Solved iexplore.exe problem! (Black Internet rootkit case)

juturna · 2010/06/25

OTL Extras logfile created on: 6/25/2010 6:10:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.59 Gb Total Space | 294.59 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.73 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35D9C107-CD7A-414D-8EE0-E1F8886D929A}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{3B368035-C531-4A16-B893-10632AF9445A}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{4547748A-6E91-4779-99E1-918D0A85AD73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9323A95E-9DED-4D74-8798-FCB515C1402A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BEB67CF5-D6CA-4D14-9149-ABC573BC2057}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{CDDDA2FE-F09D-4A0D-B023-B662F57F01AD}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{E511123D-05D7-40D9-AB68-1D704D697424}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{FB5F96C2-E927-4C9D-BE1A-13D28D330565}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{FC8F3190-4477-4C7B-BB11-0FA9F1122668}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B1449E-C80B-45CE-9A26-50AAF37C7498}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0743EF13-3BA4-46ED-8D63-96BB31227751}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0FF083E4-1DEC-471B-9823-4A8354DBD764}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{1207D038-24AA-421A-B622-C5EA20041C16}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{19B242F5-9B72-473A-87DC-60AED02867B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19C7ECB4-83A6-41A2-8939-60D9A02D5F17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C1C1DC3-D939-4AB5-B38A-F5BD4EE7C78E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C9D13EC-98FD-4ADC-865A-FF356778463E}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{1F74D35F-4B78-4B99-9972-6D767D7ADCF4}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{1FC3A3D7-CA6A-48A9-AF38-FDE3CC835C5D}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{23AE50C7-3298-4612-B5A7-3823187B4FDD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{249C8553-283A-4E9D-AE99-839B7F499D2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24E44E0B-3CD4-4D8B-A5F2-5B023ADFC0BE}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{25844161-8CAD-4FD5-8D1D-302AE114DFC8}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{2B265107-0743-4648-8AF8-8CF5E42A9379}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{2CFE7FBB-B9A1-4729-8C0A-9E448B52638F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2D168298-141A-4EAC-B0D1-3D3A9E4E639F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{2FE36982-2E30-452F-A601-49CD3A729839}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{33433377-7F0C-473B-A1FF-F6A89633FD10}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{369B53DA-805C-49E4-ACCC-7FEC09A6E908}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A8FC2C4-B9E7-411D-A09E-B9F7523AD92D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3BD7C39B-F3AA-4A61-83EE-B0E7F78575B3}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{40FD94A7-3508-47AD-9763-BD0F5F849120}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{45B4C38B-180E-4E67-BD81-A99111BB7699}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{49F52590-4B1C-4A24-8ECC-286E4625871B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4BF6A732-DFFD-43F1-A83C-641D2C27B2C6}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{5171AA2B-7D20-4026-A40D-DD1A95F53835}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{520979DF-C5C0-46FB-8A0B-42D3E5C6DD4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5286A4F1-AB41-4653-989B-406D97166481}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A5B902-DD9A-4311-AAE8-E7B13A71AE9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5923554D-852A-40B9-8673-B5F2DB11CB73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DC5E28A-7F0C-48C9-929E-4D5F16161203}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F4BB4AB-4FAA-4A63-AB5D-721B8A1A06E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F8FF233-E623-4C21-99EA-C8D92CEDFA31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61EBD9A4-2D67-4ED0-BD56-CE65FF034072}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{635CA979-9FB4-4823-9B52-7B7A61EEA173}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DC8A27C-CCD1-486C-886F-7C8834456212}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7120DCFD-16BE-41CA-9108-5CCF2524F676}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{79EEFFE8-E81F-4408-AF13-3FA5F08175D7}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{87F7EA69-AA11-4522-BA0A-DDBA97ECF50F}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{8C513135-0FD5-48CA-93C8-34ADEDF4D146}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{90FF4358-AD2A-4436-8073-44CE98C466EB}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{9258AC95-7CE9-4172-ADDA-80F40AA17136}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{96D0B44D-E4AC-4989-A9F2-5758F6233FC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D22C565-EF7A-4344-8DDE-582D74FA371A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9E0634E8-690E-4967-89CD-367EF3E1111D}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{9F46E5A8-D8B0-4E4B-99F5-9DFDE9ABFEF2}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{A141FACE-F4A7-4B67-B4A9-7B464D1A3BA8}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{A53742BE-7F37-4FB3-82B3-9B2B10E348A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB4954A0-6468-41DB-B0F0-833CA73DB2AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB680B87-B5A6-4DC8-BE1F-BA877AFE241F}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{AE3D8810-3F27-420E-895F-1115070B163B}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{AF98A602-D632-408B-B440-D60CBB9F39C9}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{BAF03F38-B56F-4EC8-81E3-4F5F4AB488D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD21FA97-332C-44C1-9B5F-A9DBAD1043FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0BCA317-8BF6-4C8D-AA72-53AE5F620A4C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C5BE2744-0B8A-479B-8A73-DBAF7EDE05C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C9C7E2B1-BA37-475A-AE04-A2EAE02337AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9CDD362-65D1-40AC-9EF8-A9A56512702F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFB7AE22-058E-4BB2-8D24-201FD7C19346}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{D07B1C4D-78EF-4A72-B474-EC2723E9C67A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DBA73AFC-FC25-4979-B70B-D11843C05460}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{DCB035AB-C281-415B-B133-7DA2FCFA2A4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DDC9D04F-90D4-40F8-B328-3009C89FF1EB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DF32C257-8BCD-40AF-823D-6CA006970795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7A5994B-1955-4514-99B2-9CD59947A811}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED50280F-02BE-4F76-AF88-8289D68552FE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF7B49FD-37AF-40DA-B203-A15CB2152039}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F40AD118-69BA-4CDB-85FF-160008B2FC25}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{F5D1635E-1E03-4A87-8454-B26EA21BA9DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F604EFC6-3AFC-487E-A770-8E146287198B}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{F6717E89-B0E4-49A6-9251-07584DC85D36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F754E4A7-F483-4675-BF90-17E07A049B84}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{F8F96E75-C3AF-4EAF-A56F-BCD1ED0D44A3}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{FA49DA47-B22D-4FAB-ADE3-93EAEF5375CC}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{FCFD877A-C3D0-4EC1-B929-F43C5C224697}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD7DCB66-670F-4703-A985-19CBAD4C2D57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3388033B-1466-49BD-B1E7-1E4F55B9E574}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{36313B45-501E-4BEC-9F28-2AF643177120}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{5A53696E-C575-49A0-BA8E-9049C3654753}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{6D3E5694-6DA7-43EC-9067-B863CFA920CB}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{BCDD2C0E-B8A7-41AA-A475-274D27A637CC}C:\program files\steam\steamapps\educate\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\educate\counter-strike source\hl2.exe |
"TCP Query User{BE26C787-A3B4-4E3F-A553-E23089C62F03}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{3314ADC7-3D28-46DC-8865-56244DC42CB4}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{4EF3A8DD-2E4F-4D46-9366-64B71EA1A4A4}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{AC955670-65B1-4EBA-A35D-F1A36005031A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{B4E0EF35-9B12-4D00-BECF-29A9208CEA0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D7DC859B-E55B-48B1-ACDD-F5FB80939152}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{E076687C-91A0-46F1-856E-7268754127BA}C:\program files\steam\steamapps\educate\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\educate\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C87E0D98-7955-4BF0-A6B0-5D81146A9CB8}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.1559
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PandoraSaver (standalone)_is1" = PandoraSaver 1.005 (standalone)
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"StarCraft" = StarCraft
"Steam App 240" = Counter-Strike: Source
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Dell Touchpad
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2010 4:23:59 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application smss.exe, version 1.0.0.1, time stamp 0x4906165d,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x0006790f, process id 0x328c, application start time
0x01cb117730260ea0.

Error - 6/21/2010 7:39:54 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program KMPlayer.exe version 2.9.4.1435 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4738 Start Time: 01cb119a38b98830 Termination Time: 216

Error - 6/21/2010 8:01:36 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2010 8:02:55 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 6/21/2010 9:23:40 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2010 9:55:11 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 6/22/2010 1:38:34 PM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/22/2010 1:40:40 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 6/23/2010 12:01:58 AM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program KMPlayer.exe version 2.9.4.1435 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 142c Start Time: 01cb1288c74a4fb7 Termination Time: 154

Error - 6/23/2010 2:49:02 AM | Computer Name = Andrew-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/25/2010 2:00:57 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 2:13:41 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 2:16:18 PM | Computer Name = Andrew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/25/2010 2:17:01 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/25/2010 3:46:42 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 3:47:36 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 3:47:37 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 3:56:21 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 6/25/2010 4:05:06 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/25/2010 4:26:16 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

broni · 2010/06/25

Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

===================================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2010/06/25 18:05:26 | 000,031,372 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\smss.exe
PRC - [2010/06/25 18:05:16 | 000,025,318 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\services.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/06/25 16:57:02 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5D432CE3


:Services

:Reg

:Files
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe
C:\System Volume Information\Microsoft
C:\Program Files\Viewpoint


:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

juturna · 2010/06/25

as soon as I clicked run fix, It said that I've run into a critical problem and that my computer needs to be restarted

**ah, I neglected to download the Java program, let me try that first...

broni · 2010/06/25

Go ahead and see what will happen.

juturna · 2010/06/25

Again:

You are about to be logged off
Windows has encountered a critical problem and will restrt automatically in one minute. Please save your work now.
Close

broni · 2010/06/25

Go ahead and let it restart.

juturna · 2010/06/25

I keep recieving the same restart message. Is there another option?

broni · 2010/06/25

Download Bootkit Remover

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program.

Post the output from remover.exe.

juturna · 2010/06/25

Bookit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 94e5e037d499bc5ff7aaa3b2e9662600
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
-----------------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

broni · 2010/06/25

Now - please do the following:

* Click Start, Run then copy and paste the below into the Run box and click OK.

"%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0

* Now reboot your PC and after reboot re-run OTL Quick Scan. Post the log.

juturna · 2010/06/25

OTL logfile created on: 6/25/2010 10:12:03 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.59 Gb Total Space | 292.95 Gb Free Space | 50.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.73 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/25 21:46:58 | 000,031,372 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\smss.exe
PRC - [2010/06/25 21:46:47 | 000,025,318 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/01/28 10:45:03 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/01/28 10:44:52 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
PRC - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 19:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/22 19:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/01/01 23:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 12:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/10/15 16:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2007/09/12 12:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2007/08/16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/18 09:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2007/07/18 09:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2007/07/18 09:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
PRC - [2007/06/05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe

========== Modules (SafeList) ==========

MOD - [2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
MOD - [2010/01/28 10:45:09 | 000,357,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
SRV - [2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/28 10:45:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/01/28 10:44:52 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/01/28 10:44:50 | 000,341,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/01/28 10:44:49 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/12/12 21:41:31 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/20 19:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/22 18:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 23:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/25 18:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 18:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:24 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 19:41:24 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100510.025\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/29 13:15:55 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/17 14:20:20 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/01/28 10:49:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/28 10:45:10 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/01/28 10:45:08 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/01/28 10:45:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/01/28 10:45:07 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/01/28 10:44:54 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/01/28 10:44:54 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/01/28 10:44:43 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/28 10:44:43 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/01/28 10:44:41 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/28 16:18:14 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/18 12:58:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/25 04:26:56 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/27 06:26:54 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/10/27 06:18:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/10/27 06:18:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/27 06:17:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/27 09:27:32 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2008/01/01 23:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/06 05:38:10 | 007,619,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/13 07:43:00 | 000,120,320 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\physX32.sys -- (physX32)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/08 12:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/07/18 09:30:28 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.9.96
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.72
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 02:01:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 19:02:09 | 000,000,000 | ---D | M]

[2009/02/18 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions
[2010/01/06 02:05:35 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/06 02:05:35 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/06 02:05:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 02:54:23 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\gqziblmo.default\extensions\artur.dubovoy@gmail.com
[2010/06/25 21:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/25 19:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/25 19:01:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/06/25 15:56:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/25 21:32:37 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Users\Andrew\Desktop\remover.exe
[2010/06/25 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\bootkit_remover
[2010/06/25 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/25 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/25 18:52:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/25 18:08:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/06/25 18:03:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/25 18:02:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/25 16:00:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/25 15:59:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
[2010/06/25 15:55:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/25 13:54:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/24 22:33:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2010/06/24 22:33:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/24 22:33:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/24 22:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/24 22:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/22 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/06/18 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\music
[2010/06/15 05:45:51 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\skypePM
[2010/06/15 05:44:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Skype
[2010/06/15 05:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/15 05:43:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/15 05:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/06/13 02:01:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S2
[2010/06/11 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
[2010/06/11 23:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/06/11 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/02 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Family Outing S1
[2010/05/15 00:15:47 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\idol
[2010/05/14 22:41:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Desktop
[2010/05/14 00:50:29 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010/05/14 00:50:29 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010/05/14 00:50:29 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010/05/14 00:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/05/14 00:46:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010/05/14 00:46:05 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010/05/14 00:46:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010/05/14 00:46:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010/05/14 00:46:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010/05/14 00:46:04 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/14 00:46:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010/05/14 00:46:04 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010/05/14 00:46:04 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010/05/14 00:46:04 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010/05/14 00:46:04 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010/05/14 00:46:03 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010/05/14 00:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/04/28 11:27:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Microsoft Help
[2010/04/20 01:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Aixcoustic
[2010/04/18 00:16:08 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Desktop\Korean
[2010/04/11 03:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport

========== Files - Modified Within 90 Days ==========

[2010/06/25 22:12:08 | 006,553,600 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
[2010/06/25 22:11:50 | 000,000,177 | ---- | M] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 2.url
[2010/06/25 21:54:47 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/25 21:54:47 | 000,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/25 21:54:47 | 000,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/25 21:48:12 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
[2010/06/25 21:48:02 | 000,027,430 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
[2010/06/25 21:47:34 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TMContainer00000000000000000001.regtrans-ms
[2010/06/25 21:47:34 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{b1eab854-cfb1-11de-8a70-0023ae12b7e1}.TM.blf
[2010/06/25 21:47:27 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/06/25 21:47:25 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2010/06/25 21:47:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 21:47:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 21:47:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/25 21:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/25 21:45:51 | 003,631,941 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
[2010/06/25 21:13:04 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/25 21:12:41 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/06/25 18:09:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/06/25 17:14:31 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/25 15:56:30 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/25 15:56:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/25 13:54:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/06/25 04:16:46 | 000,121,856 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 00:09:28 | 413,990,263 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/25 00:01:53 | 000,270,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/24 23:02:36 | 000,293,376 | ---- | M] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
[2010/06/24 22:33:40 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 23:54:37 | 000,525,824 | ---- | M] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/06/18 12:06:43 | 000,000,192 | ---- | M] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
[2010/06/11 23:59:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/06/03 15:42:11 | 000,000,154 | ---- | M] () -- C:\Users\Andrew\Desktop\index12.url
[2010/05/09 20:57:28 | 000,532,092 | ---- | M] () -- C:\Users\Andrew\Documents\youth ministries.pptx
[2010/05/09 17:32:42 | 000,027,648 | ---- | M] () -- C:\Users\Andrew\Documents\my interview.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/16 10:25:52 | 000,033,792 | ---- | M] () -- C:\Users\Andrew\Documents\essay3.doc
[2010/04/13 02:36:46 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2010/04/06 02:26:54 | 000,027,136 | ---- | M] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
[2010/04/04 16:34:22 | 000,062,074 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010/03/29 01:03:16 | 000,019,065 | ---- | M] () -- C:\Users\Andrew\Documents\midterm.docx

========== Files Created - No Company Name ==========

[2010/06/25 21:13:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/25 18:42:27 | 000,000,177 | ---- | C] () -- C:\Users\Andrew\Desktop\[Active] iexplore.exe problem! - Page 2.url
[2010/06/24 23:02:35 | 000,293,376 | ---- | C] () -- C:\Users\Andrew\Desktop\2xq6cx38.exe
[2010/06/24 22:33:40 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 23:54:34 | 000,525,824 | ---- | C] () -- C:\Users\Andrew\Desktop\dds.scr
[2010/06/15 05:43:07 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/06/07 02:19:46 | 000,000,192 | ---- | C] () -- C:\Users\Andrew\Desktop\ssfsubs3.url
[2010/06/03 15:42:11 | 000,000,154 | ---- | C] () -- C:\Users\Andrew\Desktop\index12.url
[2010/05/14 00:50:29 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/05/14 00:46:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010/05/14 00:46:05 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010/05/14 00:46:05 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010/05/14 00:46:04 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010/05/14 00:46:04 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010/05/14 00:46:04 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010/05/14 00:46:03 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010/05/14 00:46:03 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010/05/09 17:32:53 | 000,532,092 | ---- | C] () -- C:\Users\Andrew\Documents\youth ministries.pptx
[2010/05/09 17:32:41 | 000,027,648 | ---- | C] () -- C:\Users\Andrew\Documents\my interview.doc
[2010/04/08 02:10:53 | 000,033,792 | ---- | C] () -- C:\Users\Andrew\Documents\essay3.doc
[2010/04/06 02:26:54 | 000,027,136 | ---- | C] () -- C:\Users\Andrew\Documents\assignment 3 proposal.doc
[2010/03/29 01:03:16 | 000,019,065 | ---- | C] () -- C:\Users\Andrew\Documents\midterm.docx
[2009/08/07 02:40:39 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/08/04 15:03:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/29 02:13:28 | 000,000,000 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2009/03/03 13:55:58 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009/02/14 08:05:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/04/20 09:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/04/20 09:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/02/24 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Absolute
[2009/02/18 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\acccore
[2010/01/05 03:43:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ManyCam
[2010/06/11 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
[2009/10/09 01:43:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ooVoo Details
[2009/03/20 21:10:00 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking
[2009/05/20 01:21:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\RenPy
[2009/08/07 02:58:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Samsung
[2009/10/09 01:46:34 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\tmp
[2010/06/25 21:46:01 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

broni · 2010/06/25

Please, re-run Bootkit Remover by double clicking on remover.exe and post fresh log.

BTW, we've been dealing here with pretty new malware, so there is still no bullet-proof tool to deal with it.

juturna · 2010/06/25

Figured, I see Pete's having the same problem.
Anyways, thank you for your time and effort on my problem.

I got the same report as the first time:

Bookit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 94e5e037d499bc5ff7aaa3b2e9662600
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
-----------------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

broni · 2010/06/25

Figured, I see Pete's having the same problem.
Click to expand...

Exactly.
Now, I can see, that disinfection didn't work, so I have to ask you this:
- do you have remover.exe file placed on your desktop? Make sure, you do
- As for the command ( "%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0), I assume, you copy/pasted it, not re-typed it?

juturna · 2010/06/25

Yup, I'll try it again

broni · 2010/06/25

Ok....

juturna · 2010/06/25

This is what I got when running "%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive0:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

Restoring boot code at \\.\PhysicalDrive0...
ERROR: No standard boot code found for your OS.
You can restore boot code only for Windows XP, Server 2003, Vista, Server 2008 and Windows 7

Press any key to quit...

broni · 2010/06/25

Let's try something else...

Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

* Doubleclick mbr.exe and follow prompts (Vista users: right click on mbr.exe and click "Run As Administrator ").
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log (mbr.log) file to your next reply.

juturna · 2010/06/25

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

broni · 2010/06/25

Go Start>Run (Vista/7 users "Start search "), type in:
cmd
Click OK (Vista/7 users, hold CTRL and SHIFT keys, press Enter)

At the DOS prompt type:
"%userprofile%\desktop\mbr.exe" -f (<------make sure you have a space before the -f)
Hit Enter.

Type:
exit
Hit Enter.

Restart the computer normally.

Run the mbr.exe again.
Post new log.

Log in or Sign up

Solved iexplore.exe problem! (Black Internet rootkit case)

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved iexplore.exe problem! (Black Internet rootkit case)

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

juturna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches