URL Redirect Virus [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

URL Redirect Virus [Closed]

#1 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 26 December 2009 - 03:34 PM

Hello tech superheros,

My personal laptop just reciently started acting wierd within 48 hours. When I was on my hotmail account, I was able to log in, but when I tried to click on one of my new emails, it redirected me to some random ad/search site. These emails were from facebook so I decided to just look at my notifications directly. When I tried to click on the notifications button of the lower right hand side, it did the same thing it did with my email. I typed up google, and when i found a few sites that might help me, it redirected my to a random site again!

After hours of fustration, I decided to make this account on my school laptop, which is not infected, and copy the links i needed onto a thumb drive so that i can double click them on my desktop so i could look at them. I found the following link...

http://www.geekstogo.com/forum/Google-redi...rus-t93888.html

...and followed the instructions, but it looks like this problem is different with different computers, the program i have is hijackthis and here is my log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:25 PM, on 12/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\Users\Stephan\ntload.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxvpn.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Stephan\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - C:\Users\Stephan\AppData\Local\Temp\f5tmp\urTermProxy.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace....ceUploader2.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantac...ad/iaplayer.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxhost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8664 bytes

Any help would be appreciated.

#2 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 28 December 2009 - 10:28 AM

Hello, zalisis, and welcome to GeeksToGo! We have updated our forums, and need you to follow a few new steps before I can help you. Please do the following:

Please follow the steps in this topic, and post back with the following logs if you are still having problems and I will look over the log for you:

Malwarebytes' Anti-Malware log
OTL.txt and Extras.txt
ark.txt

If something doesn't work, make a note of it, and move on to the next step. Tell me if anything doesn't work, but make sure you tried everything first.

#3 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 29 December 2009 - 01:46 PM

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/28/2009 12:40:35 PM
mbam-log-2009-12-28 (12-40-35).txt

Scan type: Quick Scan
Objects scanned: 137158
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Stephan\ntload.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Stephan\ntload.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Stephan\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

#4 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 29 December 2009 - 01:47 PM

OTL logfile created on: 12/29/2009 11:25:41 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Stephan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.67 Gb Total Space | 33.40 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive D: | 8.12 Gb Total Space | 1.76 Gb Free Space | 21.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZALISIS-LT
Current User Name: Stephan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 09:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/01/18 23:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/16 21:49:21 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/08/04 09:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

========== Modules (SafeList) ==========

MOD - [2009/12/28 09:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
MOD - [2009/04/10 22:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/06/26 06:54:15 | 00,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/06/16 07:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/05/05 14:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/18 23:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/03/05 09:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/17 06:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 08:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 09:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/05/02 14:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8

FF - HKLM\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2008/01/16 21:46:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/25 23:08:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/25 23:08:05 | 00,000,000 | ---D | M]

[2009/08/27 09:09:28 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Mozilla\Extensions
[2009/12/28 15:12:54 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\azwks7gl.default\extensions
[2009/11/16 16:05:38 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\azwks7gl.default\extensions\youplayer@addons.mozilla.org
[2009/04/18 15:19:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: (709 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Stephan\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} C:\Users\Stephan\AppData\Local\Temp\f5tmp\urTermProxy.cab (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Stephan\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/18 10:35:18 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/04/29 22:43:24 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/13 21:35:12 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 13:52:15 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/12/28 13:52:15 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/12/28 13:52:15 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/12/28 13:52:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/12/28 13:52:14 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/28 12:29:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/28 12:29:06 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 12:29:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/28 10:40:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/28 10:40:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/28 09:23:45 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2009/12/28 09:19:03 | 04,844,272 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Stephan\Desktop\mbam-setup.exe
[2009/12/28 09:18:29 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Stephan\Desktop\erunt_setup.exe
[2009/12/28 09:18:09 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Stephan\Desktop\SysRestorePoint.exe
[2009/12/28 09:17:50 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\TFC.exe
[2009/12/26 17:39:33 | 00,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\CyberLink
[2009/12/26 12:57:22 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/12/26 12:41:18 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/12/26 10:28:55 | 00,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\stuff
[2009/12/20 12:51:06 | 00,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Xfire

========== Files - Modified Within 14 Days ==========

[2009/12/29 11:28:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{77AE4244-0868-4991-91C5-00EB4D923519}.job
[2009/12/29 11:25:15 | 02,097,152 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT
[2009/12/29 10:32:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/29 10:32:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/28 22:38:09 | 00,882,508 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 22:38:09 | 00,729,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/28 22:38:09 | 00,154,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/28 22:32:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/28 22:32:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/28 20:59:54 | 00,524,288 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 20:59:54 | 00,065,536 | -HS- | M] () -- C:\Users\Stephan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/28 20:59:16 | 03,118,698 | -H-- | M] () -- C:\Users\Stephan\AppData\Local\IconCache.db
[2009/12/28 09:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2009/12/28 09:19:10 | 04,844,272 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Stephan\Desktop\mbam-setup.exe
[2009/12/28 09:18:34 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Stephan\Desktop\erunt_setup.exe
[2009/12/28 09:18:12 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Stephan\Desktop\SysRestorePoint.exe
[2009/12/28 09:17:54 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\TFC.exe
[2009/12/27 23:03:09 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/26 13:20:25 | 00,008,665 | ---- | M] () -- C:\Users\Stephan\Desktop\hijackthis1
[2009/12/26 12:52:26 | 00,000,153 | ---- | M] () -- C:\Users\Stephan\Desktop\Google redirect virus [RESOLVED].url
[2009/12/26 12:31:21 | 00,000,263 | ---- | M] () -- C:\Users\Stephan\Desktop\url redirect virus - Google Search.url
[2009/12/26 09:32:51 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStephan.job
[2009/12/20 22:00:00 | 00,000,388 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2009/12/20 02:05:00 | 00,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job

========== Files Created - No Company Name ==========

[2009/12/27 23:03:09 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/26 13:20:25 | 00,008,665 | ---- | C] () -- C:\Users\Stephan\Desktop\hijackthis1
[2009/12/26 12:52:26 | 00,000,153 | ---- | C] () -- C:\Users\Stephan\Desktop\Google redirect virus [RESOLVED].url
[2009/12/26 12:31:21 | 00,000,263 | ---- | C] () -- C:\Users\Stephan\Desktop\url redirect virus - Google Search.url
[2009/11/30 11:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/10 21:25:13 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/29 20:50:56 | 00,041,984 | ---- | C] () -- C:\Users\Stephan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 12:28:36 | 00,000,000 | ---- | C] () -- C:\Users\Stephan\AppData\Roaming\.googlewebacchosts
[2009/08/26 12:22:52 | 00,000,000 | ---- | C] () -- C:\Users\Stephan\AppData\Local\QSwitch.txt
[2009/08/26 12:22:52 | 00,000,000 | ---- | C] () -- C:\Users\Stephan\AppData\Local\DSwitch.txt
[2009/08/26 12:22:52 | 00,000,000 | ---- | C] () -- C:\Users\Stephan\AppData\Local\AtStart.txt
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/15 18:41:22 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/17 13:10:57 | 00,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/07/07 18:18:14 | 00,020,136 | ---- | C] () -- C:\ProgramData\Autosave.3dm
[2008/05/27 19:52:13 | 00,000,400 | ---- | C] () -- C:\Windows\g_jdmjol405.ini
[2008/02/05 20:26:52 | 00,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/02/05 20:26:43 | 00,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/01/29 15:40:05 | 00,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2007/04/29 22:28:25 | 00,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 12:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 22:54:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/10/31 22:52:38 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/03/09 16:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/09/15 19:41:20 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Autodesk
[2009/12/09 03:23:40 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\BitTorrent
[2009/10/06 19:52:56 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Blitware
[2009/08/26 14:12:56 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\IObit
[2009/10/27 18:44:25 | 00,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Windows Live Writer
[2009/12/20 02:05:00 | 00,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2008/06/13 13:36:24 | 00,001,044 | -H-- | M] () -- C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2008/06/13 13:36:24 | 00,001,048 | -H-- | M] () -- C:\Windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2008/06/13 13:36:24 | 00,001,062 | -H-- | M] () -- C:\Windows\Tasks\RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2008/06/13 13:36:24 | 00,001,064 | -H-- | M] () -- C:\Windows\Tasks\RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
[2009/12/28 21:00:50 | 00,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/20 22:00:00 | 00,000,388 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/12/29 11:28:00 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{77AE4244-0868-4991-91C5-00EB4D923519}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/04/29 22:52:45 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/04/29 22:52:45 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/04/29 22:52:45 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 07:41:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 07:41:23 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 07:41:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/21 21:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\SwSetup\Chipset\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys
[2006/12/21 21:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\drivers\nvstor32.sys
[2006/12/21 21:28:56 | 00,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_07a99397\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 22:28:17 | 00,800,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\advapi32.dll
[2009/04/10 22:28:18 | 00,168,448 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dnsapi.dll
[2009/04/10 22:28:19 | 00,297,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\gdi32.dll
[2009/04/10 22:28:20 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2009/04/10 22:28:20 | 00,891,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/06/15 06:52:42 | 00,023,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\lpk.dll
[2009/04/10 22:28:20 | 00,807,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msctf.dll
[2009/04/10 22:28:22 | 00,679,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvcrt.dll
[2008/01/18 23:35:57 | 00,008,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\nsi.dll
[2009/04/10 22:27:49 | 01,202,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2009/04/10 22:28:23 | 01,316,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ole32.dll
[2009/04/23 04:15:07 | 00,784,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rpcrt4.dll
[2009/04/10 22:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/06/15 06:53:43 | 00,072,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\secur32.dll
[2009/04/10 22:28:24 | 11,584,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2009/04/10 22:28:24 | 00,353,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shlwapi.dll
[2009/04/10 22:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/10 22:28:25 | 00,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/10 22:28:25 | 00,108,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\userenv.dll
[2009/04/10 22:28:25 | 00,502,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\usp10.dll
[2008/01/18 23:37:09 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< End of report >

#5 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 29 December 2009 - 01:47 PM

OTL Extras logfile created on: 12/29/2009 11:25:41 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Stephan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.67 Gb Total Space | 33.40 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive D: | 8.12 Gb Total Space | 1.76 Gb Free Space | 21.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZALISIS-LT
Current User Name: Stephan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074B4D4E-F0FB-4ACB-9314-1FAC895A3E92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{094F8133-3288-4CE8-BB9F-19BB8FC0A94E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A3854D7-0048-40EF-89BC-62A4EF62B38B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10D19CE7-3AB5-43E8-9B94-A2B0706FD928}" = lport=25999 | protocol=6 | dir=in | name=cs.xfire.com |
"{2D2779E8-98A7-42BC-AA5D-8B0EDBD00E9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3383FA39-3E8B-4DD9-B939-21D8635A121B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{349133D5-16CE-4137-9395-BEFDC599CB81}" = lport=10243 | protocol=6 | dir=in | app=system |
"{375FCA9D-B5FE-4338-ADF9-1181A08B12F1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{412492A2-EC5A-41D5-A395-85EA16CB6F60}" = lport=10244 | protocol=6 | dir=in | app=system |
"{43A8459F-641D-404C-9D39-53138E1CF0BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54E36A5D-4D3B-4745-BB66-DCA9E1D98EA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55A6FD21-900B-4A21-98F5-622A4EED4BA5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58B1747B-0334-4DB9-A0AA-16279A6F5022}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7091DF08-DC01-473D-A455-586807267350}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{750B7299-BE6D-4F63-A940-87EF2C4757A5}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7BB67235-CCAB-4B4E-A40C-0EA1B7909F2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8114BB58-3C08-4C5B-A92D-0A37454698F9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{815F8F7A-C532-41D6-935D-DC583A1C9A58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A63F50D-8A3E-4E83-8A9C-F499E7CDA6AE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8BDE718C-5CB1-453D-AD7A-C48CAA5876B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EABA896-303E-4095-BADB-59CE3203E084}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9831D15F-8620-42CF-BA70-92FC8C8B7469}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99D41AE7-6E26-4559-9513-FFA183F0CA07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E97BF80-CE5F-4AD1-B9BC-4E8BFDB32AB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EE9A05A-27E9-480D-B869-28CB05AA9DA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8920641-03D6-4B96-956D-9655D2272BB6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A96414F7-85C6-47A4-9691-61D23D7CA271}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B59C9793-1D46-459E-A9D7-B786061C10C4}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BEBA46F5-982E-42D0-AB2A-9357C4BDE080}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3B0A503-6394-491C-AFC6-FE4030945D7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAD225FC-9272-4DEB-A785-15E9BB046243}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE13C888-75B0-4739-B259-A19FF19E991D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3F5A5E6-CE4E-4FB8-914A-DB26375AA46D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E7828D44-8459-478C-809C-8F9EE4E90FAF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F029EB46-E35E-476E-A4A0-6498BBD93E2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AABBCEC-9AA9-45C5-8857-0F54BBD3C059}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0B898153-F163-4CAC-A8E1-8BBC2C3C9146}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1115C95D-A9CB-401D-A4F4-AB1F776D89E0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{12066F9F-9B5E-4B3C-987B-1F365A708ED0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{206D7B7C-E429-42C2-BB7F-824146D030E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29C87353-B229-46F8-A345-2FAED0FA25DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CE63E7F-F67C-41AC-978D-90A3A44382FF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{32CA735F-A09D-43BD-837C-31CA4D4B4FE2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{35786E91-BFFA-45EF-8DE3-2E25418A095B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{38B641CF-B24C-45E2-847C-A44E1F6F3C3C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3B11ABC3-360D-4212-A5A5-6FAEAD919DF1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{443C5FB5-9762-4DC5-B915-2D70449D793B}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{4F0200F0-E972-4675-9D7D-F12481964368}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4FAD3DCD-3806-441C-A701-EE378580407D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{52CEC571-BFB6-4833-9179-D5E3F833B162}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{552CF019-F031-4A11-B8FC-BF4B18129BC7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{56447D53-1863-44FD-84CF-2C8AF91ECBAB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5C2EA0AB-131B-46AC-80E9-784C2F5C9E0D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71C3E10E-7DC4-4FE0-BE3D-DE44A888187B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7A821A2D-1258-492F-BA4B-DF17218A2581}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"{7C4BBB37-9417-4724-8132-6CE203D815B6}" = protocol=17 | dir=in | app=c:\program files\vghd\vghd.exe |
"{7F4BA0E6-BA58-4AA5-BF7C-62DEF465EB3B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{87E593DB-4143-4480-B2DC-0D897C7ED3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D8574FE-D23B-4B16-945E-4D8069CA96DE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8F2EA003-A1C7-409F-90CD-35EEEA7C0E53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94ABE1E1-E155-4205-8A97-B21AC7A8532D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{97601C02-C2F9-4C6E-B460-C843578DC5FC}" = protocol=6 | dir=in | app=c:\program files\vghd\vghd.exe |
"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A12C7E30-1546-49B5-B9E7-6D09E21AE62B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A51D8E47-5136-4B0A-9BD3-1DFA1AECD465}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AECFB6A8-E1EE-4C74-8CBD-01734E627AA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF3E41D0-1F35-45DC-9587-AA6EB23C86CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7424AEA-E7D5-4B9B-BF5C-909FBA256702}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{B90825EB-2D0F-481A-97BC-F22436ED1531}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAD5ECDB-7F10-4C77-A6BC-A77026B8A6B9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BD64755B-EE76-4D50-B6AE-32D895BAB04C}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"{C0C4B099-E7AF-4FA7-A14D-E56CBF630AED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C11D1BCB-10C4-484B-85D3-3B6FECCA255C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C21C7F05-D7CE-421C-A49D-CE88A17214E0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C7613CAB-FDE8-41EE-BA0E-86287B1892FC}" = protocol=6 | dir=out | app=system |
"{D06A742C-A363-47E3-9273-369FA19A05D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E38A87F1-2079-4036-BE86-541D4335887C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E61DC1B5-19B9-468D-A72F-8557C1EE859A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA3D1E9A-EA03-4C57-BFB1-219872F7831C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDC51C99-B3F5-4E39-9088-2EDBE115FB9D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EFA499CC-1A57-4F1E-84A6-7D07B398F653}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F71AE3D8-BA63-4542-B113-B8D2CEFDD31F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F7FFE761-4A3B-4813-A604-D3BB3761C8E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F92BEAEC-87E6-435C-B9D4-06ED2AF544F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9ED6DD0-0402-461C-AC4C-61B3537E95E9}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{1C3F13E3-57E9-4515-B33F-3ACB4CD23E9C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C2EF58F-11D6-4856-B0A4-5BC04E2AF572}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{3DE1F0F2-DA33-4777-A49D-FEEF755CC607}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{5EAEA82E-B480-4C49-ACED-3C9B20ADC58C}C:\users\stephan\stuff\games\quake\quake3.exe" = protocol=6 | dir=in | app=c:\users\stephan\stuff\games\quake\quake3.exe |
"TCP Query User{61B54D20-2287-484C-9A77-D27BB870B576}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6C48F816-5D19-4881-A4D9-33151158986B}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{6DE02218-765A-4959-B163-9C394FACBC51}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{79D959FF-15F5-4C65-83EA-743B28D7FA3F}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{7BC2453D-CFF1-4422-A7E0-5A1C4467D83C}C:\users\stephan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\stephan\program files\dna\btdna.exe |
"TCP Query User{9C3B5C11-70F1-4218-80C4-5DAF9D544E57}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{ABDFEF64-2CAE-4288-9CCC-58E25BF02963}F:\quake\quake3.exe" = protocol=6 | dir=in | app=f:\quake\quake3.exe |
"TCP Query User{B68ACDEF-6ACF-4410-B8E6-CCEFDB8E4D6C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{B6E8442A-1000-44B3-8109-461522642B26}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{C32F022C-B790-416F-818C-E2F8CEC9132B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DC128939-C371-48B5-94CD-E227A4F6B7B7}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{E608DCC0-EA55-403F-AB27-9730ABE2CF8D}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{EC6E7E36-A447-47B1-800D-49C9B1BEB43F}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{EF4CD838-B93E-4742-B3AE-97F68F8852AB}C:\users\stephan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\stephan\program files\dna\btdna.exe |
"TCP Query User{F76B56B0-09F5-4FCE-9B05-EA9DBF43834F}C:\program files\mcafee\mbk\mcafeedatabackup.exe" = protocol=6 | dir=in | app=c:\program files\mcafee\mbk\mcafeedatabackup.exe |
"TCP Query User{FC998F20-662A-43C6-A1CF-752CBF80C223}C:\users\stephan\appdata\local\microsoft\windows\temporary internet files\content.ie5\8lwc3p9b\anarchyonline_18.1.1-large[1].exe" = protocol=6 | dir=in | app=c:\users\stephan\appdata\local\microsoft\windows\temporary internet files\content.ie5\8lwc3p9b\anarchyonline_18.1.1-large[1].exe |
"UDP Query User{063A6B57-15A5-4BAC-AF10-62551154D38A}C:\users\stephan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\stephan\program files\dna\btdna.exe |
"UDP Query User{07BA3339-7370-47C6-8BFB-93E17962C870}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{1DA97ABC-879E-4795-B8BE-F38EF5749E4D}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{2AC1066C-682F-46A1-94A8-BE3A2B75DB16}C:\program files\mcafee\mbk\mcafeedatabackup.exe" = protocol=17 | dir=in | app=c:\program files\mcafee\mbk\mcafeedatabackup.exe |
"UDP Query User{2C4DDC19-7246-4C78-AB5B-A71D78DF8E43}F:\quake\quake3.exe" = protocol=17 | dir=in | app=f:\quake\quake3.exe |
"UDP Query User{2CE1C90E-A69E-45A8-A2EA-2FC60E808680}C:\users\stephan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\stephan\program files\dna\btdna.exe |
"UDP Query User{31937CC5-AB96-4567-A22E-4BF9456291FA}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{383E230C-4F8A-4F25-B9C8-294D2E68F4BA}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{44834B15-655B-4997-8F13-6B806194BE73}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4AB8AF2F-9179-4D9E-A6AC-7AD6B7D1AF7F}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{64F2FFCB-916E-4038-B61C-8CDCA34C3B26}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{78261E38-AC3C-41D5-9777-5E763AB73E59}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{AE097F7C-B0E8-4841-9762-0AD4F33D1922}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{AEBE4D0C-5019-40AC-8068-9F5C0BD437A2}C:\users\stephan\stuff\games\quake\quake3.exe" = protocol=17 | dir=in | app=c:\users\stephan\stuff\games\quake\quake3.exe |
"UDP Query User{B455AC59-CDDF-4368-B477-D948AB1A597E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C0650EFD-5A42-4BB7-9DA8-EC4ACAF5DCF2}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D26A1BF1-1587-4144-9524-377226E6A81D}C:\users\stephan\appdata\local\microsoft\windows\temporary internet files\content.ie5\8lwc3p9b\anarchyonline_18.1.1-large[1].exe" = protocol=17 | dir=in | app=c:\users\stephan\appdata\local\microsoft\windows\temporary internet files\content.ie5\8lwc3p9b\anarchyonline_18.1.1-large[1].exe |
"UDP Query User{D487C676-00C4-48AF-A5C3-C40625583588}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{E4B17B61-256D-484F-9558-706E222B61AC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{E60FBAC8-7CD1-49B3-A969-9C806FF2DFB2}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5783F2D7-7004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1975EB-27E6-491D-94BC-6355FA25F40F}" = Google Web Accelerator
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AutoCAD Architecture 2009" = AutoCAD Architecture 2009
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender (remove only)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CamStudio" = CamStudio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Flamingo 1.1" = Flamingo 1.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"PROR" = Microsoft Office Professional 2007
"Rhapsody" = Rhapsody
"Rhinoceros 3.0" = Rhinoceros 3.0
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Scratch" = Scratch
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZDSV" = ZD Soft Screen Video Decoder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2009 4:45:45 PM | Computer Name = Zalisis-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14ac Start Time: 01ca86687cc3c006 Termination Time: 0

Error - 12/28/2009 1:31:35 AM | Computer Name = Zalisis-LT | Source = Application Hang | ID = 1002
Description = The program snes9x.exe version 1.4.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 2e8 Start Time: 01ca877eb02dafbe Termination Time: 22

Error - 12/28/2009 3:07:47 AM | Computer Name = Zalisis-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed,
exception code 0xc0000005, fault offset 0x0015843d, process id 0x1408, application
start time 0x01ca878b87cbc86e.

Error - 12/28/2009 3:48:45 PM | Computer Name = Zalisis-LT | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6002.18005, time
stamp 0x49e03808, exception code 0xc0000005, fault offset 0x00010e9f, process id
0x448, application start time 0x01ca87e35a790eda.

Error - 12/28/2009 5:44:07 PM | Computer Name = Zalisis-LT | Source = VSS | ID = 8194
Description =

Error - 12/28/2009 9:23:40 PM | Computer Name = Zalisis-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed,
exception code 0xc0000005, fault offset 0x0015843d, process id 0x1460, application
start time 0x01ca8824985e35ac.

Error - 12/28/2009 9:25:01 PM | Computer Name = Zalisis-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3f4 Start Time: 01ca88249802a82c Termination Time: 21

Error - 12/28/2009 9:43:59 PM | Computer Name = Zalisis-LT | Source = Perflib | ID = 1010
Description =

Error - 12/29/2009 12:57:12 AM | Computer Name = Zalisis-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0003969e, process id 0x1394, application
start time 0x01ca8842276dd74a.

Error - 12/29/2009 12:58:38 AM | Computer Name = Zalisis-LT | Source = Application Error | ID = 1000
Description = Faulting application GoogleToolbarUser.exe, version 0.0.0.0, time
stamp 0x4913aa33, faulting module GoogleToolbarDynamic_F423308312_unloaded, version
0.0.0.0, time stamp 0x4929a402, exception code 0xc0000005, fault offset 0x6895bca0,
process
id 0xe98, application start time 0x01ca88354d6d3d8a.

[ Media Center Events ]
Error - 4/17/2008 6:11:13 PM | Computer Name = Zalisis-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/27/2009 11:32:19 PM | Computer Name = Zalisis-LT | Source = Mcx2Dvcs | ID = 401
Description =

Error - 1/27/2009 11:44:35 PM | Computer Name = Zalisis-LT | Source = Mcx2Svc | ID = 301
Description =

Error - 1/27/2009 11:44:57 PM | Computer Name = Zalisis-LT | Source = Mcx2Svc | ID = 301
Description =

Error - 6/9/2009 5:46:37 PM | Computer Name = Zalisis-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 7/31/2009 12:26:41 AM | Computer Name = Zalisis-LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 896
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/28/2009 3:48:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7031
Description =

Error - 12/28/2009 3:48:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7034
Description =

Error - 12/28/2009 3:48:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7031
Description =

Error - 12/28/2009 3:48:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7031
Description =

Error - 12/28/2009 3:48:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7031
Description =

Error - 12/28/2009 3:49:51 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7032
Description =

Error - 12/28/2009 4:44:56 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7000
Description =

Error - 12/28/2009 9:34:55 PM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2009 2:33:54 AM | Computer Name = Zalisis-LT | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2009 3:33:10 AM | Computer Name = Zalisis-LT | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

< End of report >

#6 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 29 December 2009 - 01:51 PM

THE ARC FILE IS WAY TOO LARGE TO PASTE ILL JUST EMAIL IT

#7 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 30 December 2009 - 10:21 AM

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#8 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 30 December 2009 - 12:14 PM

Thanks!

ComboFix 09-12-29.06 - Stephan 12/30/2009 9:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1268 [GMT -8:00]
Running from: c:\users\Stephan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3476589880-2846545486-3996084828-500
c:\$recycle.bin\S-1-5-21-3668322620-2577143820-4133954761-1000
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\oem21.inf
c:\windows\system32\oem30.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 18:07 . 2009-12-30 18:07 -------- d-----w- c:\users\Stephan\AppData\Local\temp
2009-12-30 18:07 . 2009-12-30 18:07 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-12-28 21:52 . 2009-12-29 21:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 21:52 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-28 21:52 . 2009-12-28 21:52 -------- d-----w- c:\programdata\Avira
2009-12-28 21:52 . 2009-12-28 21:52 -------- d-----w- c:\program files\Avira
2009-12-28 20:29 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:29 . 2009-12-28 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:29 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 18:40 . 2009-12-28 18:40 -------- d-----w- c:\program files\ERUNT
2009-12-27 01:39 . 2009-12-27 01:39 -------- d-----w- c:\users\Stephan\AppData\Roaming\CyberLink
2009-12-26 20:57 . 2009-12-26 20:57 -------- d-----w- C:\!KillBox
2009-12-20 20:51 . 2009-12-21 02:02 -------- d-----w- c:\users\Stephan\AppData\Roaming\Xfire
2009-12-09 11:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 11:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 11:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 02:37 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 06:58 . 2009-08-31 19:37 -------- d-----w- c:\users\Stephan\AppData\Roaming\BitTorrent
2009-12-29 04:59 . 2009-08-28 20:35 -------- d-----w- c:\users\Stephan\AppData\Roaming\Skype
2009-12-29 03:21 . 2009-08-28 20:37 -------- d-----w- c:\users\Stephan\AppData\Roaming\skypePM
2009-12-29 01:31 . 2009-01-03 23:55 -------- d-----w- c:\program files\PeerGuardian2
2009-12-21 23:22 . 2008-07-15 21:40 -------- d-----w- c:\programdata\Xfire
2009-12-20 20:52 . 2008-07-15 21:40 -------- d-----w- c:\program files\Xfire
2009-12-09 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 11:08 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-11-21 06:40 . 2009-12-09 02:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 02:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 02:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 02:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 03:56 . 2009-06-16 02:36 -------- d-----r- c:\program files\Skype
2009-11-20 03:56 . 2009-11-20 03:56 -------- d-----w- c:\program files\Common Files\Skype
2009-11-20 03:56 . 2009-06-16 02:36 -------- d-----w- c:\programdata\Skype
2009-11-18 11:18 . 2009-11-18 11:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 11:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 11:18 . 2009-11-18 11:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 11:18 . 2009-11-18 11:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 04:42 . 2009-10-02 15:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 05:15 . 2009-11-02 05:14 -------- d-----w- c:\program files\iTunes
2009-11-02 05:14 . 2009-11-02 05:14 -------- d-----w- c:\program files\iPod
2009-11-02 05:14 . 2008-12-26 23:35 -------- d-----w- c:\program files\Common Files\Apple
2009-11-02 05:08 . 2009-11-02 05:08 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 11:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-08 21:08 . 2009-11-18 11:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 11:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 11:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-07 09:35 8534560 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-07 09:35 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-11-07 09:35 86016 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-03-06 18:28 180224 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 03:27 468264 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 09:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c9,b3,8e,bb,e1,34,ca,01

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/28/2009 1:52 PM 108289]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\System32\drivers\urvpnwlh.sys [8/21/2008 2:15 PM 30840]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\System32\drivers\urfltwlh.sys [7/7/2009 5:18 PM 13944]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/2/2008 6:05 PM 21504]
S3 MusCAudio;MusCAudio;c:\windows\System32\drivers\MusCAudio.sys [12/23/2008 4:48 PM 23096]
S3 MusCVideo;MusCVideo;c:\windows\System32\drivers\MusCVideo.sys [12/23/2008 4:48 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 c:\windows\Tasks\HPCeeScheduleForStephan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2008-06-13 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-12 19:03]

2008-06-13 c:\windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-12 19:03]

2008-06-13 c:\windows\Tasks\RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-12 19:03]

2008-06-13 c:\windows\Tasks\RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job
- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-02-12 19:03]

2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{77AE4244-0868-4991-91C5-00EB4D923519}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\azwks7gl.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 10:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-30 10:10:51
ComboFix-quarantined-files.txt 2009-12-30 18:10

Pre-Run: 37,977,194,496 bytes free
Post-Run: 37,808,676,864 bytes free

- - End Of File - - 0ED852FB0BE1A247140C433291120AB3

#9 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 30 December 2009 - 04:26 PM

WOAH BLUE SCREEN!
i think my computer just crashed
not sure if its related tho
working fine now...

#10 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 31 December 2009 - 10:15 AM

Let me know if it happens again.

Are you still being redirected?

Download Kenco.exe to your desktop

Close all windows and run the program
It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

#11 zalisis

Group: Member
Posts: 44
Joined: 26-December 09

Posted 31 December 2009 - 01:25 PM

the redirect stopped
THANKS!

Kenco by jpshortstuff (31.12.09.1)
Log created at 11:10 on 31/12/2009 (Stephan)

========== Task Unlocker ==========
C:\Windows\Tasks\HPCeeScheduleForStephan.job -> Error retrieving access rights [87]!
C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> Error retrieving access rights [87]!
C:\Windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> Error retrieving access rights [87]!
C:\Windows\Tasks\RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> Error retrieving access rights [87]!
C:\Windows\Tasks\RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> Error retrieving access rights [87]!
C:\Windows\Tasks\User_Feed_Synchronization-{77AE4244-0868-4991-91C5-00EB4D923519}.job -> Error retrieving access rights [87]!

========== KencoScan ==========

========== C:\Windows\Tasks ==========
HPCeeScheduleForStephan.job -> [20:31 04/09/2009] 330 bytes
RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> [00:46 13/05/2008] 1044 bytes
RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> [00:51 13/05/2008] 1048 bytes
RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> [00:52 13/05/2008] 1062 bytes
RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job -> [00:55 13/05/2008] 1064 bytes
User_Feed_Synchronization-{77AE4244-0868-4991-91C5-00EB4D923519}.job -> [07:34 24/02/2008] 422 bytes

-=E.O.F=-

#12 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 01 January 2010 - 09:14 PM

Great.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586.exe and select "Run as an Administrator.")

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply along with a new OTL log.

#13 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 05 January 2010 - 08:27 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

URL Redirect Virus [Closed] - Geeks to Go Forums