Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista "bad image"


  • Please log in to reply

#1
xperto

xperto

    New Member

  • Member
  • Pip
  • 3 posts
hi, am facing this problem from a long time now. i went thru http://www.geekstogo...uide-t2852.html and did everything on it, but i still get a bad image error when ever i try to open any program. please help
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,146 posts
  • MVP
If you were able to to do everything on it did you get any logs? If so please copy and paste them. If not then get a friend to make Avira's rescue disk for you:

http://dlpro.antivir...m-common-en.iso

Instructions here:

http://www.techmixer...us-and-malware/

Ron
  • 0

#3
xperto

xperto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
these are the logs..

mbam-log-2010-03-25 (06-49-04):
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/25/2010 6:49:04 AM
mbam-log-2010-03-25 (06-49-04).txt

Scan type: Quick Scan
Objects scanned: 118547
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0

------------------------------------------------------------


OTL:


OTL logfile created on: 3/25/2010 7:22:57 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Muhammed Wasim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 59.71 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.60 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS-1318-PC
Current User Name: Muhammed Wasim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/25 07:22:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\OTL.exe
PRC - [2010/03/17 10:29:37 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 10:28:53 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/17 10:28:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 10:28:50 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/27 06:28:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Muhammed Wasim\Desktop\gmer.exe
PRC - [2009/05/21 10:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/15 16:13:40 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 10:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/27 13:04:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\DELL\QuickSet\quickset.exe
PRC - [2007/04/16 20:40:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\DELL\MediaDirect\PCMService.exe
PRC - [2006/11/03 22:25:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/02 15:15:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe


========== Modules (SafeList) ==========

MOD - [2010/03/25 07:22:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\OTL.exe
MOD - [2010/03/17 10:29:37 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 11:51:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (ASKUpgrade)
SRV - [2010/03/17 10:29:34 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 10:28:53 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/09/25 06:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 13:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 13:06:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 13:06:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/19 17:14:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=ar&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=ar&s=gen
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord


O1 HOSTS File: ([2006/09/19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll File not found
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.88.174.8 202.88.174.6
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\d3d10core32.dll) - C:\Windows\System32\D3D10CORE32.DLL ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\Protector Suite QL\psqlpwd.dll - C:\Program Files\Protector Suite QL\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/07 02:31:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/25 07:22:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\OTL.exe
[2010/03/25 06:58:42 | 002,131,816 | ---- | C] (AVG Technologies) -- C:\Users\Muhammed Wasim\Desktop\avg_avwt_stb_all_9_114.exe
[2010/03/25 06:37:39 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Malwarebytes
[2010/03/25 06:37:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 06:37:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/25 06:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 06:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/25 06:37:02 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Muhammed Wasim\Desktop\mbam-setup.exe
[2010/03/25 06:33:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/25 06:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/25 06:32:03 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Muhammed Wasim\Desktop\erunt_setup.exe
[2010/03/25 06:18:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\TFC.exe
[2010/03/25 05:53:48 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\WinRAR
[2010/03/25 05:51:29 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\Desktop\Back-up set
[2010/03/25 05:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/25 05:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/03/25 05:24:42 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Protector Suite
[2010/03/25 05:05:21 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Macromedia
[2010/03/25 05:05:20 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Adobe
[2010/03/25 05:05:05 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\SupportSoft
[2010/03/25 05:05:00 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\MediaDirect
[2010/03/25 05:04:56 | 000,000,000 | -H-D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\GTek
[2010/03/25 05:04:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Searches
[2010/03/25 05:03:36 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Identities
[2010/03/25 05:03:33 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Contacts
[2010/03/25 05:03:25 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\VirtualStore
[2010/03/25 05:03:23 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\PC Suite
[2010/03/25 05:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\AppData\Local\Temporary Internet Files
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Templates
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Start Menu
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\SendTo
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Recent
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\PrintHood
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\NetHood
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Documents\My Videos
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Documents\My Pictures
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Documents\My Music
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\My Documents
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Local Settings
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\AppData\Local\History
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Cookies
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\Application Data
[2010/03/25 05:03:06 | 000,000,000 | -HSD | C] -- C:\Users\Muhammed Wasim\AppData\Local\Application Data
[2010/03/25 05:03:05 | 000,000,000 | --SD | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Microsoft
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Videos
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Saved Games
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Pictures
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Music
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Links
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Favorites
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Downloads
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Documents
[2010/03/25 05:03:05 | 000,000,000 | R--D | C] -- C:\Users\Muhammed Wasim\Desktop
[2010/03/25 05:03:05 | 000,000,000 | -H-D | C] -- C:\Users\Muhammed Wasim\AppData
[2010/03/25 05:03:05 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\Temp
[2010/03/25 05:03:05 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\Microsoft Help
[2010/03/25 05:03:05 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Local\Microsoft
[2010/03/25 05:03:05 | 000,000,000 | ---D | C] -- C:\Users\Muhammed Wasim\AppData\Roaming\Media Center Programs
[2010/03/17 10:29:37 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/14 05:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2010/03/14 05:03:55 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys

========== Files - Modified Within 14 Days ==========

[2010/03/25 07:25:31 | 000,786,432 | -HS- | M] () -- C:\Users\Muhammed Wasim\NTUSER.DAT
[2010/03/25 07:25:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{074660EC-5ED7-449E-BB60-084FF56FC283}.job
[2010/03/25 07:22:31 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\OTL.exe
[2010/03/25 07:05:29 | 000,118,488 | ---- | M] () -- C:\Users\Muhammed Wasim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/25 07:05:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 07:05:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 07:04:27 | 000,331,592 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/25 07:04:16 | 001,766,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/25 07:02:51 | 000,331,592 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/25 07:02:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/25 07:02:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 07:02:00 | 315,940,426 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/25 06:58:50 | 002,131,816 | ---- | M] (AVG Technologies) -- C:\Users\Muhammed Wasim\Desktop\avg_avwt_stb_all_9_114.exe
[2010/03/25 06:58:19 | 000,284,915 | ---- | M] () -- C:\Users\Muhammed Wasim\Desktop\gmer.zip
[2010/03/25 06:37:36 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 06:37:08 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Muhammed Wasim\Desktop\mbam-setup.exe
[2010/03/25 06:32:43 | 000,000,735 | ---- | M] () -- C:\Users\Muhammed Wasim\Desktop\NTREGOPT.lnk
[2010/03/25 06:32:43 | 000,000,716 | ---- | M] () -- C:\Users\Muhammed Wasim\Desktop\ERUNT.lnk
[2010/03/25 06:32:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Muhammed Wasim\Desktop\erunt_setup.exe
[2010/03/25 06:26:52 | 000,037,252 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/25 06:26:31 | 000,524,288 | -HS- | M] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/03/25 06:26:31 | 000,065,536 | -HS- | M] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/25 06:26:30 | 000,524,288 | -HS- | M] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/25 06:18:46 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Muhammed Wasim\Desktop\TFC.exe
[2010/03/25 05:47:17 | 000,001,672 | ---- | M] () -- C:\Users\Muhammed Wasim\Desktop\CCleaner.lnk
[2010/03/25 05:15:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/25 05:03:07 | 000,000,020 | -HS- | M] () -- C:\Users\Muhammed Wasim\ntuser.ini
[2010/03/24 19:44:48 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{76F04044-7D6F-4A13-BD63-B7C5A0B07244}.job
[2010/03/24 18:51:44 | 057,623,175 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/20 13:18:38 | 000,572,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/03/17 10:29:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/17 10:29:37 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/17 10:29:37 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/17 10:29:30 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/03/17 10:28:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 10:28:49 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

========== Files Created - No Company Name ==========

[2010/03/25 07:02:00 | 315,940,426 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/25 06:58:27 | 000,293,376 | ---- | C] () -- C:\Users\Muhammed Wasim\Desktop\gmer.exe
[2010/03/25 06:58:11 | 000,284,915 | ---- | C] () -- C:\Users\Muhammed Wasim\Desktop\gmer.zip
[2010/03/25 06:37:36 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 06:32:43 | 000,000,735 | ---- | C] () -- C:\Users\Muhammed Wasim\Desktop\NTREGOPT.lnk
[2010/03/25 06:32:43 | 000,000,716 | ---- | C] () -- C:\Users\Muhammed Wasim\Desktop\ERUNT.lnk
[2010/03/25 05:47:17 | 000,001,672 | ---- | C] () -- C:\Users\Muhammed Wasim\Desktop\CCleaner.lnk
[2010/03/25 05:15:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/25 05:03:07 | 000,000,020 | -HS- | C] () -- C:\Users\Muhammed Wasim\ntuser.ini
[2010/03/25 05:03:06 | 000,524,288 | -HS- | C] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/03/25 05:03:06 | 000,524,288 | -HS- | C] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/25 05:03:06 | 000,065,536 | -HS- | C] () -- C:\Users\Muhammed Wasim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/25 05:03:05 | 000,786,432 | -HS- | C] () -- C:\Users\Muhammed Wasim\NTUSER.DAT
[2010/03/03 08:51:22 | 000,000,020 | ---- | C] () -- C:\Windows\System32\D3D10CORE32.DLL
[2010/03/01 01:06:26 | 000,192,512 | ---- | C] () -- C:\Windows\System32\ssresources.dll
[2010/03/01 01:06:26 | 000,020,481 | ---- | C] () -- C:\Windows\System32\SystemsHook.dll
[2009/12/25 00:01:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/11/13 19:47:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/13 03:06:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/06/13 02:41:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/27 06:09:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/27 03:16:05 | 000,331,592 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/27 03:16:05 | 000,331,592 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/11/15 15:51:30 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/10/17 02:42:35 | 000,000,185 | ---- | C] () -- C:\Windows\System32\msblcd32.dll
[2008/05/26 02:14:08 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/25 20:36:59 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/25 20:36:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/08/23 19:44:47 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/23 19:44:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/22 07:05:46 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/22 06:39:04 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/03 21:55:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:55:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/01/15 07:01:26 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2001/11/14 17:26:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/25 05:03:24 | 000,000,000 | ---D | M] -- C:\Users\Muhammed Wasim\AppData\Roaming\PC Suite
[2010/03/25 05:24:42 | 000,000,000 | ---D | M] -- C:\Users\Muhammed Wasim\AppData\Roaming\Protector Suite
[2010/03/25 06:27:04 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/25 07:25:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{074660EC-5ED7-449E-BB60-084FF56FC283}.job
[2009/11/24 03:59:59 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25AAE836-7E0E-4015-BA43-6472D2A0576D}.job
[2009/11/24 04:05:12 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{519EAA53-E902-492E-9BF4-B2C90ADD721F}.job
[2010/03/24 19:44:48 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{76F04044-7D6F-4A13-BD63-B7C5A0B07244}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/23 19:41:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/08/23 19:41:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/08/23 19:41:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/08/23 19:41:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 12:02:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 12:02:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 12:02:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 15:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/23 19:41:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/23 19:41:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/23 19:41:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/23 19:41:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/23 19:41:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/05/22 23:25:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/05/22 23:25:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/05/22 23:25:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/05/22 23:25:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 10:53:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/04/26 10:53:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 10:53:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/04/26 10:53:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 15:16:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 11:58:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 11:58:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 13:13:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 13:13:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 15:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 15:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 15:16:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 11:58:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 11:58:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/03 08:51:22 | 000,000,020 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\D3D10CORE32.DLL
[2009/04/11 11:57:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 11:58:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 16:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 16:04:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 16:04:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Files - Unicode (All) ==========
[2010/03/10 21:06:07 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/10 21:06:07 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/03 12:51:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/03 12:51:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/02 15:07:16 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/03/02 15:07:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/02/08 12:49:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı
[2010/02/08 12:49:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı
< End of report >

Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------

Extras:


OTL Extras logfile created on: 3/25/2010 7:22:57 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Muhammed Wasim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.18 Gb Total Space | 59.71 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.60 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS-1318-PC
Current User Name: Muhammed Wasim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1420524F-6120-4976-975B-9A05D1084247}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14ECEF13-EDD2-456F-8F38-2A9BC0034BEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{185649D4-D0C1-4FBF-BD96-991CF76C7680}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1CEDE813-A5DA-4919-9281-473045F03B40}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{26E5B049-7895-4A76-8948-3BF392233B24}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35AE22A2-3BB0-4061-9D22-E35C4A392AD9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39ADB7DE-ADD6-40A2-ACFD-22788E0C60BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B2EF76A-16DA-4EEB-BCB5-533C3E04A14E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3DDC6DC9-2C53-4C4A-B672-2CD546D22C42}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{41D9A9C0-64F1-400E-80FE-CADDA2224AF7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F3DABA9-F6F8-490D-AD59-F7F72EB1EA94}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{731DDBA7-F77B-4022-B974-94926E9AF2B6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77D2FABE-6DDE-4700-B382-F97EC0C40987}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7CBD8E32-7E7B-4F22-82DC-6E1AB7B6368B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{837BF522-C09A-4A7E-A3DC-794CFB15A4A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{838062FE-E2A4-4A38-B62B-DB15766C9F5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F8136F3-4CE1-4D21-9F30-216C79333430}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96112F1C-3A21-44A0-AA5D-876FB50F1694}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{975674A5-A194-4C30-8D12-A5A84BCD5C82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A279E1AA-9E34-4FA3-BCDA-D6BB26450B18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8C09903-F193-4E27-857A-5B3B5102ABFB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB9DB16B-21CC-4CD0-8208-7D8B6B31108C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DA057238-2D39-4757-A4DB-0ECC451E8BAE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DA0A196A-174A-411D-9ACB-2DE978E33ECC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE2CB56E-77B7-4B7C-A777-73F0843C4078}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E9DDC8C0-9247-496F-A2C1-88169BD2223D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF17FCCD-FD47-4907-BD79-3DBE8D73154A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA70661F-4880-4AED-84D3-EEDBC27CAFC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFDA6D25-774F-49CD-BA73-86D460CC4A92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0364781D-342A-4143-B6DB-A8B790FECAEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{115B6689-C77A-4010-9F05-0EBEF533DF48}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{137019FA-DE4F-4685-91A6-CC6E80E185F1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{1643E185-F9D1-4EE7-861C-8EDFFDBF9585}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1816BBA2-BA9E-4BBA-A432-B87730D4B5AB}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{20AE8EC5-CBDF-41C0-8E80-349CCFAFA2B9}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{2B75BFCB-684C-4A20-AA44-DEAE03FE88D2}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{2E528280-58E3-435E-86E6-721CB4834528}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{36A7DF6D-E69B-44FB-8C68-55EAA7E92D7C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37ABFEB9-64F6-4412-9ACA-883A52858F94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4033224D-E4E4-451E-B670-B466871DD4AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{48F6138F-D898-4C9D-A3DE-37222A842A85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DE2C610-E310-42A2-BE4B-14F3AE384802}" = protocol=6 | dir=out | app=system |
"{4F68718D-41C8-445F-9E02-33A372EEE209}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{50AA8E5C-CE57-40AF-838A-EC41897BFB2D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{560B3784-95B7-48ED-8EF4-977DB1A7956F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5D6706C2-8998-4FE8-A336-931458195299}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{633D3657-3760-4A0D-BE14-7FEED8463A2B}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{66C2F398-8623-4502-8C5E-83FBA7E7154D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7437F3AE-E724-4061-8A39-9B81349E2C5A}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{74413FF9-0D87-4F22-A32E-48D6BE6F64A6}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{7E3360F8-C05E-4D5C-AC15-2BAA54E2F92D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84806A45-DDE7-4F0F-8A3C-B04FFC74B375}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{85565075-2419-49F0-A36E-91B8C8C5DDC3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{8BC7ED2D-0CF9-446E-A79E-96921DBA2D97}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8FF7C04F-00DF-4AC1-ADDE-6492554E2B25}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{908E3563-94F3-4845-BA0A-C0A01FADE468}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90A058E2-FAEF-4AD8-B917-51294BA45AF9}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{9C29A159-2A91-4321-884E-52001FBC3241}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DF5629B-1A02-420C-B190-FD75B1C3AD5F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ADA4F0E2-05C7-4BC4-AC07-3E5709D9D367}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B06C361F-CDBD-438C-940A-D2C40EFE3A91}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{B0F63C04-5C17-4A8B-83B9-17344F29FBEB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BA1DCBE5-BFCD-4E2A-A450-049D23AF28AB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BAD588CC-896E-4D96-A439-914AE39CB8D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CACB4B9E-1B1C-4185-B449-E4478594E4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5C8E0BE-9615-4861-9AC0-92E1D5C82116}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DF7B2DA2-6A62-44DB-ADE9-CDC726E2BA6B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF7E0C88-5979-4080-85AE-16A0E8E15FA9}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{E5710AAB-AF42-4BA8-B85D-14009B3E9122}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA7EA7C0-86D3-4826-86EF-A1785991193A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EE759984-A81A-4449-8A69-9C0E8F984B74}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{F07DA487-6514-4E46-9563-654A4DD6E8FE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F20DE468-F6EC-4993-89C8-03D2875AFD91}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F671B667-C047-43B8-A771-92145D51A56B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F77674F1-4EBC-47A9-8D58-2ECC554A0561}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{FB3C7B25-D27B-4A3D-9FAC-FF862DC787DB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{08DDC137-4515-4ED0-9366-33CA3913ADC9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{0D9163D7-DACA-47D6-81D5-42F291BC1725}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1AB01FAD-CF04-41BA-B78C-C124598B8A10}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{24CF6BAE-2C36-4C72-A18A-67AF52852BA6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{2FAA70FD-5DDB-45C0-8D96-5335CE818689}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{4F756B81-2EA9-44B5-A28E-5E26789C425D}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{4F85EE98-F4C5-4B24-B56F-53CED84B97B7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4FF68C98-5727-4D49-AC0E-AE161EB660EE}C:\users\testing\appdata\local\temp\529.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\529.exe |
"TCP Query User{566F8BC2-862D-4DCA-93BE-C826254F8ADB}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{58BAA392-4A59-4026-B93D-250620DD6697}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{5EBF8560-DB3E-4390-BE0F-BC9D9EFE8766}C:\program files\nimbuzz\nimbuzz.exe" = protocol=6 | dir=in | app=c:\program files\nimbuzz\nimbuzz.exe |
"TCP Query User{60D7F739-F90D-4CB4-B04E-7B8AD65EA37E}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{630D2EA4-44E8-4F17-8A59-020436F2C821}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{6458F7B4-7D26-4A47-857C-A209E48534D9}C:\users\testing\appdata\local\temp\296.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\296.exe |
"TCP Query User{7158C9D9-89C3-4DE3-B8EE-5464A18329D3}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{8492F453-3476-4185-A9BE-69D9098568A5}C:\users\testing\appdata\local\temp\084.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\084.exe |
"TCP Query User{8A22C16F-89B5-4E62-9993-F743D6C01227}C:\users\testing\appdata\local\temp\226.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\226.exe |
"TCP Query User{90CDE1B9-0BA5-42AE-A478-B321E17D45D9}C:\program files\nimbuzz\nimbuzz.exe" = protocol=6 | dir=in | app=c:\program files\nimbuzz\nimbuzz.exe |
"TCP Query User{A3E5A988-2B47-4BCF-99C6-7497E28535A2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A8431FE4-82EE-4A63-B9E5-6597B36E0B44}C:\users\testing\appdata\local\temp\520.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\520.exe |
"TCP Query User{AFBF522D-0869-47B9-8CC8-E394E656BC81}C:\users\xps-1318\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\xps-1318\desktop\utorrent.exe |
"TCP Query User{B85A08EA-7242-4358-9385-F3D2A2E43AC8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C4F3208A-CB9B-4F35-A33C-B5DFC9B028A3}C:\users\xps-1318\appdata\local\opera\opera\profile\cache4\temporary_download\utorrent.exe" = protocol=6 | dir=in | app=c:\users\xps-1318\appdata\local\opera\opera\profile\cache4\temporary_download\utorrent.exe |
"TCP Query User{C90971A1-FD4D-47AE-B62F-3F5EA0199C30}C:\users\testing\appdata\local\temp\808.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\808.exe |
"TCP Query User{DC7F9A62-B9BF-4B7B-9C9B-E2CE7C24AD12}C:\users\testing\appdata\local\temp\781.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\781.exe |
"TCP Query User{F834FBB7-3589-4E1D-ADA2-8A0CDA57D9CE}C:\program files\common files\nokia\service layer\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\nsl_host_process.exe |
"UDP Query User{03C7931D-FC97-4E42-ACCE-83EB26E5619D}C:\users\testing\appdata\local\temp\296.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\296.exe |
"UDP Query User{0A6D0FF3-FA9F-401F-BBDC-257F80CB604F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{241A0FB5-E1D2-40A7-BD09-F0D50C2C2148}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{265FD42A-BB00-41F5-9EB1-9E39F6AF51AF}C:\program files\nimbuzz\nimbuzz.exe" = protocol=17 | dir=in | app=c:\program files\nimbuzz\nimbuzz.exe |
"UDP Query User{45DF3C76-5F14-4341-BBB2-BC89EEBE1ABC}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{4DADA0F1-7FE6-41C5-9453-723906EF756F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{57BAEECF-886D-4969-A60A-3B76D980DA2B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6B766142-B086-47A1-9B97-2B4A37D3059F}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{7162F26A-2ED9-49EB-AD99-F5B6C687F389}C:\users\testing\appdata\local\temp\808.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\808.exe |
"UDP Query User{72DE9C89-5F73-4689-854A-162FBA28D600}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{834CB113-9720-49D8-B1DE-F2CE91A8C865}C:\users\xps-1318\appdata\local\opera\opera\profile\cache4\temporary_download\utorrent.exe" = protocol=17 | dir=in | app=c:\users\xps-1318\appdata\local\opera\opera\profile\cache4\temporary_download\utorrent.exe |
"UDP Query User{83EAAE58-7CA0-43E1-9027-F888FFA482F1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{87E47EB5-27A4-4A45-ADE3-7BF34D828010}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{98E78439-2B6D-4702-9EAC-B6B08FBB9315}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9F805300-DDC6-4423-85E5-1103DEBF36E6}C:\program files\common files\nokia\service layer\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\nsl_host_process.exe |
"UDP Query User{ABF8A9F1-022B-4A52-8B5A-220B87A6C1F7}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{AC0F83B4-AF2D-4485-A6CC-472F81E1CC9B}C:\users\testing\appdata\local\temp\226.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\226.exe |
"UDP Query User{BE516904-7ED2-4285-A79C-B6FBEFC8D9B9}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{C003CAEF-5955-4752-A7D6-D9A72BD29117}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{C06BC373-260E-42E3-A57E-710D7DD3F742}C:\users\testing\appdata\local\temp\520.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\520.exe |
"UDP Query User{C183AC10-E1E3-43ED-A263-6D7F5824568F}C:\users\testing\appdata\local\temp\084.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\084.exe |
"UDP Query User{DD44A5EE-07CC-4BA0-AAC8-816C6A37A6F4}C:\users\xps-1318\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\xps-1318\desktop\utorrent.exe |
"UDP Query User{E3290B54-9592-40A6-B501-362A620318E5}C:\program files\nimbuzz\nimbuzz.exe" = protocol=17 | dir=in | app=c:\program files\nimbuzz\nimbuzz.exe |
"UDP Query User{E6AB0DD3-18C9-4F1D-9E0D-50F11FD758F2}C:\users\testing\appdata\local\temp\781.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\781.exe |
"UDP Query User{F10A82BA-B0E6-4BEA-A104-C4D2638848DC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{FE0ECB4E-7DA6-4C1E-B5E6-929124108BE3}C:\users\testing\appdata\local\temp\529.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\529.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37A9BF0C-775D-4431-9E53-946F35C3E041}" = Nokia Software Launcher
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EA82F09E-8991-313C-A015-061D1B14DE25}" = Cooliris for Internet Explorer
"{EFB3FC35-DE68-4CD0-9B9E-1FF384E66B57}" = Faster Downloader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1932E56-8A95-40E0-A15B-E06B45969845}" = Nokia NSeries System Utilities
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"DoremiSoft FLV to 3GP Converter" = DoremiSoft FLV to 3GP Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"LimeWire" = LimeWire PRO 4.14.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniLyrics" = Minilyrics(remove only)
"Need For Speed " = SK Games
"Nimbuzz" = Nimbuzz 1.1.1
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
xperto

xperto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thanks for replying Ron. but the site that you suggested for instruction "http://www.techmixer...s-and-malware/" isnt working
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,146 posts
  • MVP
Just tested both links and they work for me.

Appears you have lost vrlogon.dll

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found

This is an important part of your fingerprint recognition software. Probably what is giving you the bad image error.

I also see signs of an infection.

[2010/03/10 21:06:07 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/10 21:06:07 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/03 12:51:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/03 12:51:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/02 15:07:16 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/03/02 15:07:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/02/08 12:49:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı
[2010/02/08 12:49:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı

and
"TCP Query User{4FF68C98-5727-4D49-AC0E-AE161EB660EE}C:\users\testing\appdata\local\temp\529.exe" = protocol=6 | dir=in | app=c:\users\testing\appdata\local\temp\529.exe
"UDP Query User{03C7931D-FC97-4E42-ACCE-83EB26E5619D}C:\users\testing\appdata\local\temp\296.exe" = protocol=17 | dir=in | app=c:\users\testing\appdata\local\temp\296.exe |
and several others.

If OTL is still working you can fix some of it:


Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll File not found
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll File not found
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe File not found
O4 - HKLM..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe File not found
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not foundO18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File not found
[2010/03/10 21:06:07 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/10 21:06:07 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?o) -- C:\Windows\System32\ꣀơ
[2010/03/03 12:51:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/03 12:51:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\璈ģ
[2010/03/02 15:07:16 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/03/02 15:07:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?D) -- C:\Windows\System32\뙨Ď
[2010/02/08 12:49:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı
[2010/02/08 12:49:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?i) -- C:\Windows\System32\�ı

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Copy the text between the lines of stars:

********************************************
/md5start
vrlogon.dll
/md5stop

********************************************

# Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
# Under the Custom Scan box paste the above in and then Quick Scan. I will need to see that log too.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP