Jump to content

Could be infected.


iano200

Recommended Posts

I'm having problems with Internet Explorer, when I start it up it flashes up and then closes down. I've followed the steps here. Don't know what else to do except post a hijackthis log and hope someone can help me out.

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Dell 968 AIO Printer\dldomon.exe

C:\Program Files\Dell 968 AIO Printer\memcard.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\The KMPlayer\KMPlayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"

O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Philips Device Manager.lnk = C:\Program Files\Philips\GoGear Mix Device Manager\main.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: dldo_device - - C:\Windows\system32\dldocoms.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

--

End of file - 11721 bytes

Any help would be greatly appreciated

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Thanks for responding, here's the reports

OTL logfile created on: 08/09/2010 10:57:47 - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Murphy\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 450.69 Gb Total Space | 301.22 Gb Free Space | 66.84% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 14.90 Gb Free Space | 99.35% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MURPHY-PC

Current User Name: Murphy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/08 10:56:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Murphy\Desktop\OTL.exe

PRC - [2010/09/05 13:16:47 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/09/05 13:16:46 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/08/20 20:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/07/24 23:47:37 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/24 23:47:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe

PRC - [2010/06/11 11:07:06 | 000,009,216 | ---- | M] () -- C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/02/03 05:17:28 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2010/02/03 05:16:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/09/17 01:50:54 | 006,364,160 | ---- | M] (Pandora.TV) -- C:\Program Files\The KMPlayer\KMPlayer.exe

PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/04/27 14:30:38 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe

PRC - [2009/04/27 14:30:34 | 000,410,280 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe

PRC - [2009/03/25 20:18:38 | 002,340,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2009/03/25 20:18:38 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/03/25 20:18:38 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

PRC - [2009/02/28 19:40:38 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe

PRC - [2009/02/16 10:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe

PRC - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/05/06 18:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (SafeList) ==========

MOD - [2010/09/08 10:56:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Murphy\Desktop\OTL.exe

MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/05 13:16:46 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/09/01 11:44:26 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/08/12 16:20:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/15 00:17:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/06/11 11:07:06 | 000,009,216 | ---- | M] () [Auto | Running] -- C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)

SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/02/03 05:16:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/03/25 20:18:38 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)

SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/05/06 18:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\yeddef.sys -- (yeddef)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VcommMgr.sys -- (VcommMgr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\VComm.sys -- (VComm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btnetdrv.sys -- (BT)

DRV - [2010/08/11 13:45:24 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/08/10 17:15:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/06/04 11:55:48 | 000,224,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010/06/01 19:00:14 | 000,075,944 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2010/06/01 19:00:14 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010/06/01 19:00:12 | 000,016,744 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2010/02/03 05:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2010/02/03 05:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)

DRV - [2010/02/03 04:23:42 | 000,150,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010/01/28 15:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/09/24 14:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)

DRV - [2009/09/24 06:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)

DRV - [2009/08/26 12:16:48 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/05 20:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®

DRV - [2009/03/24 19:14:40 | 000,084,256 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)

DRV - [2009/03/24 19:14:38 | 000,106,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2009/03/24 19:14:34 | 000,017,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)

DRV - [2009/02/28 20:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/01 20:33:51] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2008/12/22 17:05:10 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/05/06 18:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnccom.SYS -- (vnccom)

DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncdrv.sys -- (vncdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

IE - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie

IE - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.2

FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5

FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/07 11:18:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 09:48:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 21:08:33 | 000,000,000 | ---D | M]

[2010/08/27 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Extensions

[2010/08/27 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/09/07 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions

[2010/08/18 09:55:40 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}

[2010/04/09 13:13:34 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2010/04/03 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\battlefieldheroespatcher@ea.com

[2010/05/11 10:30:19 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\cfxe@Triton

[2010/05/11 10:30:22 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\cfxHelper@Triton

[2010/02/19 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\glaze_black@www.theme-oasis.org

[2010/08/20 15:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/14 15:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/20 15:10:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/14 21:31:12 | 000,001,308 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()

O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-3679327364-543717364-1577018617-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 10:56:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Murphy\Desktop\OTL.exe

[2010/09/07 19:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/09/03 12:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/03 12:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/03 12:36:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/03 11:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\RapidShareManager

[2010/08/31 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\.minecraft

[2010/08/27 00:12:56 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\LimeWire

[2010/08/27 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\LimeWire

[2010/08/27 00:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire

[2010/08/26 23:59:22 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\Syl

[2010/08/24 20:47:05 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\Adobe Scripts

[2010/08/20 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/08/19 10:25:17 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/08/19 10:25:17 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\Adobe Mini Bridge CS5

[2010/08/18 10:38:54 | 000,000,000 | ---D | C] -- C:\download

[2010/08/17 09:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/08/12 16:28:18 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\Adobe

[2010/08/12 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2010/08/11 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\DMCache

[2010/08/10 17:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies

[2010/08/10 08:47:27 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\968 Series

[2010/08/09 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\dl_cats

[2010/08/09 19:12:15 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMGMAN32.DLL

[2010/08/09 19:12:15 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMHOST32.DLL

[2010/08/09 19:12:15 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XPNG.DEL

[2010/08/09 19:12:15 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XTIF.DEL

[2010/08/09 19:12:15 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31IMG.DIL

[2010/08/09 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\968 Series

[2010/08/09 19:12:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll

[2010/08/09 19:12:12 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe

[2010/08/09 19:12:12 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll

[2010/08/09 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Dell 968 AIO Printer

[2010/08/06 15:54:25 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\Malwarebytes

[2010/08/06 15:54:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/08/06 15:54:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/08/06 15:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/06 15:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/04 22:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy

[2010/08/04 22:11:22 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\Battlefield 2

[2010/08/04 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\GameSpy

[2010/08/03 19:30:36 | 000,000,000 | ---D | C] -- C:\Fraps

[2010/08/02 22:08:55 | 000,006,016 | ---- | C] (RDV Soft) -- C:\Windows\System32\drivers\vnccom.SYS

[2010/08/02 22:04:11 | 000,012,800 | ---- | C] (RDV Soft) -- C:\Windows\System32\vncdrv.dll

[2010/08/02 22:04:11 | 000,005,760 | ---- | C] (RDV Soft) -- C:\Windows\System32\vnchelp.dll

[2010/08/02 22:04:11 | 000,004,736 | ---- | C] (RDV Soft) -- C:\Windows\System32\drivers\vncdrv.sys

[2010/08/02 22:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC

[2010/07/28 13:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon

[2010/07/27 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU

[2010/07/27 14:39:15 | 000,000,000 | ---D | C] -- C:\Nexon

[2010/07/27 14:39:05 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe

[2010/07/27 14:35:28 | 000,000,000 | -H-D | C] -- C:\VritualRoot

[2010/07/27 14:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO

[2010/07/27 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010/07/27 14:30:02 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\PMB Files

[2010/07/27 14:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2010/07/27 14:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks

[2010/07/27 14:16:07 | 000,000,000 | R--D | C] -- C:\Users\Murphy\Documents\Scanned Documents

[2010/07/27 14:16:07 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\Fax

[2010/07/27 14:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/07/27 12:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

[2010/07/27 11:15:20 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\Sunbelt Software

[2010/07/27 11:14:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

[2010/07/07 11:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2010/07/07 11:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2010/07/05 12:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/07/05 12:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/07/01 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\Publish Providers

[2010/07/01 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\Sony

[2010/07/01 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\Sony

[2010/07/01 14:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2010/07/01 14:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/07/01 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Murphy\Documents\AVS4YOU

[2010/07/01 13:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2010/07/01 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\AVS4YOU

[2010/07/01 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia

[2010/07/01 13:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU

[2010/06/25 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/06/23 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\Apple_Inc

[2010/06/23 20:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility

[2010/06/23 10:51:41 | 000,000,000 | ---D | C] -- C:\Users\Murphy\.shsh

[2010/06/22 20:02:48 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\CyberLink

[2010/06/21 11:23:31 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\TS3Client

[2010/06/21 10:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2010/06/19 21:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2010/06/19 21:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2010/06/19 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2010/06/19 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Local\Downloaded Installations

[2010/06/19 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/06/19 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic-Eng7

[2010/06/17 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/15 03:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll

[2010/06/15 00:17:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/06/14 14:21:14 | 000,000,000 | ---D | C] -- C:\Users\Murphy\AppData\Roaming\McAfee

[2010/06/14 13:25:38 | 000,143,360 | ---- | C] (Inner Media, Inc.) -- C:\Windows\System32\dunzip32.dll

[2010/06/14 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MillieSoft

[2010/06/14 11:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\MillieSoft

[2007/09/10 19:46:54 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll

[2007/09/10 19:43:36 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll

[2007/09/10 19:43:28 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll

[2007/09/10 19:43:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll

[2007/09/10 19:41:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll

[2007/09/10 19:41:10 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll

[2007/09/10 19:40:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll

[2007/09/10 19:36:50 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll

[2007/09/10 19:36:28 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll

========== Files - Modified Within 90 Days ==========

[2010/09/08 11:00:01 | 002,883,584 | -HS- | M] () -- C:\Users\Murphy\ntuser.dat

[2010/09/08 10:59:28 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2010/09/08 10:58:14 | 000,133,632 | ---- | M] () -- C:\Users\Murphy\Desktop\RKUnhookerLE.EXE

[2010/09/08 10:56:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Murphy\Desktop\OTL.exe

[2010/09/08 10:35:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/08 09:24:47 | 000,027,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 09:24:47 | 000,027,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 09:20:44 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/09/08 09:19:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/08 09:19:41 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/09/08 09:19:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/08 09:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/08 09:19:28 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/08 04:56:59 | 012,625,033 | -H-- | M] () -- C:\Users\Murphy\AppData\Local\IconCache.db

[2010/09/07 19:43:41 | 000,001,407 | ---- | M] () -- C:\Users\Murphy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/09/07 19:00:00 | 000,002,039 | ---- | M] () -- C:\Users\Murphy\Desktop\HijackThis.lnk

[2010/09/03 12:39:11 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/03 11:28:12 | 000,001,051 | ---- | M] () -- C:\Users\Murphy\Desktop\RapidShare Manager.lnk

[2010/08/30 16:53:18 | 016,093,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/30 16:53:18 | 000,706,446 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/08/30 16:53:18 | 000,705,470 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2010/08/30 16:53:18 | 000,703,208 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2010/08/30 16:53:18 | 000,701,742 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2010/08/30 16:53:18 | 000,701,124 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2010/08/30 16:53:18 | 000,691,358 | ---- | M] () -- C:\Windows\System32\prfh0816.dat

[2010/08/30 16:53:18 | 000,687,974 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2010/08/30 16:53:18 | 000,675,820 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/08/30 16:53:18 | 000,655,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010/08/30 16:53:18 | 000,644,196 | ---- | M] () -- C:\Windows\System32\perfh00E.dat

[2010/08/30 16:53:18 | 000,635,160 | ---- | M] () -- C:\Windows\System32\perfh005.dat

[2010/08/30 16:53:18 | 000,629,584 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010/08/30 16:53:18 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/30 16:53:18 | 000,622,218 | ---- | M] () -- C:\Windows\System32\perfh01F.dat

[2010/08/30 16:53:18 | 000,563,786 | ---- | M] () -- C:\Windows\System32\perfh008.dat

[2010/08/30 16:53:18 | 000,474,188 | ---- | M] () -- C:\Windows\System32\perfh006.dat

[2010/08/30 16:53:18 | 000,460,602 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2010/08/30 16:53:18 | 000,446,502 | ---- | M] () -- C:\Windows\System32\perfh001.dat

[2010/08/30 16:53:18 | 000,445,404 | ---- | M] () -- C:\Windows\System32\perfh00B.dat

[2010/08/30 16:53:18 | 000,411,752 | ---- | M] () -- C:\Windows\System32\perfh012.dat

[2010/08/30 16:53:18 | 000,400,534 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2010/08/30 16:53:18 | 000,389,886 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2010/08/30 16:53:18 | 000,373,784 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2010/08/30 16:53:18 | 000,365,538 | ---- | M] () -- C:\Windows\System32\perfh00D.dat

[2010/08/30 16:53:18 | 000,152,130 | ---- | M] () -- C:\Windows\System32\perfc00E.dat

[2010/08/30 16:53:18 | 000,140,882 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2010/08/30 16:53:18 | 000,138,660 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2010/08/30 16:53:18 | 000,137,572 | ---- | M] () -- C:\Windows\System32\prfc0816.dat

[2010/08/30 16:53:18 | 000,136,760 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2010/08/30 16:53:18 | 000,136,336 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2010/08/30 16:53:18 | 000,133,960 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/08/30 16:53:18 | 000,133,360 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010/08/30 16:53:18 | 000,131,914 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/08/30 16:53:18 | 000,130,964 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2010/08/30 16:53:18 | 000,127,560 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010/08/30 16:53:18 | 000,125,608 | ---- | M] () -- C:\Windows\System32\perfc005.dat

[2010/08/30 16:53:18 | 000,125,346 | ---- | M] () -- C:\Windows\System32\perfc01F.dat

[2010/08/30 16:53:18 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2010/08/30 16:53:18 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/30 16:53:18 | 000,108,496 | ---- | M] () -- C:\Windows\System32\perfc012.dat

[2010/08/30 16:53:18 | 000,108,068 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2010/08/30 16:53:18 | 000,103,154 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2010/08/30 16:53:18 | 000,093,256 | ---- | M] () -- C:\Windows\System32\perfc008.dat

[2010/08/30 16:53:18 | 000,085,968 | ---- | M] () -- C:\Windows\System32\perfc00B.dat

[2010/08/30 16:53:18 | 000,083,624 | ---- | M] () -- C:\Windows\System32\perfc006.dat

[2010/08/30 16:53:18 | 000,082,804 | ---- | M] () -- C:\Windows\System32\perfc001.dat

[2010/08/30 16:53:18 | 000,080,916 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2010/08/30 16:53:18 | 000,072,914 | ---- | M] () -- C:\Windows\System32\perfc00D.dat

[2010/08/25 18:35:33 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010/08/25 18:34:38 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2010/08/21 21:08:34 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/20 10:47:53 | 000,183,684 | ---- | M] () -- C:\Users\Murphy\Documents\Untitled Project.aep

[2010/08/19 17:23:07 | 009,413,675 | ---- | M] () -- C:\Users\Murphy\Documents\3rd.wmv

[2010/08/19 14:17:20 | 008,177,756 | ---- | M] () -- C:\Users\Murphy\Documents\Untitled.wmv

[2010/08/19 11:01:54 | 001,886,089 | ---- | M] () -- C:\Users\Murphy\Documents\DarC Logo.psd

[2010/08/19 11:01:48 | 000,260,903 | ---- | M] () -- C:\Users\Murphy\Documents\DarC Logo.png

[2010/08/19 11:01:47 | 000,000,132 | ---- | M] () -- C:\Users\Murphy\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/08/17 20:49:15 | 003,658,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/17 16:47:28 | 000,067,224 | ---- | M] () -- C:\Users\Murphy\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/17 16:43:59 | 000,260,633 | ---- | M] () -- C:\Users\Murphy\Documents\Untitled-1.psd

[2010/08/17 09:48:44 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/10 17:15:44 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

[2010/08/09 19:12:57 | 000,020,202 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf

[2010/08/04 22:10:32 | 000,139,152 | ---- | M] () -- C:\Users\Murphy\AppData\Roaming\PnkBstrK.sys

[2010/08/04 22:10:13 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe

[2010/08/04 13:32:03 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2010/08/02 22:09:28 | 000,000,017 | ---- | M] () -- C:\Windows\System32\'

[2010/08/02 21:00:22 | 000,000,600 | ---- | M] () -- C:\Users\Murphy\AppData\Roaming\winscp.rnd

[2010/08/01 01:00:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2010/07/30 12:39:59 | 002,094,827 | ---- | M] () -- C:\Users\Murphy\Documents\Spidey Sig.psd

[2010/07/30 12:03:01 | 000,105,094 | ---- | M] () -- C:\Users\Murphy\Documents\Spidey Sig.png

[2010/07/30 11:57:23 | 000,033,961 | ---- | M] () -- C:\Users\Murphy\Documents\ak47_logo_sig_darkbg.png

[2010/07/29 12:33:17 | 000,305,538 | ---- | M] () -- C:\Users\Murphy\Documents\spiderman.png

[2010/07/27 14:39:05 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe

[2010/07/27 14:33:17 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2010/07/27 11:33:02 | 000,524,288 | -HS- | M] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TMContainer00000000000000000002.regtrans-ms

[2010/07/27 11:33:02 | 000,524,288 | -HS- | M] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TMContainer00000000000000000001.regtrans-ms

[2010/07/27 11:33:02 | 000,065,536 | -HS- | M] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TM.blf

[2010/07/27 11:14:56 | 000,001,124 | ---- | M] () -- C:\Users\Murphy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/27 11:14:56 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/07/23 11:04:48 | 000,520,862 | ---- | M] () -- C:\Users\Murphy\Documents\cptame2r2fn.png

[2010/07/13 11:25:15 | 000,180,368 | ---- | M] () -- C:\Users\Murphy\Documents\ghostrender.png

[2010/07/12 23:48:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2010/07/12 17:11:06 | 000,251,832 | ---- | M] () -- C:\Users\Murphy\Documents\batman1at5.png

[2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/07/12 09:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2010/07/07 11:22:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010/07/05 10:40:40 | 000,096,323 | ---- | M] () -- C:\Users\Murphy\Documents\Full_Metal_Jacket_002.jpg

[2010/06/23 20:42:40 | 000,000,866 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella

[2010/06/21 22:04:23 | 000,169,916 | ---- | M] () -- C:\Users\Murphy\Documents\Winner Hustle Kings.psd

[2010/06/19 21:43:53 | 010,927,104 | ---- | M] () -- C:\Program Files\EA Link.msi

[2010/06/19 21:43:37 | 000,003,584 | ---- | M] () -- C:\Program Files\1033.MST

[2010/06/19 21:43:21 | 000,005,515 | ---- | M] () -- C:\Program Files\0x0409.ini

[2010/06/16 10:03:12 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

[2010/06/15 03:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll

[2010/06/14 13:53:08 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2010/06/13 18:08:34 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

========== Files Created - No Company Name ==========

[2010/09/08 10:58:13 | 000,133,632 | ---- | C] () -- C:\Users\Murphy\Desktop\RKUnhookerLE.EXE

[2010/09/08 09:20:44 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/09/07 19:43:41 | 000,001,407 | ---- | C] () -- C:\Users\Murphy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/09/07 19:00:00 | 000,002,039 | ---- | C] () -- C:\Users\Murphy\Desktop\HijackThis.lnk

[2010/09/03 12:39:11 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/19 16:58:59 | 009,413,675 | ---- | C] () -- C:\Users\Murphy\Documents\3rd.wmv

[2010/08/19 12:50:56 | 000,183,684 | ---- | C] () -- C:\Users\Murphy\Documents\Untitled Project.aep

[2010/08/19 11:01:42 | 000,260,903 | ---- | C] () -- C:\Users\Murphy\Documents\DarC Logo.png

[2010/08/17 17:25:01 | 001,886,089 | ---- | C] () -- C:\Users\Murphy\Documents\DarC Logo.psd

[2010/08/17 13:06:15 | 008,177,756 | ---- | C] () -- C:\Users\Murphy\Documents\Untitled.wmv

[2010/08/17 09:48:44 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/10 17:15:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010/08/09 19:12:15 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll

[2010/08/09 19:12:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL

[2010/08/09 19:12:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL

[2010/08/09 19:12:15 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL

[2010/08/09 19:12:12 | 000,691,756 | ---- | C] () -- C:\Windows\System32\DLDOhelp.chm

[2010/08/09 19:12:12 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll

[2010/08/09 19:12:12 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll

[2010/08/09 19:12:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll

[2010/08/09 19:12:12 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll

[2010/08/09 19:12:12 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll

[2010/08/09 19:12:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll

[2010/08/09 19:12:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll

[2010/08/09 19:12:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll

[2010/08/09 19:12:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll

[2010/08/09 19:12:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll

[2010/08/09 19:12:06 | 000,020,202 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf

[2010/08/02 22:09:28 | 000,000,017 | ---- | C] () -- C:\Windows\System32\'

[2010/07/30 11:57:23 | 000,033,961 | ---- | C] () -- C:\Users\Murphy\Documents\ak47_logo_sig_darkbg.png

[2010/07/29 13:05:49 | 000,000,132 | ---- | C] () -- C:\Users\Murphy\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/07/29 13:05:47 | 000,105,094 | ---- | C] () -- C:\Users\Murphy\Documents\Spidey Sig.png

[2010/07/29 13:05:36 | 002,094,827 | ---- | C] () -- C:\Users\Murphy\Documents\Spidey Sig.psd

[2010/07/29 11:40:16 | 000,305,538 | ---- | C] () -- C:\Users\Murphy\Documents\spiderman.png

[2010/07/27 14:34:31 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2010/07/27 14:33:17 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2010/07/27 11:14:56 | 000,001,124 | ---- | C] () -- C:\Users\Murphy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/27 11:14:56 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/07/27 10:40:43 | 000,524,288 | -HS- | C] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TMContainer00000000000000000002.regtrans-ms

[2010/07/27 10:40:43 | 000,524,288 | -HS- | C] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TMContainer00000000000000000001.regtrans-ms

[2010/07/27 10:40:43 | 000,065,536 | -HS- | C] () -- C:\Users\Murphy\ntuser.dat{fec3e565-9962-11df-ad84-001e4ccd1215}.TM.blf

[2010/07/23 11:42:35 | 000,260,633 | ---- | C] () -- C:\Users\Murphy\Documents\Untitled-1.psd

[2010/07/23 11:04:48 | 000,520,862 | ---- | C] () -- C:\Users\Murphy\Documents\cptame2r2fn.png

[2010/07/13 11:25:14 | 000,180,368 | ---- | C] () -- C:\Users\Murphy\Documents\ghostrender.png

[2010/07/12 23:48:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2010/07/12 17:11:05 | 000,251,832 | ---- | C] () -- C:\Users\Murphy\Documents\batman1at5.png

[2010/07/07 11:22:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010/07/05 10:40:39 | 000,096,323 | ---- | C] () -- C:\Users\Murphy\Documents\Full_Metal_Jacket_002.jpg

[2010/06/30 09:21:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/06/21 21:12:33 | 000,169,916 | ---- | C] () -- C:\Users\Murphy\Documents\Winner Hustle Kings.psd

[2010/06/19 21:44:13 | 010,927,104 | ---- | C] () -- C:\Program Files\EA Link.msi

[2010/06/19 21:44:13 | 000,005,515 | ---- | C] () -- C:\Program Files\0x0409.ini

[2010/06/19 21:44:13 | 000,003,584 | ---- | C] () -- C:\Program Files\1033.MST

[2010/06/14 13:24:21 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job

[2010/06/14 13:24:19 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\McQcTask.job

[2010/06/13 12:14:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2010/05/04 10:54:49 | 000,000,600 | ---- | C] () -- C:\Users\Murphy\AppData\Roaming\winscp.rnd

[2010/03/10 21:16:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/24 14:46:35 | 000,139,152 | ---- | C] () -- C:\Users\Murphy\AppData\Roaming\PnkBstrK.sys

[2010/02/24 14:46:35 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010/02/20 12:01:53 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/02/19 20:19:50 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll

[2009/09/24 14:38:42 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2007/09/06 21:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll

[2007/08/31 19:51:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll

[2007/08/01 09:15:52 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll

[2007/06/14 21:45:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll

[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI

========== LOP Check ==========

[2010/08/31 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\.minecraft

[2010/08/10 08:47:28 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\968 Series

[2010/02/20 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/08/11 13:38:04 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\DMCache

[2010/03/03 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\FileZilla

[2010/03/01 19:40:45 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\ImgBurn

[2010/08/27 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\LimeWire

[2010/02/25 10:46:34 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Nokia

[2010/02/24 19:55:07 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\OpenOffice.org

[2010/02/24 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\PC Suite

[2010/07/01 15:17:04 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Publish Providers

[2010/07/01 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Sony

[2010/08/19 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/02/23 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\The Creative Assembly

[2010/06/21 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\TS3Client

[2010/02/20 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\Uniblue

[2010/09/07 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Murphy\AppData\Roaming\uTorrent

[2010/09/08 09:20:44 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/06/14 13:53:08 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2010/08/01 01:00:00 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2010/08/11 22:34:50 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 08/09/2010 10:57:47 - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Murphy\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 450.69 Gb Total Space | 301.22 Gb Free Space | 66.84% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 14.90 Gb Free Space | 99.35% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MURPHY-PC

Current User Name: Murphy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater

"{0B26A979-EC68-4624-A647-98A506CEE048}" = GoGear Mix Device Manager

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{123F407A-BAD1-425F-9C17-334FB6DDC339}" = GoGear Mix Device Manager

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver

"{1E7603CA-71BE-4113-86E7-DD9E17F6BA7D}" = TunerFree MCE

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2258EB2F-185C-43A0-BD05-F8717375A70B}" = Vegas Pro 9.0

"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21

"{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light

"{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{361AA6F2-124E-4E98-9402-83B1445B8448}" = GameSpy Comrade

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing

"{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility

"{70B9CD9B-93D7-4B50-BAF1-99CDE11343B8}" = OpenOffice.org 3.2

"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup

"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Report from RootkitUnhooker

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>Drivers

==============================================

0x92834000 C:\Windows\system32\DRIVERS\atipmdag.sys 5640192 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x83200000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x83200000 PnpManager 4259840 bytes

0x83200000 RAW 4259840 bytes

0x83200000 WMIxWDM 4259840 bytes

0x9AE90000 Win32k 2400256 bytes

0x9AE90000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x91C39000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x8C208000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x8BEB4000 PCI_PNP9006 995328 bytes

0x8BEB4000 C:\Windows\System32\Drivers\spaf.sys 995328 bytes

0x8BEB4000 sptd 995328 bytes

0x91600000 C:\Windows\System32\Drivers\dump_iaStorV.sys 897024 bytes

0x8C07C000 C:\Windows\system32\DRIVERS\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x9241C000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8C41F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x8BD09000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x9E368000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x9E23F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8D961000 C:\Windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device)

0x8BC36000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x8D8EE000 C:\Windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)

0x8BE35000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x8D81F000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)

0x91F30000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)

0x8C375000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x91E09000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x92EFF000 C:\Windows\system32\drivers\stwrt.sys 339968 bytes (SigmaTel, Inc., NDRC)

0xA1F52000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0xA1F03000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x9B120000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x9256E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8C01B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8BDB4000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x92E44000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8BCC7000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x91ECF000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8C542000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8C4D6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x9E312000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x91721000 C:\Windows\System32\DRIVERS\cmdguard.sys 237568 bytes (COMODO, COMODO Internet Security Sandbox Driver)

0x924D3000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x9252B000 C:\Windows\system32\DRIVERS\e1e6232.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)

0x83610000 ACPI_HAL 225280 bytes

0x83610000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8C160000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x92E02000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x8C5CE000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x91C00000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x91D82000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x92EB7000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8C589000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0xA1ED7000 C:\Program Files\CyberLink\PowerDVD9\000.fcl 180224 bytes (CyberLink Corp., -)

0x925C8000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)

0x8C337000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x917D4000 C:\Windows\system32\DRIVERS\atikmpag.sys 172032 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)

0xA1FA3000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x8BE00000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8BFB0000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x8C1B4000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8C514000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x8D883000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)

0x9E2EF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x92DBF000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA1EA7000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x91FBA000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x91775000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x8BC10000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x91702000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x9250C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x91E6A000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x92E99000 C:\Windows\system32\drivers\AtiHdmi.sys 122880 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)

0x9B170000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x8D8B4000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)

0x916DB000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x9E34D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8C1D9000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x9E2C4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x92EE6000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x91F94000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x92DA7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x92DE1000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x92800000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x92817000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x91DB3000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x92F70000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x92F89000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x8C066000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x91E89000 C:\Windows\system32\DRIVERS\inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)

0x92FC8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)

0x8C362000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x8C000000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x91EAC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x92D95000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x8D8CF000 C:\Windows\system32\DRIVERS\bthmodem.sys 73728 bytes (Microsoft Corporation, Bluetooth Communications Driver)

0x92FA0000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)

0x91FDB000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)

0x9E2DD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8C400000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x92F5F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x8C194000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x92E88000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8BFE9000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x8BCAE000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8C3E9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8C5B6000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x91EBF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x8BC00000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x8C1A5000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0x925B9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x91FAC000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x91E9E000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x917C6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8C3D2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x92E36000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0xA1FD5000 C:\Windows\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)

0x8D9EF000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)

0x8BEA6000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x8D8A7000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)

0x92400000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x92F52000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x91DDF000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8D8E1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x91DEC000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0xA1EC8000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x91796000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x91F24000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x92FE2000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x91769000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x92FBD000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x8D80B000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x92FEE000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x917BB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x9240F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x91DCA000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8D800000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)

0x92563000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8BFDE000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x8D9E2000 C:\Windows\system32\DRIVERS\btwl2cap.sys 40960 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)

0x91DD5000 C:\Windows\System32\DRIVERS\cmdhlp.sys 40960 bytes (COMODO, COMODO Internet Security Helper Driver)

0x92FB3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x91F1A000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x91F10000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x91FED000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)

0x9E200000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8C157000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x8C3E0000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xA1FE3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x9B0F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8C539000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)

0x8D816000 C:\Windows\system32\DRIVERS\WinUSB.SYS 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)

0x8BFA7000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8BCBF000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x916FA000 C:\Windows\System32\DRIVERS\cmderd.sys 32768 bytes (COMODO, COMODO Internet Security Eradication Driver)

0x8C5C6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80BC7000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0xA1FCD000 C:\Windows\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0x8BFD6000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x917A3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x917AB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x917B3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x8C581000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x91762000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x92FDB000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x9175B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x91E63000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x925F4000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8C411000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)

0x8D9EC000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)

0x9241A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x92F87000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xA1ED5000 C:\Windows\System32\Drivers\vnccom.SYS 8192 bytes (RDV Soft, VNC Communication)

0x9240D000 C:\Windows\system32\DRIVERS\vncdrv.sys 8192 bytes (RDV Soft, Ultravnc Mirror Driver)

0x9AE10000 C:\Windows\System32\vnchelp.dll 8192 bytes (RDV Soft, Ultravnc Kernel)

0x8593D1F8 unknown_irp_handler 3592 bytes

0x8593B1F8 unknown_irp_handler 3592 bytes

0x8593C1F8 unknown_irp_handler 3592 bytes

0x878151F8 unknown_irp_handler 3592 bytes

0x875861F8 unknown_irp_handler 3592 bytes

0x859391F8 unknown_irp_handler 3592 bytes

0x87D10358 unknown_irp_handler 3240 bytes

0x87D1B500 unknown_irp_handler 2816 bytes

0x87593500 unknown_irp_handler 2816 bytes

0x859AD500 unknown_irp_handler 2816 bytes

0x86657500 unknown_irp_handler 2816 bytes

==============================================

>Stealth

==============================================

0x04E20000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 102400 bytes

0x070C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 102400 bytes

0x01740000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 110592 bytes

0x06A70000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 110592 bytes

0x00300000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 118784 bytes

0x01940000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 118784 bytes

0x082A0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 1232896 bytes

0x08660000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 1314816 bytes

0x00B30000 Hidden Image-->TunerFreeMCECore.dll [ EPROCESS 0x88A2A030 ] PID: 2696, 135168 bytes

0x04B60000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 159744 bytes

0x07AF0000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 1716224 bytes

0x06DC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 208896 bytes

0x04F30000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 217088 bytes

0x06E00000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 282624 bytes

0x00580000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 28672 bytes

0x005B0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 28672 bytes

0x012A0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x01760000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x01D30000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x03DC0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04090000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04080000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x040A0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x043D0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x043E0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04620000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04D50000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04B20000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04C00000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04C10000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04C20000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04C90000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04EA0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04DA0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04DB0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04E10000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04E80000 Hidden Image-->atixclib.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04E70000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04F20000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x04F80000 Hidden Image-->Branding.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x05330000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x05D80000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x05E20000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06040000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06180000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x061A0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x061B0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06AF0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06A60000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06AA0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06B20000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06D40000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x06D90000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

0x07210000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 28672 bytes

WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

0x07D00000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 364544 bytes

0x00E70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 36864 bytes

0x01970000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x03D90000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x04510000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x04DF0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x05340000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x06190000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x06210000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x06880000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x069B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x06A50000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 36864 bytes

0x07CA0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 380928 bytes

0x04B90000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 389120 bytes

0x070E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 405504 bytes

0x05230000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 413696 bytes

0x04EB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 421888 bytes

0x00550000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 45056 bytes

0x004D0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 45056 bytes

0x00E60000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 45056 bytes

0x01270000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 45056 bytes

0x01290000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 45056 bytes

0x017A0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 45056 bytes

0x01D50000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 45056 bytes

0x06660000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 45056 bytes

0x052A0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 503808 bytes

0x01D20000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x01D80000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x04020000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x043C0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x04D60000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x04E00000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x04E60000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x06170000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x061F0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x061E0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x06320000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 53248 bytes

0x051A0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 585728 bytes

0x07170000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 585728 bytes

0xA1E67F2E Unknown thread object [ ETHREAD 0x88941D48 ] , 600 bytes

0x01D10000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 61440 bytes

0x06200000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 61440 bytes

0x069C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 61440 bytes

0x06A90000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 61440 bytes

0x06B10000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 61440 bytes

0x08950000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 659456 bytes

0x01AD0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x01BF0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x04D20000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x06A20000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x06AB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x06AD0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 69632 bytes

0x06B60000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 749568 bytes

0x00560000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88A2DB60 ] PID: 2748, 77824 bytes

0x01770000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x06150000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x06990000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x06640000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x069D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x06DA0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 77824 bytes

0x08880000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 839680 bytes

0x01D60000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x88E90838 ] PID: 2848, 86016 bytes

0x05E00000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 86016 bytes

0x069F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 86016 bytes

0x06D70000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x88E90838 ] PID: 2848, 86016 bytes

Link to post
Share on other sites

Hello there,

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

ComboFix 10-09-07.01 - Murphy 08/09/2010 11:28:08.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.353.1033.18.3326.1868 [GMT 1:00]

Running from: c:\users\Murphy\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))

.

2010-09-08 10:21 . 2010-09-08 10:22 -------- d-----w- C:\32788R22FWJFW

2010-09-07 18:00 . 2010-09-07 18:00 -------- d-----w- c:\program files\Trend Micro

2010-09-03 11:38 . 2010-09-03 11:38 -------- d-----w- c:\program files\iPod

2010-09-03 11:38 . 2010-09-03 11:39 -------- d-----w- c:\program files\iTunes

2010-09-03 10:28 . 2010-09-03 10:28 -------- d-----w- c:\program files\RapidShareManager

2010-08-31 22:48 . 2010-08-31 22:50 -------- d-----w- c:\users\Murphy\AppData\Roaming\.minecraft

2010-08-26 23:12 . 2010-08-26 23:37 -------- d-----w- c:\users\Murphy\AppData\Roaming\LimeWire

2010-08-26 23:12 . 2010-08-26 23:12 -------- d-----w- c:\program files\LimeWire

2010-08-25 08:37 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-20 14:14 . 2010-08-20 14:14 -------- d-----w- c:\program files\Common Files\Java

2010-08-19 09:25 . 2010-08-19 09:25 -------- d-----w- c:\users\Murphy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2010-08-19 09:25 . 2010-08-19 09:25 -------- d-----w- c:\users\Murphy\AppData\Roaming\Adobe Mini Bridge CS5

2010-08-18 09:38 . 2010-09-08 09:49 -------- d-----w- C:\download

2010-08-17 08:48 . 2010-08-17 08:48 -------- d-----w- c:\program files\QuickTime

2010-08-12 15:20 . 2010-08-12 15:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2010-08-12 14:59 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-11 12:26 . 2010-08-11 12:38 -------- d-----w- c:\users\Murphy\AppData\Roaming\DMCache

2010-08-10 16:15 . 2010-08-10 16:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-10 16:14 . 2010-08-10 16:14 -------- d-----w- c:\program files\LSoft Technologies

2010-08-10 07:47 . 2010-08-10 07:47 -------- d-----w- c:\users\Murphy\AppData\Roaming\968 Series

2010-08-09 18:13 . 2010-08-09 18:13 -------- d-----w- c:\programdata\dl_cats

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-08 10:15 . 2010-07-27 13:34 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-09-07 22:39 . 2010-02-19 14:32 -------- d-----w- c:\program files\Common Files\Steam

2010-09-07 22:39 . 2010-02-19 14:32 -------- d-----w- c:\program files\Steam

2010-09-07 18:34 . 2010-02-19 14:13 -------- d-----w- c:\program files\uTorrent

2010-09-07 14:01 . 2010-02-19 14:13 -------- d-----w- c:\users\Murphy\AppData\Roaming\uTorrent

2010-09-03 18:05 . 2010-02-24 18:55 1 ----a-w- c:\users\Murphy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-03 11:38 . 2010-02-19 15:41 -------- d-----w- c:\program files\Common Files\Apple

2010-09-03 11:33 . 2010-09-03 11:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-08-31 22:49 . 2010-08-31 22:49 65024 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll

2010-08-31 22:49 . 2010-08-31 22:49 62464 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll

2010-08-31 22:49 . 2010-08-31 22:49 61952 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll

2010-08-31 22:49 . 2010-08-31 22:49 59392 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll

2010-08-31 22:49 . 2010-08-31 22:49 273920 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll

2010-08-31 22:49 . 2010-08-31 22:49 195072 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll

2010-08-31 22:49 . 2010-08-31 22:49 193024 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll

2010-08-31 22:49 . 2010-08-31 22:49 108032 ----a-w- c:\users\Murphy\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll

2010-08-27 08:36 . 2010-05-10 10:42 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-27 08:35 . 2010-08-27 08:35 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-27 08:35 . 2010-05-10 10:39 -------- d-----w- c:\programdata\DivX

2010-08-27 08:35 . 2010-02-20 10:32 -------- d-----w- c:\program files\DivX

2010-08-27 08:35 . 2010-08-27 08:35 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-08-27 08:35 . 2010-08-27 08:35 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-08-27 08:35 . 2010-08-27 08:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe

2010-08-27 08:35 . 2010-08-27 08:35 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

2010-08-27 08:34 . 2010-08-27 08:35 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll

2010-08-27 08:34 . 2010-08-27 08:34 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-27 08:34 . 2010-05-10 10:41 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll

2010-08-27 08:34 . 2010-05-10 10:41 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-08-25 17:35 . 2010-02-24 13:46 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-08-25 17:34 . 2010-02-24 13:46 215128 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-08-20 14:10 . 2010-02-19 16:59 -------- d-----w- c:\program files\Java

2010-08-17 15:47 . 2010-02-19 11:34 67224 ----a-w- c:\users\Murphy\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-12 15:23 . 2010-02-19 18:45 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-10 16:14 . 2010-02-19 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-09 18:12 . 2010-08-09 18:12 -------- d-----w- c:\program files\Dell 968 AIO Printer

2010-08-09 18:12 . 2010-08-09 18:12 -------- d-----w- c:\programdata\968 Series

2010-08-06 14:54 . 2010-08-06 14:54 -------- d-----w- c:\users\Murphy\AppData\Roaming\Malwarebytes

2010-08-06 14:54 . 2010-08-06 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-06 14:54 . 2010-08-06 14:54 -------- d-----w- c:\programdata\Malwarebytes

2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\program files\GameSpy

2010-08-04 21:10 . 2010-02-24 13:46 139152 ----a-w- c:\users\Murphy\AppData\Roaming\PnkBstrK.sys

2010-08-04 21:10 . 2010-02-24 13:46 139152 ----a-w- c:\users\Murphy\AppData\Roaming\PnkBstrK.sys

2010-08-04 21:10 . 2010-02-24 13:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-08-04 21:10 . 2010-02-24 13:46 794408 ----a-w- c:\windows\system32\pbsvc.exe

2010-08-04 12:31 . 2010-07-01 12:51 -------- d-----w- c:\program files\AVS4YOU

2010-08-04 12:31 . 2010-07-01 12:51 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-08-02 21:09 . 2010-08-02 21:03 -------- d-----w- c:\program files\UltraVNC

2010-08-02 19:49 . 2010-05-04 09:54 -------- d-----w- c:\program files\WinSCP

2010-07-29 06:30 . 2010-08-12 15:00 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-12 15:00 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-07-28 12:35 . 2010-07-28 12:35 -------- d-----w- c:\programdata\Nexon

2010-07-28 12:35 . 2010-07-27 14:16 -------- d-----w- c:\programdata\NexonEU

2010-07-27 14:16 . 2010-07-27 14:16 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll

2010-07-27 14:16 . 2010-07-27 14:16 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll

2010-07-27 14:16 . 2010-07-27 14:16 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll

2010-07-27 14:16 . 2010-07-27 14:16 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll

2010-07-27 14:16 . 2010-07-27 14:16 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll

2010-07-27 14:16 . 2010-07-27 14:16 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe

2010-07-27 13:39 . 2010-07-27 13:39 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2010-07-27 13:35 . 2010-07-27 13:34 -------- d-----w- c:\programdata\COMODO

2010-07-27 13:33 . 2010-07-27 13:33 -------- d-----w- c:\program files\COMODO

2010-07-27 13:32 . 2010-07-27 11:05 -------- d-----w- c:\programdata\Comodo Downloader

2010-07-27 13:30 . 2010-07-27 13:30 -------- d-----w- c:\programdata\PMB Files

2010-07-27 13:29 . 2010-07-27 13:29 -------- d-----w- c:\program files\Pando Networks

2010-07-27 13:15 . 2010-07-27 13:15 -------- d-----w- c:\programdata\McAfee

2010-07-27 13:15 . 2010-02-19 13:52 -------- d-----w- c:\program files\McAfeeMOBK

2010-07-27 10:14 . 2010-07-27 10:14 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-20 09:37 . 2010-06-23 19:08 -------- d-----w- c:\program files\iPhone Configuration Utility

2010-07-17 04:00 . 2010-05-14 14:36 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-13 17:36 . 2010-03-10 20:11 -------- d-----w- c:\users\Murphy\AppData\Roaming\Skype

2010-07-13 15:06 . 2010-03-10 20:16 -------- d-----w- c:\users\Murphy\AppData\Roaming\skypePM

2010-07-12 22:48 . 2010-07-12 22:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

2010-07-12 08:56 . 2010-07-27 10:14 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-12 08:55 . 2010-06-06 12:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-12 08:55 . 2010-02-25 13:14 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-07 10:24 . 2010-07-07 10:24 3351812 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe

2010-07-07 10:24 . 2010-07-07 10:24 36864 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe

2010-07-07 10:24 . 2010-07-07 10:24 3203453 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe

2010-07-07 10:24 . 2010-07-07 10:24 35607992 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2EN.exe

2010-07-07 10:16 . 2010-07-07 10:16 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe

2010-07-07 10:16 . 2010-07-07 10:16 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe

2010-07-07 10:16 . 2010-07-07 10:16 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-07-07 10:16 . 2010-07-07 10:16 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe

2010-07-07 10:16 . 2010-07-07 10:16 36365624 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng.exe

2010-06-30 06:25 . 2010-08-12 15:00 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-22 02:47 . 2010-08-12 15:00 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-12 15:00 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-12 15:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 20:43 . 2010-06-19 20:44 10927104 ----a-w- c:\program files\EA Link.msi

2010-06-19 20:43 . 2010-06-19 20:44 3584 ----a-w- c:\program files\1033.MST

2010-06-19 20:43 . 2010-06-19 20:44 5515 ----a-w- c:\program files\0x0409.ini

2010-06-19 06:33 . 2010-08-12 15:00 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33 . 2010-08-12 15:00 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23 . 2010-08-12 15:00 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-16 05:48 . 2010-08-12 15:00 224256 ----a-w- c:\windows\system32\schannel.dll

2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll

2010-06-14 13:21 . 2010-06-14 13:22 300384 ----a-w- c:\users\Murphy\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll

2010-06-14 06:12 . 2010-08-12 15:00 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

2010-03-17 14:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2009-04-27 455336]

"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2009-04-27 410280]

"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2009-04-27 311976]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-25 791840]

Philips Device Manager.lnk - c:\program files\Philips\GoGear Mix Device Manager\main.exe [2010-3-23 119296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-11 15008]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]

R3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-10 691696]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-06-01 16744]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/01 20:33];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 19:40 87536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]

S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-05 1355928]

S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2010-06-11 9216]

S2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2004-06-26 6016]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-22 29736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 12:16]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 14:13]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 14:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ie/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: c:\users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\GameSpy\Comrade\npcomrade.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll

FF - plugin: c:\users\Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\pa7xb75w.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-AdobeBridge - (no file)

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)

c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(584)

c:\windows\system32\guard32.dll

.

Completion time: 2010-09-08 11:49:39

ComboFix-quarantined-files.txt 2010-09-08 10:49

Pre-Run: 323,145,699,328 bytes free

Post-Run: 323,518,447,616 bytes free

- - End Of File - - E3F3C500151811F0921C41B84F772AD5

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.