I got a Google-redirect virus a few days ago (ppcblinks, directrdr) which I tried to deal with using MBAM and Super Anti Spyware. Unfortunately they came back and brought in a few other infections as well, and after I ran MBAM + Super again, it somehow messed with my Windows registries to the point where I get the Black Screen of Death in Vista. I get as far as logging in, but then I'm instantly hit with "Windows Explorer has stopped working" and "Google Installer has stopped working" error messages, and my desktop never shows up because Explorer won't run. In addition, the "Microsoft Windows Search Protocol Host has stopped working" error pops up literally every couple of seconds. Any attempt to run a program from Task Manager results in "Task Manager has stopped working" as well.
As a result I'm having to run all the diagnostics in Safe Mode. Logs are below.
MBAM Log:
Had to change the filenames of the setup file and the mbam.exe file before I could get them to run. Then when I tried to run the main program, I got:
"An error occurred. Please report the following error code to the Malwarebyes' Anti-Malware support team.
Error code: 704 (0,0)"
So, no log because the program isn't working for me.
RootRepeal Log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/04 00:14
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x88CF1000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x88CE6000 Size: 45056 File Visible: No Signed: -
Status: -
Name: H8SRTrmbtkpsctm.sys
Image Path: C:\Windows\system32\drivers\H8SRTrmbtkpsctm.sys
Address: 0x8DD2E000 Size: 114688 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x88DF1000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Hidden Services
-------------------
Service Name: H8SRTd.sys
Image Path: C:\Windows\system32\drivers\H8SRTrmbtkpsctm.sys
==EOF==
OTL Log:
OTL logfile created on: 12/4/2009 12:17:39 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.10 Gb Total Space | 101.25 Gb Free Space | 44.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CATERPILLAR
Current User Name: carlo
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/03 23:56:05 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2009/04/10 22:27:44 | 00,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/04 16:09:00 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
========== Modules (SafeList) ==========
MOD - [2009/12/03 23:56:05 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2009/04/10 22:28:22 | 00,406,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/23 23:20:48 | 02,309,520 | ---- | M] () -- C:/Program Files/Common Files/Akamai/rswin_3612.dll -- (Akamai)
SRV - [2009/11/12 17:06:04 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/03/25 16:34:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9adaa9861fac1) Google Update Service (gupdate1c9adaa9861fac1)
SRV - [2008/11/20 11:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/22 08:59:42 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/02/21 09:26:20 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/01/20 18:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 01:08:02 | 00,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 01:02:20 | 00,053,248 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 00:43:44 | 00,053,248 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/25 09:40:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/20 18:56:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/20 18:54:53 | 00,000,000 | ---D | M]
[2009/08/09 18:23:24 | 00,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2009/12/03 10:42:53 | 00,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\h48m1j8c.default\extensions
[2009/12/03 10:42:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/27 17:42:45 | 00,889,856 | ---- | M] (UPEK Inc.) -- C:\Program Files\Mozilla Firefox\components\pbgk1_9.dll
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\Windows\system32\m8x8vi.dll) - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\System32\m8x8vi.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [jsh87r3huiehf89esiudgd] C:\Windows\TEMP\lrrf96f.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\akjfhlsf.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\Windows\system32\curslib.dll) - C:\Windows\System32\curslib.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - jkshf8a3rudbfa873fudfhbdugf87whjdb - C:\Windows\System32\m8x8vi.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: BtwSrv - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2009/12/04 00:10:23 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/04 00:10:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/04 00:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/04 00:04:27 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Windows\system32\config\systemprofile\Desktop\aljfhalfda.exe
[2009/12/03 23:56:04 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/12/03 23:55:32 | 00,472,064 | ---- | C] ( ) -- C:\Windows\system32\config\systemprofile\Desktop\RootRepeal.exe
[2009/12/03 23:53:49 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Windows\system32\config\systemprofile\Desktop\erunt_setup.exe
[2009/12/03 23:53:36 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Windows\system32\config\systemprofile\Desktop\SysRestorePoint.exe
[2009/12/03 23:52:39 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\TFC.exe
[2009/12/03 23:14:33 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/12/03 22:54:05 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/03 22:01:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2009/12/03 21:59:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Malwarebytes
[2009/12/03 10:44:07 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/03 10:36:00 | 00,000,000 | ---D | C] -- C:\ProgramData\pokumala
[2009/12/03 10:35:59 | 00,000,000 | ---D | C] -- C:\ProgramData\rawituzo
[2009/12/03 10:35:59 | 00,000,000 | ---D | C] -- C:\ProgramData\galifure
[2009/12/03 10:31:06 | 00,051,712 | ---- | C] (Eset ) -- C:\gelcdomj.exe
[2009/12/01 02:07:11 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/01 02:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/01 02:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/30 19:06:51 | 00,000,000 | -HSD | C] -- C:\ProgramData\WSGSHUD_APDM
[2009/11/30 19:06:15 | 00,000,000 | -HSD | C] -- C:\ProgramData\ba5a7a7
[2009/11/23 23:41:32 | 00,000,000 | ---D | C] -- C:\AeriaGames
[2009/11/23 23:20:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
========== Files - Modified Within 14 Days ==========
[2009/12/04 00:13:58 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\settings.dat
[2009/12/04 00:13:22 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/04 00:13:22 | 00,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/04 00:13:22 | 00,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/04 00:08:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/04 00:04:30 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Windows\system32\config\systemprofile\Desktop\aljfhalfda.exe
[2009/12/04 00:02:04 | 00,000,750 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\NTREGOPT.lnk
[2009/12/04 00:02:04 | 00,000,731 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\ERUNT.lnk
[2009/12/03 23:56:05 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/12/03 23:55:33 | 00,472,064 | ---- | M] ( ) -- C:\Windows\system32\config\systemprofile\Desktop\RootRepeal.exe
[2009/12/03 23:53:49 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Windows\system32\config\systemprofile\Desktop\erunt_setup.exe
[2009/12/03 23:53:36 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Windows\system32\config\systemprofile\Desktop\SysRestorePoint.exe
[2009/12/03 23:52:40 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\TFC.exe
[2009/12/03 23:46:53 | 00,001,356 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2009/12/03 23:15:28 | 18,124,2942 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/03 23:14:35 | 00,014,122 | ---- | M] () -- C:\MGlogs.zip
[2009/12/03 22:58:16 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/03 22:58:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/03 22:55:28 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/03 22:54:56 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 22:54:56 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 21:51:35 | 00,007,680 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 11:35:59 | 00,006,456 | -H-- | M] () -- C:\Windows\System32\vuroguvi
[2009/12/03 10:31:25 | 00,000,056 | ---- | M] () -- C:\xcrashdump.dat
[2009/12/03 10:31:12 | 00,000,823 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2009/12/03 10:31:09 | 00,051,712 | ---- | M] (Eset ) -- C:\gelcdomj.exe
[2009/12/03 10:30:48 | 00,052,736 | ---- | M] () -- C:\enhs.exe
[2009/12/03 10:07:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/01 10:54:46 | 02,385,076 | ---- | M] () -- C:\MGtools.exe
[2009/12/01 02:07:06 | 00,000,907 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
========== Files Created - No Company Name ==========
[2009/12/04 00:13:58 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\settings.dat
[2009/12/04 00:02:04 | 00,000,750 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\NTREGOPT.lnk
[2009/12/04 00:02:04 | 00,000,731 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\ERUNT.lnk
[2009/12/03 23:14:35 | 00,014,122 | ---- | C] () -- C:\MGlogs.zip
[2009/12/03 21:51:25 | 00,007,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 10:31:25 | 00,000,056 | ---- | C] () -- C:\xcrashdump.dat
[2009/12/03 10:30:46 | 00,052,736 | ---- | C] () -- C:\enhs.exe
[2009/12/01 10:54:43 | 02,385,076 | ---- | C] () -- C:\MGtools.exe
[2009/12/01 02:07:06 | 00,000,907 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/15 01:01:35 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/10/13 22:11:06 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/15 09:35:44 | 00,002,432 | ---- | C] () -- C:\Windows\System32\winmes.sys
[2009/08/15 09:35:43 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/15 09:10:42 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/16 22:21:41 | 00,000,326 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\PrimoPDFSet.xml
[2009/06/16 22:14:34 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/04/26 20:13:36 | 00,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/08/29 15:13:54 | 00,005,511 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/08/03 22:15:21 | 00,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/08/03 22:15:21 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\8DDB2614FF.sys
[2008/04/18 12:52:44 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/04/18 11:25:16 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/18 10:34:04 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/04/18 10:34:04 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/04/18 10:34:04 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/10/30 09:44:52 | 00,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:02:10 | 00,001,356 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2009/12/03 22:58:16 | 00,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/12/03 10:31:00 | 00,222,720 | ---- | M] (Microsoft Corporation) -- C:\dens.exe
[2009/12/03 10:30:48 | 00,052,736 | ---- | M] () -- C:\enhs.exe
[2009/12/03 10:31:09 | 00,051,712 | ---- | M] (Eset ) -- C:\gelcdomj.exe
[2009/12/01 10:54:46 | 02,385,076 | ---- | M] () -- C:\MGtools.exe
< MD5 for: AGP440.SYS >
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/06/05 22:06:16 | 00,033,280 | ---- | M] (UPEK Inc.) MD5=98E10163017B71CF8B804B6624EA3767 -- C:\Program Files\Protector Suite QL\eventlog.dll
< MD5 for: IASTORV.SYS >
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >
Extras.txt:
OTL Extras logfile created on: 12/4/2009 12:17:39 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.10 Gb Total Space | 101.25 Gb Free Space | 44.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CATERPILLAR
Current User Name: carlo
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]
"EnableNotifications" = 0
"EnableNotifications\Ref" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-82084531-1568399576-1305024956-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1474F340-0DAD-432F-938F-6A5191070EBE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B060063-E329-4761-A7F2-D23B7853B21C}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C5DE76D-20F7-40BB-8B68-F48E12676AB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{31AE877E-EF62-4A93-8420-A0D8A1D899E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACC1612-B5C8-42EF-B793-1B8FB573B9A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C40EF8C-E1D5-4AD8-9FC5-C06B698578F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{736ACE2C-CDAD-4C95-86E2-B447093F6272}" = rport=445 | protocol=6 | dir=out | app=system |
"{83BCC916-4216-4A19-A4E7-8E66CA64B649}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BD58F27-1D54-4FE7-9F34-842162311880}" = lport=445 | protocol=6 | dir=in | app=system |
"{A25B4C7E-7F3B-4B62-95FC-D7903A47AF8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A36257AE-A27D-48A9-BD31-BEC189C10B4B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1EEDABD-D728-401B-92B7-BDE621B5F895}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B54BC4E7-7A08-4219-9F23-7831D3463EC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C65FA34A-DC7C-4B74-8129-6A8D09759C70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D83A5339-6DD2-4A91-96E0-29BC82D8ADFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0DA1250-BD68-4D95-AC78-D54AE453F330}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E3EC902A-6437-43BE-976C-1CCF6024004E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF2E5116-B301-490D-90A2-8F7896D9AC45}" = rport=138 | protocol=17 | dir=out | app=system |
"{FFEA3272-EA82-43A4-8656-C734392DCF4C}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017F2075-101A-476E-AE60-283A9D3570C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08F15A4C-D277-4C1F-A5B8-E757172D4127}" = protocol=17 | dir=in | app=c:\windows\system32\fastnetsrv.exe |
"{0F9F4F0A-F1FF-46F8-BB3B-4E45561E6F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18C3298E-5767-4322-984F-B2A18493EF7D}" = protocol=6 | dir=out | app=system |
"{1987E05F-E3A7-4F93-A3D3-A069ADB684F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{271AB6D0-5D48-472D-A624-7F136B49113C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2AEFC1BD-26A2-43EB-A0E9-D0D3E036E95E}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C81E5EF-64DD-4FC7-BE3F-6608D3EBE11C}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{3DEACB06-6DAF-4441-85F1-B8A4D35B2A11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4915CC09-B29C-4C36-BE6A-6BB893050B35}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4BE3D186-A528-45CD-86E5-3A3E77A5FB1A}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{631D8987-7FF8-4105-B566-8B886DF1C0CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{650A3AE3-F876-43DC-8602-F73BF06DDF62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7328A4B6-F1A4-44D0-93D6-1D33832D6CFA}" = protocol=1 | dir=out | [email protected],-28544 |
"{99512558-6AA5-45E7-8D63-23F7D9C14790}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADC248B6-6AD2-4328-BED5-5FF82E64FC89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2DB7012-7401-4D81-A8D1-008106DC3E9E}" = protocol=58 | dir=in | [email protected],-28545 |
"{BAA4FA87-444F-404F-8891-DDA02CCA495A}" = protocol=6 | dir=in | app=c:\windows\system32\fastnetsrv.exe |
"{CF49EB93-300D-48D7-B49A-5F715E338DC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD936DA2-DA0C-4013-B621-063AAE2F80A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8F49F0-8A54-4ADE-AEED-91FC51519481}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED54AEFD-7E4A-492B-A8D6-A803C2158234}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0E0238C3-7453-4930-852A-47938DFEA420}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"TCP Query User{1D34C9CC-BBD1-4E7D-B5B8-FF8016D9A1BE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{277A7086-DC57-4DA6-BBC7-557CD5E9FEA7}C:\programdata\ba5a7a7\wsba5a.exe" = protocol=6 | dir=in | app=c:\programdata\ba5a7a7\wsba5a.exe |
"TCP Query User{8CF7FF06-EB81-474A-BDF4-F17602D23761}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{99984047-28E7-4F9B-8C38-23AECE0F6E36}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B9AD7FD4-B119-4C9B-B32A-5CE2B1125139}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0AE222E-2F84-4014-85AD-8C3709EEEC4A}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{CDBF1838-C270-4339-9F4E-5D5D06D54E9E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{DE7C9BE6-5CBC-4B19-957A-E587DEAEA3E8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{04BB4210-33FC-4392-9D82-3601D48AF902}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{062F86D5-8FE2-46CB-AB36-AF096B8DA2A3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1EC9C6D4-1A1B-40D9-B2B1-A724FA9E10A8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{2CB006A7-A1B0-49F9-B262-D7D39738019C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{4119CDAA-9174-44BF-8DD9-28990487BDDB}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7FCB471F-8964-4BA2-B109-752C8DE18DA7}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{84631EC5-6AF8-4FEF-8378-F96BE0FE6EF9}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{84C3B61D-EF33-4F44-9810-C825743212A7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B948D717-4A4D-4028-BD83-4F97E69755DA}C:\programdata\ba5a7a7\wsba5a.exe" = protocol=17 | dir=in | app=c:\programdata\ba5a7a7\wsba5a.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PLAYSTATION®Network Downloader
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX)
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 4.57
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.47.06
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11 for Windows Vista
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"Grand Fantasia" = Grand Fantasia
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Rmtablet" = USB Tablet Manager
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"TVersity Media Server " = TVersity Media Server 1.0.0.3 RC2
"Veetle TV" = Veetle TV 0.9.15
"Winamp" = Winamp
"WinFF_is1" = WinFF 0.43
"WinGimp-2.0_is1" = Gimp 2.6.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/26/2009 2:08:36 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/26/2009 3:56:13 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/27/2009 2:02:18 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/27/2009 7:05:07 PM | Computer Name = Caterpillar | Source = System Restore | ID = 8193
Description =
Error - 11/28/2009 12:43:13 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/28/2009 9:12:03 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/28/2009 10:40:55 PM | Computer Name = Caterpillar | Source = Google Update | ID = 20
Description =
Error - 11/29/2009 12:42:21 AM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/29/2009 1:04:01 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
Error - 11/30/2009 1:34:23 PM | Computer Name = Caterpillar | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12/4/2009 4:04:16 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:04:48 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:09:26 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:09:32 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:09:35 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:09:38 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:09:38 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
Error - 12/4/2009 4:10:24 AM | Computer Name = Caterpillar | Source = Service Control Manager | ID = 7001
Description =
Error - 12/4/2009 4:10:24 AM | Computer Name = Caterpillar | Source = Service Control Manager | ID = 7026
Description =
Error - 12/4/2009 4:16:36 AM | Computer Name = Caterpillar | Source = DCOM | ID = 10005
Description =
< End of report >
Thanks for your help and advice...