyndon\AppData\Roaming\PC Tools
    2010-12-12 07:13 . 2010-12-12 07:30 -------- d-----w- c:\programdata\PC Tools

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 07:09 . 2010-07-11 11:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 07:08 . 2010-07-11 11:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-10 23:50 . 2010-11-28 06:07 0 ----a-w- c:\users\Lyndon\AppData\Local\Vnani.bin
    2010-10-18 23:41 . 2009-10-03 05:28 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-13 14:36 . 2010-10-13 14:36 15451288 ----a-w- c:\windows\system32\xlive.dll
    2010-10-13 14:36 . 2010-10-13 14:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2008-08-16 07:42 . 2008-08-16 07:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 07:42 . 2008-08-16 07:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 07:42 . 2008-08-16 07:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 07:42 . 2008-08-16 07:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 07:43 . 2008-08-16 07:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 07:42 . 2008-08-16 07:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 07:42 . 2008-08-16 07:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-20 22:41 . 2008-05-20 22:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-20 22:41 . 2008-05-20 22:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-20 22:41 . 2008-05-20 22:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 03:58 . 2008-06-05 03:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 07:42 . 2008-08-16 07:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-11-20 09:17 . 2009-11-20 09:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @= "{F2F31467-B1AC-4df0-AE79-FD5FA085E22B} "
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @= "{A3E208F7-0E3A-4182-A7A6-B169D5D691AA} "
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-16 15:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Google Update "= "c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
    "OEM02Mon.exe "= "c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "PSQLLauncher "= "c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
    "DELL Webcam Manager "= "c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "dldnmon.exe "= "c:\program files\Dell V105\dldnmon.exe" [2008-03-17 668912]
    "dldnamon "= "c:\program files\Dell V105\dldnamon.exe" [2008-03-17 16624]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-20 30192]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-28 76304]
    "AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
    "Acrobat Assistant 7.0 "= "c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
    "SolidWorks_CheckForUpdates "= "c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-01-31 7300392]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2010-07-09 261736]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    Citrix XenApp.lnk - c:\windows\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2009-5-9 73728]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-29 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    "DisableCAD "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-07-23 00:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-16 15:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-01-30 83240]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-20 30192]
    R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2008-12-24 36928]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-19 206336]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-10 691696]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-24 239168]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S1 aswSP;aswSP; [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe [2008-03-04 595184]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
    S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-01-31 1290240]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:25]

    2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:25]

    2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000Core.job
    - c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 08:00]

    2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000UA.job
    - c:\users\Lyndon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 08:00]

    2010-12-14 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-23 05:32]

    2011-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-23 05:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080723
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: cyber-deployment.com
    FF - ProfilePath - c:\users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - prefs.js: keyword.URL -
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-10 23:29
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3902896408-854116899-3687545058-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "?? "=hex:aa,5a,63,c8,15,d1,5b,5b,4b,f6,ab,20,02,99,7f,ad,bd,0f,96,37,18,2b,e6,
    a2,91,13,a9,b3,ee,03,f5,72,e6,8b,e5,66,ee,2b,a9,72,91,d0,4a,bd,9c,30,28,fc,\
    "?? "=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(860)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\McAfee\MSK\MskSrver.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\ehome\ehsched.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\windows\ehome\ehRecvr.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\progra~1\mcafee\msc\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-10 23:32:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-10 12:32
    ComboFix2.txt 2011-01-07 12:47
    ComboFix3.txt 2010-07-11 13:36

    Pre-Run: 44,317,245,440 bytes free
    Post-Run: 44,013,420,544 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - 7052B7EB52E28053F7B41DD998EF21A6
     
    MattC,
    #9
  11. 2011/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2011/01/12
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    OTL logfile created on: 12/01/2011 11:02:48 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Lyndon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.50 Gb Total Space | 36.19 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.39% Space Free | Partition Type: NTFS

    Computer Name: DELL_XPS_M1530 | User Name: Lyndon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/12 23:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\OTL.exe
    PRC - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/07/27 11:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010/06/23 13:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2010/06/23 13:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/04/11 17:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/03/04 20:42:40 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldncoms.exe
    PRC - [2008/01/25 04:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2008/01/09 19:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2007/12/11 15:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2007/12/03 15:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/12/03 15:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/11/26 13:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
    PRC - [2007/11/15 23:15:16 | 000,251,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcsvrcnt.exe
    PRC - [2007/11/13 16:16:26 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdui.exe
    PRC - [2007/11/01 22:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2007/11/01 22:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
    PRC - [2007/07/25 19:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/07/25 19:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/07/24 15:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2007/07/18 18:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2007/04/17 02:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    PRC - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/12 23:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\OTL.exe
    MOD - [2010/09/01 02:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/09/19 19:32:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/08 01:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/07/27 11:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010/07/27 09:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010/06/23 13:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010/06/23 13:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2010/03/17 18:59:28 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009/11/20 20:17:05 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2009/09/25 12:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/01/31 06:01:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/03 21:34:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/07/23 11:21:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/03/04 20:42:40 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldncoms.exe -- (dldn_device)
    SRV - [2008/01/25 04:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2008/01/21 13:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/09 19:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2007/12/11 15:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2007/12/05 13:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2007/12/03 15:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/12/03 15:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/11/26 13:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
    SRV - [2007/11/07 12:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2007/07/25 19:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/07/25 19:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2007/07/24 15:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2007/07/18 18:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/09/08 00:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/08 00:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/08 00:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/08 00:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/08 00:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2010/07/10 09:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/06/23 13:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
    DRV - [2010/06/23 13:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2010/06/10 21:11:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2010/03/10 15:00:06 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/08/10 08:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2008/12/24 15:31:27 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41)
    DRV - [2008/12/09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2008/12/05 08:32:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/10/03 05:31:54 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
    DRV - [2008/03/04 16:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2008/03/04 16:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/01/31 16:32:16 | 001,290,240 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
    DRV - [2008/01/25 16:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/01/21 13:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 13:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 13:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 13:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 13:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 13:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 13:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 13:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/21 13:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 13:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 13:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 13:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 13:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 13:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 13:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 13:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 13:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 13:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 13:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 13:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 13:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 13:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 13:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 13:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 13:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/20 01:43:48 | 000,206,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
    DRV - [2007/12/03 15:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/12/02 15:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2007/11/22 09:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2007/11/22 09:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2007/11/22 09:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2007/11/22 09:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2007/09/28 17:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2007/09/07 20:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
    DRV - [2007/09/07 20:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
    DRV - [2007/09/07 17:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/07 17:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/07 17:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/08/13 20:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2006/11/07 12:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2006/11/07 10:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2006/11/07 10:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2006/11/02 20:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 20:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 20:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 20:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 20:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 20:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 20:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 20:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 20:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 20:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 20:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 19:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 19:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 19:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 19:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 19:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 19:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 18:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 18:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080723
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Ask.com "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial "
    FF - prefs.js..keyword.URL: " "
    FF - prefs.js..network.proxy.http: "127.0.0.1 "
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 18:24:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 18:24:39 | 000,000,000 | ---D | M]

    [2008/08/02 14:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyndon\AppData\Roaming\Mozilla\Extensions
    [2011/01/11 21:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\extensions
    [2009/09/03 21:44:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/12/05 15:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
    [2009/06/18 18:08:35 | 000,000,000 | ---D | M] (Facebook Photo Stalker) -- C:\Users\Lyndon\AppData\Roaming\Mozilla\Firefox\Profiles\1hia623c.default\extensions\joshua.carcione@gmail.com
    [2010/12/18 18:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
    [2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
    [2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
    [2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
    [2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
    [2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
    [2008/12/16 00:53:30 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
    [2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
    [2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
    [2010/12/04 04:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/12/04 04:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/12/04 04:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/12/04 04:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/01/10 23:29:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [dldnamon] C:\Program Files\Dell V105\dldnamon.exe ()
    O4 - HKLM..\Run: [dldnmon.exe] C:\Program Files\Dell V105\dldnmon.exe ()
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKCU\..Trusted Domains: cyber-deployment.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    MattC,
    #11
  13. 2011/01/12
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
    Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/12 23:00:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\OTL.exe
    [2011/01/11 22:09:07 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
    [2011/01/11 22:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
    [2011/01/10 23:30:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/10 22:35:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/07 23:33:47 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Local\temp
    [2011/01/07 23:18:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/07 23:18:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/07 23:18:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/07 23:01:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/06 15:59:42 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\Desktop\tdsskiller
    [2011/01/05 18:49:22 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\TFC.exe
    [2011/01/03 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/01/02 10:08:36 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Lyndon\Desktop\SUPERAntiSpyware.exe
    [2011/01/01 21:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2010/12/31 19:01:36 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Roaming\BitDefender
    [2010/12/31 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
    [2010/12/31 19:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
    [2010/12/31 18:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
    [2010/12/26 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\Desktop\SC2-WingsOfLiberty-enUS-Demo-Installer
    [2010/12/22 17:21:03 | 000,000,000 | ---D | C] -- C:\Bioshock.PC-Rip.Full.Game.English
    [2010/12/21 21:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2010/12/21 13:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
    [2010/12/21 13:45:58 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\Documents\Anti-Malware
    [2010/12/20 19:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    [2010/12/20 19:28:38 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
    [2010/12/20 19:28:38 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
    [2010/12/20 19:28:38 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2010/12/20 19:28:38 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
    [2010/12/20 19:28:38 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
    [2010/12/19 12:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMPGEnc
    [2010/12/18 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2010/12/18 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Roaming\LEAPS
    [2010/12/18 22:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
    [2010/12/18 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\Documents\TMPGEnc
    [2010/12/18 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Lyndon\AppData\Roaming\Pegasys Inc
    [2010/08/03 11:23:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Lyndon\AppData\Roaming\pcouffin.sys
    [2008/01/23 18:49:00 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldnpmui.dll
    [2008/01/23 18:45:58 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldnserv.dll
    [2008/01/23 18:42:42 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldnlmpm.dll
    [2008/01/23 18:42:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldniesc.dll
    [2008/01/23 18:42:28 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldncomm.dll
    [2008/01/23 18:41:26 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldnhbn3.dll
    [2008/01/23 18:41:00 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldnusb1.dll
    [2008/01/23 18:40:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldncomc.dll
    [2008/01/23 18:39:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldnprox.dll
    [2008/01/23 18:37:46 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldnhcp.dll
    [2008/01/23 18:37:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldninpa.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/12 23:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/12 23:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\OTL.exe
    [2011/01/12 22:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000UA.job
    [2011/01/12 21:48:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/12 21:48:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/12 20:03:49 | 002,188,076 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/01/12 20:03:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/12 19:55:58 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3902896408-854116899-3687545058-1000Core.job
    [2011/01/12 19:49:51 | 000,056,069 | ---- | M] () -- C:\Windows\System32\Config.MPF
    [2011/01/12 19:49:03 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/01/12 19:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/11 22:49:53 | 000,130,560 | ---- | M] () -- C:\Users\Lyndon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/11 22:09:07 | 000,000,794 | ---- | M] () -- C:\Users\Lyndon\Desktop\KMPlayer.lnk
    [2011/01/10 23:29:20 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/01/10 23:29:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/10 22:56:16 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2011/01/10 22:55:50 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/10 22:54:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/01/10 22:35:47 | 004,151,645 | R--- | M] () -- C:\Users\Lyndon\Desktop\ComboFix.exe
    [2011/01/08 00:23:41 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\vReveal.lnk
    [2011/01/07 23:01:52 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
    [2011/01/07 22:40:07 | 000,371,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/05 19:47:53 | 420,445,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/05 19:40:15 | 000,624,128 | ---- | M] () -- C:\Users\Lyndon\Desktop\dds.scr
    [2011/01/05 19:38:56 | 000,080,384 | ---- | M] () -- C:\Users\Lyndon\Desktop\MBRCheck.exe
    [2011/01/05 18:49:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\TFC.exe
    [2011/01/05 18:04:06 | 000,644,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/05 18:04:06 | 000,122,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/02 10:08:44 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Lyndon\Desktop\SUPERAntiSpyware.exe
    [2011/01/01 21:05:36 | 000,001,071 | ---- | M] () -- C:\Users\Lyndon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/01/01 21:05:36 | 000,001,047 | ---- | M] () -- C:\Users\Lyndon\Desktop\Spybot - Search & Destroy.lnk
    [2011/01/01 20:10:47 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
    [2010/12/31 22:52:49 | 000,000,363 | ---- | M] () -- C:\Windows\System32\BDUpdateV1.xml
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/19 12:24:19 | 000,048,288 | ---- | M] () -- C:\Users\Lyndon\Documents\WMCap[12].txp4
    [2010/12/19 12:08:28 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress.lnk
    [2010/12/19 10:36:46 | 000,000,036 | ---- | M] () -- C:\Users\Lyndon\AppData\Local\housecall.guid.cache
    [2010/12/18 23:54:11 | 001,291,264 | ---- | M] () -- C:\Windows\is-46SKH.exe
    [2010/12/18 23:54:11 | 000,001,162 | ---- | M] () -- C:\Windows\is-46SKH.lst
    [2010/12/18 23:49:21 | 000,001,019 | ---- | M] () -- C:\Users\Lyndon\Desktop\Revo Uninstaller.lnk
    [2010/12/18 18:24:42 | 000,001,710 | ---- | M] () -- C:\Users\Lyndon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/18 18:24:42 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/12/17 13:35:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
    [2010/12/15 01:47:06 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

    ========== Files Created - No Company Name ==========

    [2011/01/11 22:09:07 | 000,000,794 | ---- | C] () -- C:\Users\Lyndon\Desktop\KMPlayer.lnk
    [2011/01/08 00:23:41 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\vReveal.lnk
    [2011/01/07 23:18:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/07 23:18:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/07 23:18:17 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/07 23:18:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/07 23:18:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/07 23:14:09 | 004,151,645 | R--- | C] () -- C:\Users\Lyndon\Desktop\ComboFix.exe
    [2011/01/06 15:39:15 | 3219,193,856 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/05 19:40:05 | 000,624,128 | ---- | C] () -- C:\Users\Lyndon\Desktop\dds.scr
    [2011/01/05 19:38:53 | 000,080,384 | ---- | C] () -- C:\Users\Lyndon\Desktop\MBRCheck.exe
    [2011/01/01 21:02:56 | 000,001,071 | ---- | C] () -- C:\Users\Lyndon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/01/01 21:02:56 | 000,001,047 | ---- | C] () -- C:\Users\Lyndon\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/31 22:52:31 | 000,000,363 | ---- | C] () -- C:\Windows\System32\BDUpdateV1.xml
    [2010/12/31 22:22:17 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
    [2010/12/20 19:28:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/12/20 19:28:38 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
    [2010/12/20 19:28:37 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/12/20 19:28:37 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/12/20 19:28:37 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/12/19 12:24:19 | 000,048,288 | ---- | C] () -- C:\Users\Lyndon\Documents\WMCap[12].txp4
    [2010/12/19 12:08:28 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress.lnk
    [2010/12/19 10:36:46 | 000,000,036 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\housecall.guid.cache
    [2010/12/18 23:54:11 | 001,291,264 | ---- | C] () -- C:\Windows\is-46SKH.exe
    [2010/12/18 23:54:11 | 000,001,162 | ---- | C] () -- C:\Windows\is-46SKH.lst
    [2010/12/18 23:49:21 | 000,001,019 | ---- | C] () -- C:\Users\Lyndon\Desktop\Revo Uninstaller.lnk
    [2010/12/17 13:35:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2010/11/28 17:07:31 | 000,000,000 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\Vnani.bin
    [2010/11/28 17:07:30 | 000,000,120 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\Ttelewapanuvazi.dat
    [2010/10/22 19:02:11 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/08/03 11:23:33 | 000,000,033 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\pcouffin.log
    [2010/08/03 11:23:02 | 000,007,887 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\pcouffin.cat
    [2010/08/03 11:23:02 | 000,001,144 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\pcouffin.inf
    [2010/03/17 19:13:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2010/02/15 20:15:59 | 000,027,430 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\nvModes.001
    [2010/02/14 17:41:31 | 000,027,430 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\nvModes.dat
    [2010/02/13 22:16:00 | 000,000,760 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\setup_ldm.iss
    [2010/01/19 22:09:35 | 000,131,072 | ---- | C] () -- C:\Windows\System32\imgproc.dll
    [2009/10/18 15:43:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/09/21 23:13:22 | 000,000,600 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\winscp.rnd
    [2009/08/19 22:35:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/02/12 03:06:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2008/12/19 16:41:18 | 000,286,208 | ---- | C] () -- C:\Windows\System32\cncs232.dll
    [2008/08/31 18:15:49 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini
    [2008/08/14 23:23:13 | 000,001,356 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\d3d9caps.dat
    [2008/08/09 12:30:12 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
    [2008/07/29 23:08:32 | 000,130,560 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/29 20:58:18 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/07/29 20:58:17 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/07/29 20:54:20 | 000,007,768 | ---- | C] () -- C:\Users\Lyndon\AppData\Roaming\wklnhst.dat
    [2008/07/24 02:44:40 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
    [2008/07/24 02:44:39 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
    [2008/07/24 02:44:38 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/06/11 11:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/05/23 09:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/03/19 13:08:56 | 000,000,490 | ---- | C] () -- C:\Windows\System32\dldnplc.ini
    [2008/02/11 01:09:54 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldninsb.dll
    [2008/02/11 01:09:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldncub.dll
    [2008/02/11 01:07:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldncu.dll
    [2008/02/11 01:07:32 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldnins.dll
    [2008/02/11 01:05:20 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldnutil.dll
    [2008/01/29 11:29:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldnwupd.dll
    [2008/01/23 18:37:42 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldninst.dll
    [2008/01/22 00:05:56 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldncfg.dll
    [2007/07/25 19:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
    [2006/11/03 20:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 23:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 21:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 18:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
    [2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/12/21 21:01:41 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\8ADF6181999A14349779D6FB45388836
    [2010/12/21 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\avidemux
    [2009/09/06 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Bioshock
    [2010/12/31 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\BitDefender
    [2009/05/09 15:28:28 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Citrix
    [2010/06/10 21:10:02 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\DAEMON Tools Lite
    [2010/01/22 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\DataCast
    [2010/12/12 23:15:09 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\DiskSpaceFan
    [2009/07/23 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\DocumentsToGoDesktop
    [2009/11/17 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Forte
    [2008/09/12 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Foxy
    [2010/12/31 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Free Download Manager
    [2009/11/18 21:53:22 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\GrabIt
    [2008/10/06 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\GrabPro
    [2010/09/14 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\HandBrake
    [2009/05/09 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\ICAClient
    [2010/10/22 19:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\IM
    [2009/01/31 00:08:32 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Leadertech
    [2010/12/18 22:06:23 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\LEAPS
    [2010/07/06 18:19:12 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\MotionDSP
    [2011/01/07 23:16:28 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Orbit
    [2010/12/18 21:41:02 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Pegasys Inc
    [2010/05/24 23:00:42 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Similarity
    [2010/07/12 00:04:22 | 000,000,000 | RHSD | M] -- C:\Users\Lyndon\AppData\Roaming\syslog
    [2010/05/23 12:53:41 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\SystemRequirementsLab
    [2008/07/29 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Template
    [2010/04/24 15:42:00 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Thinstall
    [2010/12/20 19:16:11 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\uTorrent
    [2010/08/03 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\Vso
    [2008/09/12 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Lyndon\AppData\Roaming\XLink Kai
    [2010/12/15 01:47:06 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
    [2011/01/01 20:10:47 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
    [2011/01/10 22:54:59 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/19 08:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 17:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/01/10 23:32:20 | 000,024,598 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/19 08:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/07/24 02:44:49 | 000,005,124 | RH-- | M] () -- C:\dell.sdr
    [2011/01/10 22:55:50 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/15 19:09:55 | 000,000,991 | ---- | M] () -- C:\InstallHelper.log
    [2009/09/12 15:26:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/09/12 15:26:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/11/30 22:14:46 | 000,000,000 | ---- | M] () -- C:\NvLog.txt
    [2011/01/10 22:55:48 | 3533,000,704 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/06 16:02:08 | 000,067,368 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_06.01.2011_15.59.59_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 23:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 23:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 23:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/04 21:28:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 08:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 23:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/08 01:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2008/07/31 21:03:16 | 000,001,610 | -H-- | M] () -- C:\Users\Lyndon\AppData\Roaming\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2008/01/21 13:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 14:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 14:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 14:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 21:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 21:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/04 23:00:51 | 000,000,286 | -HS- | M] () -- C:\Users\Lyndon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/07/31 12:01:59 | 011,139,277 | ---- | M] () -- C:\Users\Lyndon\Desktop\avidemux_2.5.3_win32.exe
    [2011/01/10 22:35:47 | 004,151,645 | R--- | M] () -- C:\Users\Lyndon\Desktop\ComboFix.exe
    [2010/08/17 22:00:21 | 005,693,896 | ---- | M] () -- C:\Users\Lyndon\Desktop\HSS-1.49-install-anchorfree-238-conduit2.exe
    [2011/01/05 19:38:56 | 000,080,384 | ---- | M] () -- C:\Users\Lyndon\Desktop\MBRCheck.exe
    [2011/01/12 23:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\OTL.exe
    [2010/02/13 14:09:31 | 001,276,158 | ---- | M] () -- C:\Users\Lyndon\Desktop\pc-decrapifier-2.1.0.exe
    [2010/12/12 18:10:35 | 000,512,992 | ---- | M] () -- C:\Users\Lyndon\Desktop\sdsetup.exe
    [2009/07/06 20:57:50 | 000,564,234 | ---- | M] () -- C:\Users\Lyndon\Desktop\SetupiPhoneBrowser.1.91.exe
    [2011/01/02 10:08:44 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Lyndon\Desktop\SUPERAntiSpyware.exe
    [2011/01/05 18:49:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lyndon\Desktop\TFC.exe
    [2009/09/21 22:31:50 | 002,565,039 | ---- | M] (Martin Prikryl ) -- C:\Users\Lyndon\Desktop\winscp423setup.exe
    [2010/01/20 11:58:28 | 001,731,072 | ---- | M] () -- C:\Users\Lyndon\Desktop\x264.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/07/29 20:41:27 | 000,000,402 | -HS- | M] () -- C:\Users\Lyndon\Favorites\desktop.ini
    [2010/07/26 22:19:58 | 000,000,550 | ---- | M] () -- C:\Users\Lyndon\Favorites\PSPVC PSP Video Converter.lnk
    [2010/07/26 22:19:58 | 000,000,550 | ---- | M] () -- C:\Users\Lyndon\Favorites\PSPVC on Twitter.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/12 19:49:03 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2007/08/13 20:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
    [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 953 bytes -> C:\ProgramData\TEMP:24721E3C
    @Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 260 bytes -> C:\ProgramData\TEMP:890CC2F3
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
    MattC,
    #12
  14. 2011/01/12
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    OTL Extras logfile created on: 12/01/2011 11:02:48 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Lyndon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.50 Gb Total Space | 36.19 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.39% Space Free | Partition Type: NTFS

    Computer Name: DELL_XPS_M1530 | User Name: Lyndon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05F51831-1544-4E46-9857-5964AD947944}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1FC5D917-6000-450C-A68E-AC180AABCD62}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{490E6B02-5762-4105-BEB6-5A2B338D85F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B780D47-A949-409D-9AD9-EA3A98A97E74}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4D515599-F4D0-4646-B60B-589A29BF7953}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{560A9F7F-50BF-4BD5-A42C-2737F7F8F242}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7AAA09A4-039A-4FA6-B4AC-8CC6322DE2D2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{B2071F04-2DC2-4FFD-925D-F48E4FBC1D75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B6201095-CAC5-4FE6-A82D-4C6DAF49F4DF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{B97C770F-BAF0-474A-8255-91567C298B0A}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{BAFD8284-06CB-4A8C-A49C-02648B680944}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{E4487FE9-AF48-42EC-B783-5C14CCA9ED17}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07F848F7-37DE-4093-B3A4-A628553BDF78}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1768B28F-BF7C-42C7-AE11-B64F50AC47E5}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{18381E31-B98C-4FE5-9D37-AD997FDD69C8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{1838206A-276F-4E0B-A829-CCBF394B0FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thearmsdealer\counter-strike source\hl2.exe |
    "{24B54837-1C8D-496E-9B03-E21918B80002}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{259C077A-FF9A-425F-86E5-7D69FED16D1D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{2CF41927-6217-4F59-930A-BC7A7735AD91}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{342792B7-4446-4B1F-8BF7-D60B07C4BFBF}" = protocol=6 | dir=in | app=c:\windows\system32\dldncoms.exe |
    "{3B36C670-547D-4E2B-AEF4-CC6F7A773A5C}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{3F594AF1-9E8C-4493-BB96-62675412843B}" = protocol=17 | dir=in | app=c:\windows\system32\dldncoms.exe |
    "{40160CBE-EB2E-498B-A196-16A7A6250D55}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{448640CE-373F-465D-B3CD-21FECED27F98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4528A121-8DA3-4D7B-8D9F-54761EAF4B9C}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
    "{457CC5F5-C4ED-4980-8B72-D0DC243A845E}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
    "{4CFEED1B-DDFD-48E3-ACF7-109807D1CC43}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{5B9331B9-F6D8-4EF7-80F6-EE704C014421}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{5F27BB7B-CB24-4D01-BC28-FC20691E7F0E}" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnamon.exe |
    "{6131C0E5-2D42-4426-A13D-94026E25AB1F}" = protocol=17 | dir=in | app=c:\program files\dell v105\frun.exe |
    "{6A04C2FA-61ED-4C07-8CC2-0DA42A986696}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{6DE1CE8C-8D8E-441A-8C96-0513CA263472}" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnamon.exe |
    "{73E84AFA-8EF4-48AE-A9B2-A0795911419E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{75FEE1F3-3E5D-4D2D-A464-28D285DC0197}" = protocol=17 | dir=in | app=c:\program files\dell v105\netsupp.dll |
    "{7A1AF461-1F39-49A9-8689-08974A221500}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{85F06588-2975-4FB4-BCCF-C8D8A2D91228}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{87CA1FF7-36D6-4EFD-BA30-FA729A682725}" = protocol=6 | dir=in | app=c:\program files\dell v105\frun.exe |
    "{8839E679-5681-4AB1-9F68-4FDED4292362}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{8ADC8733-F4EB-4C32-8630-915AE69C6103}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{94BCB28F-2828-4F34-9AA1-D7BDAEA2C4CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{A1571BF3-3B7D-47C6-A6CE-B91441AB1AF6}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{A1B84AC0-01D1-46E7-B184-A1D9B314069A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thearmsdealer\counter-strike source\hl2.exe |
    "{A2CCE2A7-ECC5-43CA-8939-FE1FAE551F2F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{A6B1E595-1BF3-4F7A-8280-E89A092BBE3D}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{B64B3767-F736-4629-9674-80CD77E1B7B5}" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "{B782D9CE-5520-4D70-9924-B603A5D72A37}" = protocol=6 | dir=in | app=c:\program files\dell v105\netsupp.dll |
    "{BA563E52-5536-4409-949C-69C7DEA92D07}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
    "{BF88852C-27B0-45B1-8C0E-62C8D4419718}" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "{C0B3EB19-23F9-4753-A060-7EFAF6E1A962}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C23AA324-CCFB-48F8-8314-040EBBFED853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{C276596F-EC00-4DD2-8670-6613AEC4591E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{C4E89A31-F7EA-46BE-A95E-7F21C7CCCE7C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{CA70D796-C719-4CC2-8ED0-C765885CBC69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D21474A1-DBB4-4327-B356-9CFEA6095757}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis sp demo\bin32\crysis.exe |
    "{F63EF160-E4E4-4DAD-B1D7-7B248E44BF5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F9144E6C-7800-4400-8837-12E04E02E2BB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{FAAD9996-7F85-4A6D-9065-7B6BE8D27E09}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{FC54259B-8A3C-44A0-9A11-6AC5C9357FA8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "TCP Query User{0C22F6D9-CA22-4885-ABF1-FFB95A03F100}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{917B8EAB-192C-48E5-B065-32BE1822A07E}C:\users\lyndon\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\lyndon\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe |
    "TCP Query User{A1692921-B9B7-4C6D-B0D9-4F3F7EF38CA1}C:\program files\dell v105\dldnmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "TCP Query User{BB3601A4-616D-4E71-9BF8-54BABE442904}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "UDP Query User{02B38B61-C194-4400-867B-792F85545499}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
    "UDP Query User{66843FC5-993F-4749-A2EA-FF3FA2D14F5F}C:\program files\dell v105\dldnmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
    "UDP Query User{73F8D534-E1BA-4735-B0C2-4E8662AD5D9E}C:\users\lyndon\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\lyndon\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe |
    "UDP Query User{C835D302-068A-46FD-9146-8DD64C6AB2B9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{11ABE2F4-DBCD-45D1-ABBB-C13FDDC4568A}" = Similarity 1.1.0
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{284903BF-78C1-4739-BACD-8EF1AB0E5911}" = SolidWorks Flow Simulation 2009 SP02.1
    "{28F114B6-355F-440D-9593-F49E698E26A2}" = Rapidshare Auto Downloader 3.5
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36EEFD4F-E34C-4491-B04A-DB8F85C3A021}" = Install
    "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3B7CE1C6-AB7C-4C41-B2B0-5F7784AF7E74}" = SolidWorks eDrawings 2009
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EB83282-A67B-426A-B496-DA3317BA815B}" = DWGeditor
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{60379D61-4F60-4C0D-ADB0-7670BD513AE1}" = Pubs
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3
    "{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{70FD5DCD-720B-407E-A9B4-1E557C16A1B2}" = TouchChip USB Driver 2.14
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{75F15E13-57D4-41C8-BE8F-403C9F159E6A}" = PhotoView 360
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89D04C29-88C9-4C82-951D-36DB23409073}" = SolidWorks 2009 SP02.1
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8ED6F771-FB0F-4B34-8DAD-757A20F6A27D}" = TMPGEnc 4.0 XPress
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
    "{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C3F9AC0D-3A6D-42F7-8A44-80335A366233}" = Install
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE9EAC77-2D52-447D-A87A-52CB20A46E13}" = SolidWorks Simulation 2009 SP02.1
    "{D38C1A4F-94D8-45C5-AEB3-C29605984339}" = SolidWorks Motion 2009 SP02.1
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4953044-0533-4F01-B0FC-1D271AB998D8}" = Inkjet Toolbox
    "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
    "78AC6AA38F24314364E469950E454B1F7CFBB8D2" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (02/07/2007 6.1283.0207.2007)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Audacity_is1" = Audacity 1.2.6
    "avast5" = avast! Free Antivirus
    "AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
    "Avidemux 2.5" = Avidemux 2.5
    "AviSynth" = AviSynth 2.5
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell V105" = Dell V105
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "Disk Space Fan_is1" = Disk Space Fan 1.4.2.796
    "DTGDesktop" = Documents To Go Desktop
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "DVD Shrink_is1" = DVD Shrink 3.2
    "E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)
    "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.1
    "Exact Audio Copy" = Exact Audio Copy 0.99pb5
    "Forte Agent" = Forté Agent
    "Free Download Manager_is1" = Free Download Manager 2.5
    "Fx WMV Indexer" = Fx WMV Indexer
    "GameSpy Arcade" = GameSpy Arcade
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
    "GrabProGrabPro" = GrabPro - Toolbar
    "Halo Trial" = Microsoft Halo Trial
    "Handbrake" = Handbrake 0.9.4
    "HotspotShield" = Hotspot Shield 1.49
    "iLyrics" = iTunes Lyrics Importer
    "InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.6 (Full)
    "lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSC" = McAfee SecurityCenter
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Orbit_is1" = Orbit Downloader
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PSPVC" = PSPVC :: PSP Video Converter v3.91
    "PunkBusterSvc" = PunkBuster Services
    "RealAlt_is1" = Real Alternative 1.8.4
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SolidWorks Installation Manager 20090-40201-1100-200" = SolidWorks 2009 SP02.1
    "Spyware Doctor" = Spyware Doctor 8.0
    "Steam App 240" = Counter-Strike: Source
    "Steam App 400" = Portal
    "SystemRequirementsLab" = System Requirements Lab
    "The KMPlayer" = The KMPlayer (remove only)
    "Video Enhancer_is1" = Video Enhancer 1.9.6
    "Videora iPhone 3G S Converter" = Videora iPhone 3G S Converter 4.08
    "vReveal" = vReveal
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.3 beta
    "WM Capture" = WM Capture
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
    MattC,
    #13
  15. 2011/01/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see three active AV programs, McAfee SecurityCenter, Emsisoft Anti-Malware 5.1 and Avast.
    Assuming, you want to keep Avast, two others have to go.
    In case of McAfee, use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    ================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.defaultenginename:  "Ask.com "
FF - prefs.js..browser.search.order.1:  "Ask.com "
[2010/12/04 04:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKCU\..Trusted Domains: cyber-deployment.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/12/18 23:54:11 | 001,291,264 | ---- | M] () -- C:\Windows\is-46SKH.exe
[2010/12/18 23:54:11 | 000,001,162 | ---- | M] () -- C:\Windows\is-46SKH.lst
[2010/12/31 22:22:17 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2010/11/28 17:07:31 | 000,000,000 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\Vnani.bin
[2010/11/28 17:07:30 | 000,000,120 | ---- | C] () -- C:\Users\Lyndon\AppData\Local\Ttelewapanuvazi.dat
@Alternate Data Stream - 953 bytes -> C:\ProgramData\TEMP:24721E3C
@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 260 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #14
  16. 2011/01/14
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    OTL fix log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    File C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cyber-deployment.com\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File C:\Windows\is-46SKH.exe not found.
    File C:\Windows\is-46SKH.lst not found.
    File C:\Windows\System32\bdod.bin not found.
    File C:\Users\Lyndon\AppData\Local\Vnani.bin not found.
    File C:\Users\Lyndon\AppData\Local\Ttelewapanuvazi.dat not found.
    Unable to delete ADS C:\ProgramData\TEMP:24721E3C .
    Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
    Unable to delete ADS C:\ProgramData\TEMP:890CC2F3 .
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: freenet
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lyndon
    ->Temp folder emptied: 660657 bytes
    ->Temporary Internet Files folder emptied: 14673753 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 52541297 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 45221 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 534416 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 157569832 bytes

    Total Files Cleaned = 216.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: freenet

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Lyndon
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01152011_163313

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\mcmsc_WTc2qjZoU3qdbXo not found!
    File\Folder C:\Windows\temp\sqlite_pvssA6NelaPc3pS not found!
    C:\Windows\temp\sqlite_q8ltYTT1dB9A2bK moved successfully.
    C:\Windows\temp\sqlite_wddjahXcSaHpKze moved successfully.
    File\Folder C:\Windows\temp\TMP0000000103FFF07F0F218856 not found!

    Registry entries deleted on Reboot...
     
    MattC,
    #15
  17. 2011/01/14
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    Security Check log:

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    McAfee VIRUSS~1 mcshield.exe
    ``````````End of Log````````````
     
    MattC,
    #16
  18. 2011/01/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall:
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

    ===============================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ===============================================================

    ...and Eset scan....
     
    broni,
    #17
  19. 2011/01/15
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    ESET log:
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
    C:\Users\Lyndon\Desktop\HSS-1.49-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application
     
    MattC,
    #18
  20. 2011/01/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Users\Lyndon\Desktop\HSS-1.49-install-anchorfree-238-conduit2.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #19
  21. 2011/01/19
    MattC

    MattC Inactive Thread Starter

    Joined:
    2011/01/05
    Messages:
    18
    Likes Received:
    0
    OTL fix log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Lyndon\Desktop\HSS-1.49-install-anchorfree-238-conduit2.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: freenet
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lyndon
    ->Temp folder emptied: 267719 bytes
    ->Temporary Internet Files folder emptied: 8691764 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 152525741 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 5601 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7134 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 197971941 bytes

    Total Files Cleaned = 343.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: freenet

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Lyndon
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01192011_221939

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\mcafee_TrwjS9DDoLA5bK3 not found!
    File\Folder C:\Windows\temp\mcmsc_TxwqQorAE3nsdw8 not found!
    File\Folder C:\Windows\temp\mcmsc_voaR7SWAF9AHYog not found!
    C:\Windows\temp\sqlite_FcOSywis9AGBMO5 moved successfully.
    C:\Windows\temp\sqlite_LIWpJtSaFciTMbz moved successfully.

    Registry entries deleted on Reboot...
     
    MattC,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...