Google-Analytics Virus? - Computer #1

View previous topic View next topic Go down

Solved Google-Analytics Virus? - Computer #1

Post by redarrow62 on Tue Nov 02, 2010 11:24 pm

I have 3 computers with this problem. I am going to have seperate posts.
I have run combo-fix, OTL, Malwarebytes anti-malware and MBR on this. I will put the output in seperate posts:

#1 - MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 180):
0x82A08000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC1000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80723000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072D000 \SystemRoot\system32\drivers\volmgr.sys
0x8073C000 \SystemRoot\System32\drivers\volmgrx.sys
0x80786000 \SystemRoot\system32\drivers\intelide.sys
0x8078D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A808000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A8C6000 \SystemRoot\system32\drivers\atapi.sys
0x8A8CE000 \SystemRoot\system32\drivers\ataport.SYS
0x8A8EC000 \SystemRoot\system32\drivers\msahci.sys
0x8A8F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A928000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A938000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8A947000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8A95D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A967000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA07000 \SystemRoot\system32\drivers\ndis.sys
0x8AB12000 \SystemRoot\system32\drivers\msrpc.sys
0x8AB3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD10000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD49000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD51000 \SystemRoot\System32\Drivers\mup.sys
0x8AD60000 \SystemRoot\System32\drivers\ecache.sys
0x8AD87000 \SystemRoot\system32\drivers\disk.sys
0x8AD98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADB9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ECC8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ECD3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ECDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F601000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FC4E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FCEF000 \SystemRoot\System32\drivers\watchdog.sys
0x8FCFB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FD06000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FD44000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FD53000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8ECEB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FE07000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FF31000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FF41000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FF4F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FF69000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FF78000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FF8C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FFF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFFB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8ED37000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FDEB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FDEF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ED4F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED7E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDE1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ADCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AB78000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AB8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FFFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ABB1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807AB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ABDB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805C0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90209000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9030C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x903C0000 \SystemRoot\system32\drivers\modem.sys
0x903CD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x90403000 \SystemRoot\system32\drivers\portcls.sys
0x90430000 \SystemRoot\system32\drivers\drmk.sys
0x90455000 \SystemRoot\system32\drivers\stwrt.sys
0x904AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x904C1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x904C3000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x904FD000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90518000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9052B000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x9053F000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x90F56000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x90F8F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90F99000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90FA2000 \SystemRoot\System32\Drivers\Null.SYS
0x90FA9000 \SystemRoot\System32\Drivers\Beep.SYS
0x90FB0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x90FB6000 \SystemRoot\System32\drivers\vga.sys
0x90FC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90FE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FEB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90FF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90588000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90596000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x98E05000 \SystemRoot\System32\drivers\tcpip.sys
0x98EEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x98F0A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x98F20000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x98F4E000 \SystemRoot\system32\DRIVERS\smb.sys
0x98F62000 \SystemRoot\system32\drivers\afd.sys
0x98FAA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98FDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98FF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9059F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9920B000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x99274000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x992B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x992BA000 \SystemRoot\system32\drivers\mfehidk.sys
0x992ED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9934B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x99368000 \SystemRoot\System32\Drivers\dfsc.sys
0x9937F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x993BA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EC0A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81AB0000 \SystemRoot\System32\win32k.sys
0x993C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x81CD0000 \SystemRoot\System32\TSDDD.dll
0x81CF0000 \SystemRoot\System32\cdd.dll
0x993E0000 \SystemRoot\system32\drivers\luafv.sys
0x99200000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x993FB000 \SystemRoot\System32\DLA\DLADResM.SYS
0x905B2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x98E00000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x993FC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x90E00000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x905CA000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x905D1000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x905E7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB3A01000 \SystemRoot\system32\drivers\spsys.sys
0xB3AB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB3AC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xB3AEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3AF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB3B08000 \SystemRoot\system32\drivers\HTTP.sys
0xB3B75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB3B92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB3BAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB3BC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xB3BE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB680D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB6846000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB685E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB6886000 \SystemRoot\System32\DRIVERS\srv.sys
0xB68EC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB68F0000 \SystemRoot\system32\drivers\peauth.sys
0xB69CE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB69D8000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB6800000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB68D4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB68DC000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x90E07000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101029.003\NAVEX15.SYS
0x90F7B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101029.003\NAVENG.SYS
0xB68E4000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8ADC2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x993D1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x904FF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90508000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9051F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x903EE000 \SystemRoot\system32\DRIVERS\HPKBCCID.sys
0x90536000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 107):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
600 csrss.exe
644 csrss.exe
652 C:\Windows\System32\wininit.exe
692 C:\Windows\System32\services.exe
720 C:\Windows\System32\winlogon.exe
732 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1364 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1692 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1700 C:\Windows\System32\wlanext.exe
1824 C:\Windows\System32\WLTRYSVC.EXE
1896 C:\Windows\System32\BCMWLTRY.EXE
1928 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
332 C:\Windows\System32\spoolsv.exe
480 C:\Windows\System32\svchost.exe
1560 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
1516 C:\Windows\System32\AEstSrv.exe
1384 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1432 C:\Program Files\Bonjour\mDNSResponder.exe
1404 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
636 C:\Program Files\Symantec AntiVirus\DefWatch.exe
1628 C:\Windows\System32\dlcxcoms.exe
2072 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2176 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2316 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2404 C:\Windows\System32\svchost.exe
2420 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2592 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2632 C:\Windows\System32\stacsv.exe
2680 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2756 C:\Windows\System32\svchost.exe
2796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2812 C:\Windows\System32\SearchIndexer.exe
2948 C:\Windows\System32\drivers\XAudio.exe
2976 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
3428 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
3444 unsecapp.exe
3572 WmiPrvSE.exe
3580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3780 C:\Windows\ehome\ehsched.exe
4032 C:\Windows\ehome\ehrecvr.exe
3320 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
224 C:\Windows\System32\dwm.exe
2848 C:\Windows\explorer.exe
2912 C:\Windows\System32\taskeng.exe
392 C:\Program Files\Windows Defender\MSASCui.exe
2728 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
380 C:\Windows\System32\WLTRAY.EXE
1492 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1740 C:\Windows\OEM02Mon.exe
868 C:\Windows\System32\igfxtray.exe
4260 C:\Windows\System32\hkcmd.exe
4272 C:\Windows\System32\igfxpers.exe
4296 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
4312 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
4352 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
4396 C:\Program Files\dcmsvc\dcmsvc.exe
4404 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4420 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
4428 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
4448 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4468 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
4500 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4516 C:\Program Files\Symantec AntiVirus\VPTray.exe
4544 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4556 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4572 C:\Program Files\iTunes\iTunesHelper.exe
4584 C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
4592 C:\Program Files\Windows Sidebar\sidebar.exe
4600 C:\Windows\ehome\ehtray.exe
4608 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4624 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4632 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
4640 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
4648 C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
4672 C:\Windows\System32\igfxsrvc.exe
4904 C:\Windows\System32\wuauclt.exe
5252 C:\Windows\ehome\ehmsas.exe
5712 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
2764 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
5812 C:\Program Files\iPod\bin\iPodService.exe
5720 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5644 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1720 C:\Windows\System32\taskeng.exe
5864 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
964 C:\Windows\System32\taskmgr.exe
3116 C:\Program Files\Internet Explorer\iexplore.exe
2788 C:\Program Files\Internet Explorer\iexplore.exe
5124 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
4388 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3284 C:\Program Files\Internet Explorer\iexplore.exe
5800 <unknown>
4912 C:\Temp\bootkit_remover\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Tue Nov 02, 2010 11:30 pm

#2 - OTL.TXT
OTL logfile created on: 11/1/2010 9:20:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Tmp
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.90 Gb Total Space | 67.02 Gb Free Space | 23.86% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.57 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Drive E: | 4.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RICK-LAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Tmp\OTL.exe
PRC - [2010/10/15 06:25:07 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/10/11 16:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/10/09 16:02:58 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/09 16:02:56 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/27 14:46:08 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/11 15:44:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/04 13:00:56 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/12/25 15:23:12 | 000,095,232 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/03 12:33:34 | 000,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/04/03 12:33:18 | 001,956,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/04/03 12:33:06 | 000,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/02/01 01:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 17:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/05/15 17:08:00 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/09/11 04:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Tmp\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/09 16:02:56 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/04/03 12:33:24 | 000,121,744 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/04/03 12:33:18 | 001,956,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/03 12:33:06 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Rick\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101029.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101029.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/16 19:59:47 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/17 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/25 15:34:21 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/08 16:55:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/02 11:44:14 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/06/02 11:44:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/02/14 13:06:20 | 000,443,776 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/02/04 12:26:34 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/04 12:26:34 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/04 12:26:34 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:23 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:22 | 000,022,016 | ---- | M] (SCM Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stcusb.sys -- (SCMUSB)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/14 05:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/09 13:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/11/07 05:32:00 | 000,046,976 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPKBCCID.sys -- (HPKBCCID)
DRV - [2006/11/02 18:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 12:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/05/23 10:30:36 | 000,043,737 | ---- | M] (OMNIKEY) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmeu0wdm.sys -- (cmeu0wdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/11 15:45:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/31 12:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/31 12:36:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/30 23:39:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\Windows\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Rick\Pictures\societyposter.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rick\Pictures\societyposter.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {b0f84fec-95ad-4f3e-8fc0-6bc1bbadbf0d} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Tue Nov 02, 2010 11:32 pm

#3 - other half of OTL.txt


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 21:18:00 | 000,000,000 | ---D | C] -- C:\Rick-Tmp
[2010/10/31 20:41:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/31 20:22:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/30 22:53:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 22:53:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 22:53:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 22:53:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 22:50:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 22:09:54 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Malwarebytes
[2010/10/29 22:09:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/29 22:09:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/29 22:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/29 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/29 16:49:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/29 16:49:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/29 16:49:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/26 16:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/10/20 17:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/17 15:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2010/10/14 19:07:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 19:06:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 19:06:23 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 19:06:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 19:06:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 19:06:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 19:06:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 19:06:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 19:06:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 19:06:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 19:06:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 19:06:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 19:06:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 19:06:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 19:06:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 19:06:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 19:06:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 19:06:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 19:06:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 19:06:18 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 19:06:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 19:06:17 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 19:06:16 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 19:06:15 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 19:06:14 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/06 13:04:24 | 000,028,672 | ---- | C] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe
[2010/10/04 13:46:53 | 000,000,000 | R-SD | C] -- C:\Users\Rick\Documents\My Stationery
[2009/08/27 18:33:46 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2009/08/27 18:33:45 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2009/08/27 18:33:45 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2009/08/27 18:33:45 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2009/08/27 18:33:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2009/08/27 18:33:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2009/08/27 18:33:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2009/08/27 18:33:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2009/08/27 18:33:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2009/08/27 18:33:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2009/08/27 18:33:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2009/08/27 18:33:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 21:25:54 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3640A0-825F-4694-967C-F2781472A61C}.job
[2010/11/01 21:14:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/01 20:48:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 20:48:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 20:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/01 19:36:33 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2010/11/01 18:14:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/01 15:11:35 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rick.job
[2010/11/01 11:29:22 | 000,002,627 | ---- | M] () -- C:\Users\Rick\Desktop\Microsoft Office Word 2007.lnk
[2010/11/01 10:29:44 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 16:37:23 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/10/30 23:39:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/30 22:20:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 22:20:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/30 09:32:43 | 000,001,356 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2010/10/29 22:09:48 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/21 21:08:32 | 000,118,784 | ---- | M] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/15 06:22:26 | 000,480,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 13:31:25 | 000,002,305 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/07 17:46:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/10/06 13:05:46 | 000,000,340 | ---- | M] () -- C:\Windows\WSST_Screen_Saver.ini
[2010/10/06 13:05:17 | 001,542,454 | ---- | M] () -- C:\Windows\webshots.bmp
[2010/10/06 13:04:24 | 001,661,448 | ---- | M] () -- C:\Windows\Smallville.dat
[2010/10/06 13:04:24 | 000,466,944 | ---- | M] () -- C:\Windows\Smallville.scr
[2010/10/06 13:04:24 | 000,180,224 | ---- | M] () -- C:\Windows\UninstallWSST.exe
[2010/10/06 13:04:24 | 000,028,672 | ---- | M] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe
[2010/10/04 13:47:24 | 001,943,552 | ---- | M] () -- C:\Users\Rick\Documents\Bob's fire tales v2.doc
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 19:39:06 | 000,080,384 | ---- | C] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2010/10/30 22:53:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 22:53:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 22:53:14 | 000,085,504 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 22:53:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 22:53:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 22:09:48 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 13:05:17 | 001,542,454 | ---- | C] () -- C:\Windows\webshots.bmp
[2010/10/06 13:04:26 | 000,000,340 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2010/10/06 13:04:24 | 001,661,448 | ---- | C] () -- C:\Windows\Smallville.dat
[2010/10/06 13:04:24 | 000,466,944 | ---- | C] () -- C:\Windows\Smallville.scr
[2010/10/06 13:04:24 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2010/10/04 13:47:24 | 001,943,552 | ---- | C] () -- C:\Users\Rick\Documents\Bob's fire tales v2.doc
[2010/03/10 09:32:31 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/03/08 23:56:38 | 000,000,390 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/05 10:49:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/03/05 10:49:22 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/10/12 18:22:35 | 000,000,322 | ---- | C] () -- C:\ProgramData\dldt.log
[2009/09/24 17:02:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 19:41:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/29 07:14:29 | 000,118,784 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 06:54:18 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2009/08/28 06:54:18 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2009/08/28 06:54:18 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2009/08/28 06:54:18 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2009/08/28 06:54:18 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2009/08/27 18:37:22 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2009/08/27 18:35:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/08/27 18:35:06 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/08/27 18:33:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/08/27 18:33:45 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2009/08/27 18:33:43 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2009/08/27 18:33:43 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2009/08/27 18:33:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2009/08/27 18:33:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2009/08/27 18:33:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2009/08/27 18:33:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2009/08/27 18:33:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2009/08/27 18:33:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2009/08/22 18:43:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/08/22 18:43:48 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/08/22 18:43:48 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/08/22 18:43:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/08/22 18:43:48 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/08/22 18:25:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/08/22 18:04:43 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/21 14:10:59 | 000,001,356 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/04/25 10:08:44 | 000,009,823 | ---- | C] () -- C:\Windows\System32\cmdiag.ini
[2005/03/15 12:40:56 | 000,000,143 | ---- | C] () -- C:\Windows\System32\cmabout.ini
[2004/09/20 11:19:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\chksvrn.dll
[2003/09/16 19:11:42 | 000,163,840 | ---- | C] () -- C:\Windows\System32\cmabout.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/02 11:44:06 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 04:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2008/06/02 11:44:16 | 003,563,520 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\System32\WLTRAY.EXE
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/08/31 08:27:38 | 002,038,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 16:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/03/30 07:17:23 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2010/11/01 10:29:40 | 000,218,045 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/02/22 14:36:34 | 001,554,432 | ---- | M] () -- C:\Bob's fire tales v2.doc
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/21 16:11:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/31 20:42:38 | 000,014,039 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/16 23:55:19 | 000,004,015 | RH-- | M] () -- C:\dell.sdr
[2009/06/06 20:35:15 | 000,001,776 | ---- | M] () -- C:\dlcx.log
[2010/05/25 15:28:22 | 000,000,078 | ---- | M] () -- C:\dldt.log
[2010/06/24 17:32:50 | 002,664,406 | ---- | M] () -- C:\Fire Tales.eml
[2010/11/01 10:29:44 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 12:03:14 | 027,219,033 | ---- | M] () -- C:\HomeUseSW.zip
[2009/09/18 09:16:33 | 015,007,976 | R--- | M] () -- C:\HP_CLJ_CP3505_32bit-2000_XP_S2003_Vista_PCL6.exe
[2009/02/16 09:11:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/16 09:11:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/01 10:29:42 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
[2010/10/20 17:53:35 | 000,006,130 | ---- | M] () -- C:\scramble.log
[2009/01/16 22:44:17 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2009/08/27 18:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009/11/19 22:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\ActivIdentity
[2010/06/15 11:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/06 14:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/09/19 13:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/31 12:36:31 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/09/09 06:33:45 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/09/26 17:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/11 21:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2009/08/29 21:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/10/17 15:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2010/10/31 20:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/08/22 18:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/08/22 17:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/08/22 17:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2009/12/25 15:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\dcmsvc
[2010/05/25 15:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/08/27 18:35:22 | 000,000,000 | ---D | M] -- C:\Program Files\Dell PC Fax
[2009/08/27 18:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 926
[2010/09/11 08:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/10/30 21:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2009/12/19 16:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2010/10/29 09:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/09/14 18:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/03/11 21:25:22 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/22 18:23:57 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/15 06:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/26 17:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/26 17:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/08 16:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/29 09:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\JavaSoft
[2010/03/07 01:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/03/05 10:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2010/10/29 22:09:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/22 19:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2010/05/25 15:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2010/06/14 16:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/09/10 19:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/10 19:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/10/10 13:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/09/29 05:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/10 13:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/10/10 13:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/08/22 20:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/11 20:32:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/09/13 20:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 03:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 10:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/23 03:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/31 12:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2010/06/04 20:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/06/04 20:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/08/28 06:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2010/09/17 17:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/11 15:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/10 09:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/26 17:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/03/11 21:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/08/22 18:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/05/25 15:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/05/25 15:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/02/20 22:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2010/10/20 18:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/12/25 15:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\Warner Bros. Digital Copy Manager
[2010/02/20 10:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/02/20 10:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/02/20 10:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/20 10:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/10/10 13:08:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/10/10 13:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/09/16 21:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 06:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/02/20 10:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/02/21 09:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/05/25 15:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/10/18 06:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/03 08:48:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip

< %appdata%\*.* >
[2009/09/12 20:30:22 | 000,000,006 | -HS- | M] () -- C:\Users\Rick\AppData\Roaming\desktop.ini


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\DELL\drivers\R166201\Winall\Driver\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/04/25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\DELL\drivers\R166201\Winall\Driver64\IaStor.sys
[2007/04/25 12:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-31 17:36:32

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Rick\Documents\JGrad.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rick\Documents\Downloaded Program Updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rick\Documents\Batman (1966) - S1E08 - Rats Like Cheese.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rick\Documents\Batman (1966) - S1E07 - Instant Freeze.avi:Roxio EMC Stream

< End of report >

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Tue Nov 02, 2010 11:33 pm

OTL Extras logfile created on: 11/1/2010 9:20:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Tmp
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.90 Gb Total Space | 67.02 Gb Free Space | 23.86% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.57 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Drive E: | 4.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RICK-LAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099D4364-58B2-4A7B-99D4-57142FA13C9A}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{0BC338EF-CDAF-4E58-8A4F-CE954A617F37}" = lport=445 | protocol=6 | dir=in | app=system |
"{35101D93-7338-48A8-8AC1-B2C80ED19FAD}" = rport=138 | protocol=17 | dir=out | app=system |
"{354D34A9-98FC-4FF5-9BCF-97DAF77B7FD0}" = lport=138 | protocol=17 | dir=in | app=system |
"{3AE9BB0F-EC92-45DC-80F9-C4107B69CD0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3B6F3139-36F0-4E07-970A-B3300C7F4106}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{40747E29-26CC-4B70-86C4-76AA91AECE3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4986BC04-0087-48E1-A5E3-FB69FE568C8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AD78010-F9A8-4A00-B587-1ECD3186D0E2}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{79625817-883D-4490-8F56-CD2753922422}" = lport=137 | protocol=17 | dir=in | app=system |
"{A186E9F0-614F-4C28-B844-123B964E2E16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B29AF4BB-57E2-49AC-9062-7CB3FDBCE3BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED579C2C-643A-4392-9474-0C8231C8E48C}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE94AE15-7FA2-478D-8257-7697BA20CFE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF5880D8-9481-4AD5-9CE4-CF182959DAC1}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11980D51-9D79-49D0-A865-A65A94383F7B}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{15912C6F-36C9-4E13-9235-F9D5E4EAD79D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1DB297DB-6254-4F88-BF2B-E0BF745ED02D}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{255D10DA-1810-4C25-A6CC-F77C15FF04A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{268153F2-1D80-4134-81A2-16E910A0EDAB}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{3195C039-30F1-4AC1-A3AD-8547BE7024DE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4C46287E-194D-4F70-AFA3-176FDB7D3E78}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{5682F76B-C3F3-4765-8BE8-125173798876}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5DACCB1D-78E8-432F-8777-C5B724897B4C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5EFE0681-7B3E-4A6D-8F1C-EAE60E84B171}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{621FDE0C-0879-448D-A88A-0F965DDD94C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{69BA01A0-839C-4673-A2B3-0CB1FD00D519}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{719C4E59-8590-4B06-B9A7-79153346DA2B}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{73D170A1-E70F-4D8E-BEBE-4581F510C607}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{79071658-000B-453D-9012-88FD62507301}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{7AD6B299-DC46-4AFA-A1DE-D309A7AB040C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{86EEE3C6-69D7-4590-B3D4-E298767CFA86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8C2AF0A0-6DC5-4039-AFE8-8EE3A4800B37}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{9C211C39-DDC6-4DF4-A013-2E9741AF82BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A9BBAABE-8B25-457B-B131-31A252371C3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B225C052-6E9E-49FE-907F-F1B7811D7F31}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B48FACEA-C29A-4E2D-BB71-6D7D02BC71B7}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{C6F17ADC-067D-47B7-AF8B-3356D563853A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D0BFE406-18BF-4EB8-9E81-06D81C6CBBAA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3482620-E50B-4609-A601-692872A8EAE2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DDC2FC68-98CE-4DE6-9C89-303DBDB75CC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFD3496E-90FB-4990-881C-B75AE5E57703}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{E07FD8C6-1890-44D9-943F-D5E638C87ED4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F710E3EA-A92A-4D53-A826-63645C58B83B}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{F7F340F2-7736-4B62-9323-9EA53B1B10A2}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FEE9118C-B9C9-4835-B612-A9A1D533FD9E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{FFECD592-1D2A-43D8-97D4-B8F1871BCDA0}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"TCP Query User{6F025117-8C30-424D-8B29-08CF603734B0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{6F84D27F-4864-4646-9EBA-CC150864E087}C:\program files\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"TCP Query User{71CCC374-23B1-494C-84A5-D8D1FD067F37}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{444D6167-5B6C-4B01-9063-32535310B7F3}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{8D41871C-CFF6-4C82-8BAD-96069C10A76B}C:\program files\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"UDP Query User{EC7D850A-9CFE-4ECD-825A-F5ABEB70E7E4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 AFR
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B798631A-E543-492B-9063-1F4D8336D377}" = Symantec AntiVirus
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ASP For Windows" = ASP For Windows
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Comical_is1" = Comical 0.8
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"dcmsvc_is1" = dcmsvc 1.0
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"JRE 1.1" = Java Runtime Environment 1.1
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MVApplication1" = Memorex exPressit Label Design Studio
"NSS" = Norton Security Scan
"RealPlayer 12.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TurboTax 2009" = TurboTax 2009
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2010 4:27:03 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29805208

Error - 9/16/2010 4:27:04 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/16/2010 4:27:04 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29806253

Error - 9/16/2010 4:27:04 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29806253

Error - 9/16/2010 4:27:05 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/16/2010 4:27:05 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29807251

Error - 9/16/2010 4:27:05 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29807251

Error - 9/16/2010 4:27:06 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/16/2010 4:27:06 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29808250

Error - 9/16/2010 4:27:06 AM | Computer Name = Rick-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29808250

[ Broadcom Wireless LAN Events ]
Error - 9/19/2010 5:54:00 PM | Computer Name = Rick-Laptop | Source = WLAN-Tray | ID = 0
Description = 16:54:00, Sun, Sep 19, 10 Error - Unable to gain access to user store


Error - 10/31/2010 1:30:57 PM | Computer Name = Rick-Laptop | Source = WLAN-Tray | ID = 0
Description = 12:30:57, Sun, Oct 31, 10 Error - Unable to gain access to user store


[ OSession Events ]
Error - 8/19/2010 9:59:34 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 388
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/20/2010 6:40:57 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/20/2010 7:17:09 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1737
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/20/2010 8:22:19 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 477
seconds with 420 seconds of active time. This session ended with a crash.

Error - 8/20/2010 11:00:56 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2010 1:01:08 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 755
seconds with 480 seconds of active time. This session ended with a crash.

Error - 8/21/2010 5:11:42 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 139
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2010 5:14:57 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 137
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/21/2010 5:15:53 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/21/2010 8:06:59 PM | Computer Name = Rick-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/7/2009 7:28:43 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/7/2009 8:48:06 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/7/2009 8:49:27 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/7/2009 8:51:27 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/7/2009 9:00:06 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/7/2009 10:27:35 PM | Computer Name = Rick-Laptop | Source = netbt | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/8/2009 6:26:33 PM | Computer Name = Rick-Laptop | Source = HTTP | ID = 15016
Description =

Error - 12/8/2009 6:26:50 PM | Computer Name = Rick-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 12/8/2009 6:26:50 PM | Computer Name = Rick-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 12/8/2009 6:26:50 PM | Computer Name = Rick-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Tue Nov 02, 2010 11:36 pm

ComboFix 10-10-30.02 - Rick 10/31/2010 20:26:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1353 [GMT -5:00]
Running from: c:\temp\Combo-Fix.exe
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 01:38 . 2010-11-01 01:38 -------- d-----w- c:\users\SnowStreak\AppData\Local\temp
2010-11-01 01:38 . 2010-11-01 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 03:46 . 2010-10-31 03:47 3896453 ----a-w- c:\temp\bootkit_remover\Combo-Fix.exe
2010-10-31 03:45 . 2010-10-31 03:45 3896453 ----a-r- c:\temp\Combo-Fix.exe
2010-10-31 03:27 . 2010-10-26 00:09 6153376 ----a-w- c:\temp\mbam-setup.exe
2010-10-31 03:27 . 2010-10-26 23:15 364032 ----a-w- c:\temp\rkill.exe
2010-10-31 03:27 . 2010-10-26 23:16 364032 ----a-w- c:\temp\rkill.com
2010-10-31 03:27 . 2010-10-26 23:16 364032 ----a-w- c:\temp\rkill.scr
2010-10-31 03:27 . 2010-10-26 23:16 575488 ----a-w- c:\temp\OTL.exe
2010-10-31 03:27 . 2010-10-26 23:21 1187896 ----a-w- c:\temp\ccsetup236.exe
2010-10-31 02:01 . 2010-09-01 20:33 83968 ----a-w- c:\temp\bootkit_remover\remover.exe
2010-10-30 03:09 . 2010-10-30 03:09 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2010-10-30 03:09 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-30 03:09 . 2010-10-30 03:09 -------- d-----w- c:\programdata\Malwarebytes
2010-10-30 03:09 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-30 03:09 . 2010-10-30 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-30 03:08 . 2010-10-30 03:08 6153352 ----a-w- c:\temp\mbam-setup-1.46.exe
2010-10-29 21:50 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{730983EC-C8F3-4E36-A660-D975558EBBE1}\mpengine.dll
2010-10-29 21:49 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-29 21:49 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-29 21:49 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 21:49 . 2010-10-31 17:36 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-20 23:31 . 2010-10-20 23:34 -------- d-----w- c:\users\TEMP
2010-10-20 22:54 . 2010-10-20 23:26 -------- d-----w- c:\program files\VideoLAN
2010-10-17 20:55 . 2010-10-17 20:55 -------- d-----w- c:\program files\Comical
2010-10-15 00:07 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 00:07 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-06 18:04 . 2010-10-06 18:04 466944 ----a-w- c:\windows\Smallville.scr
2010-10-06 18:04 . 2010-10-06 18:04 28672 ----a-w- c:\windows\system32\ssconfig.exe
2010-10-06 18:04 . 2010-10-06 18:04 180224 ----a-w- c:\windows\UninstallWSST.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-12-14 22:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-29 21:49 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-29 21:49 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-29 21:49 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-29 21:49 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 21:49 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 13:09 . 2010-08-09 13:09 18432 ----a-w- c:\windows\ss3unstl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2009-06-15 182208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-04-03 136080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]

c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2009-12-25 95232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-3-4 97384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R3 cmeu0wdm;CardMan 2020;c:\windows\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 43737]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-17 15008]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-04-03 121744]
R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys [2008-01-21 22016]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-09 1357464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\DRIVERS\HPKBCCID.sys [2006-11-07 46976]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:45]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:45]

2010-10-31 c:\windows\Tasks\Norton Security Scan for Rick.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 15:06]

2010-11-01 c:\windows\Tasks\User_Feed_Synchronization-{AB3640A0-825F-4694-967C-F2781472A61C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-31 20:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-31 20:42:38
ComboFix-quarantined-files.txt 2010-11-01 01:42
ComboFix2.txt 2010-10-31 04:44

Pre-Run: 69,086,101,504 bytes free
Post-Run: 69,068,619,776 bytes free

- - End Of File - - F3F644B4B412C40E6D5090BEEA4A0154

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by Belahzur on Wed Nov 03, 2010 1:01 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Wed Nov 03, 2010 11:28 pm

Ran it.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

That's all that was in the log. However, it found and deleted 1 trheat - a Trojan.

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by Belahzur on Thu Nov 04, 2010 12:23 am

Where was the threat found?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Thu Nov 04, 2010 12:27 am

I should have taken a screen shot. I can't remember exactly. Let me think

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Google-Analytics Virus? - Computer #1

Post by redarrow62 on Thu Nov 04, 2010 10:35 pm

Thanks!

redarrow62
Intermediate
Intermediate

Posts Posts : 51
Joined Joined : 2010-10-26
Gender Gender : Male
OS OS : Vista,XP
Points Points : 22975
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum