Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus hijacked rootkits [Solved] [Closed]

Started by spiritboy3 , May 05 2010 08:29 AM

  • This topic is locked This topic is locked

#16
jwang01
Posted 06 May 2010 - 07:33 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok, I think your still infected with a rootkit. Let's run a fix here and get a fresh OTL log along with the extra's log.


Also, did you disable the UAC (User Account Control)?



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
:Services

:Reg

:Files
C:\Windows\System32\drivers\iaStor.sys|C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys /replace

:Commands
[purity]
[emptyflash]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL and under the Extra Registry section, select Use Safelist and hit the Run Scan button. Then post both OTL reports in your next reply.



Also, please let me know if you are still being redirected after you run the above fix. :)

Edited by jwang01, 06 May 2010 - 07:34 PM.

  • 0

Advertisements

#17
spiritboy3
Posted 06 May 2010 - 10:23 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
yes i disabled the UAC for a long time already.

OTL logfile created on: 5/6/2010 11:08:12 PM - Run 5
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\darren\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.93 Gb Total Space | 167.76 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 4.42 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARREN-PC
Current User Name: darren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\darren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\darren\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
SRV - (antivirwebservice) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
SRV - (AVEService) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...&M=P-6831FX

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/21 12:59:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 02:39:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 02:39:07 | 000,000,000 | ---D | M]

[2009/06/28 04:09:21 | 000,000,000 | ---D | M] -- C:\Users\darren\AppData\Roaming\Mozilla\Extensions
[2010/05/05 03:00:34 | 000,000,000 | ---D | M] -- C:\Users\darren\AppData\Roaming\Mozilla\Firefox\Profiles\81txr0cc.default\extensions
[2009/09/02 16:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\darren\AppData\Roaming\Mozilla\Firefox\Profiles\81txr0cc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/05 03:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/06 03:26:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Samsung\Samsung PC Studio 3\Update\Copyer.exe (TODO: <회사 이름>)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zon...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\darren\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\darren\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 23:02:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/06 16:49:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/06 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\darren\AppData\Local\temp
[2010/05/06 16:47:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/06 16:34:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/06 02:33:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/06 02:33:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/06 02:33:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/06 02:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/05 03:01:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\darren\Desktop\OTL.exe
[2010/04/19 17:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/04/19 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\darren\AppData\Local\IsolatedStorage
[2010/04/19 17:02:09 | 000,000,000 | ---D | C] -- C:\Users\darren\AppData\Roaming\PC Suite
[2010/04/19 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\darren\AppData\Roaming\Nokia
[2010/04/19 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\darren\AppData\Local\Nokia
[2010/04/19 17:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2010/04/19 16:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/04/19 16:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/19 16:59:14 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/04/19 16:59:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/19 16:58:24 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/04/19 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/04/19 16:39:30 | 001,102,624 | ---- | C] (Nokia) -- C:\Users\darren\Desktop\SetupOviPlayer.exe
[2010/04/14 18:20:15 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 18:20:14 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 18:17:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 18:08:02 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

========== Files - Modified Within 30 Days ==========

[2010/05/06 23:13:18 | 003,932,160 | -HS- | M] () -- C:\Users\darren\NTUSER.DAT
[2010/05/06 23:05:50 | 000,179,894 | ---- | M] () -- C:\Users\darren\AppData\Roaming\nvModes.001
[2010/05/06 23:05:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 23:05:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 23:05:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 23:05:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 23:04:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/06 23:04:38 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 23:03:45 | 000,703,078 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/06 23:03:45 | 000,604,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/06 23:03:45 | 000,104,740 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 23:03:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/06 23:03:29 | 000,524,288 | -HS- | M] () -- C:\Users\darren\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 23:03:29 | 000,065,536 | -HS- | M] () -- C:\Users\darren\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 22:58:08 | 331,651,733 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 21:26:44 | 001,768,027 | -H-- | M] () -- C:\Users\darren\AppData\Local\IconCache.db
[2010/05/06 21:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 19:18:53 | 000,077,312 | ---- | M] () -- C:\Users\darren\Desktop\mbr.exe
[2010/05/06 16:44:51 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/06 15:47:36 | 003,683,491 | R--- | M] () -- C:\Users\darren\Desktop\cfc123.com
[2010/05/05 03:15:42 | 000,284,915 | ---- | M] () -- C:\Users\darren\Desktop\gmer.zip
[2010/05/05 03:01:20 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\darren\Desktop\OTL.exe
[2010/04/30 03:15:55 | 000,002,443 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 17:24:01 | 000,313,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/23 03:53:15 | 005,534,283 | ---- | M] () -- C:\Users\darren\Documents\Big_Bang_-_Lies.mp3
[2010/04/19 17:05:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/04/19 17:02:13 | 000,075,336 | ---- | M] () -- C:\Users\darren\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/19 16:39:30 | 001,102,624 | ---- | M] (Nokia) -- C:\Users\darren\Desktop\SetupOviPlayer.exe
[2010/04/17 23:23:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2010/05/06 19:18:52 | 000,077,312 | ---- | C] () -- C:\Users\darren\Desktop\mbr.exe
[2010/05/06 18:10:00 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/06 02:33:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/06 02:33:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/06 02:33:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/06 02:33:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/06 02:29:23 | 003,683,491 | R--- | C] () -- C:\Users\darren\Desktop\cfc123.com
[2010/05/05 03:19:35 | 331,651,733 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/05 03:15:41 | 000,284,915 | ---- | C] () -- C:\Users\darren\Desktop\gmer.zip
[2010/04/19 17:05:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/04/19 17:00:15 | 000,002,443 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Player.lnk
[2010/04/17 23:23:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/05/29 22:56:19 | 000,000,124 | ---- | C] () -- C:\Windows\Peter's Go.ini
[2009/05/15 01:59:40 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/11/30 15:35:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/06/25 14:26:09 | 000,000,022 | ---- | C] () -- C:\Windows\msnmsgr.exe.ini
[2008/03/18 14:01:16 | 000,088,064 | ---- | C] () -- C:\Windows\System32\wiascanprofiles.dll
[2008/03/18 14:01:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\msident.dll
[2008/03/18 14:01:05 | 000,022,016 | ---- | C] () -- C:\Windows\System32\mtxdm.dll
[2008/03/18 14:01:02 | 000,008,704 | ---- | C] () -- C:\Windows\System32\rdpcfgex.dll
[2008/01/30 15:54:55 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/01/28 16:37:48 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/01/16 16:32:54 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/12/14 21:58:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/17 14:38:25 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/03/29 15:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:34:33 | 000,062,976 | ---- | C] () -- C:\Windows\System32\dmcompos.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Unicode (All) ==========
[2010/04/30 03:19:38 | 004,764,011 | ---- | M] ()(C:\Users\darren\Documents\??_-_???.mp3) -- C:\Users\darren\Documents\丁噹_-_我愛他.mp3
[2010/04/30 03:11:40 | 004,764,011 | ---- | C] ()(C:\Users\darren\Documents\??_-_???.mp3) -- C:\Users\darren\Documents\丁噹_-_我愛他.mp3
< End of report >


Extra

OTL Extras logfile created on: 5/6/2010 11:08:12 PM - Run 5
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\darren\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.93 Gb Total Space | 167.76 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
Drive D: | 10.95 Gb Total Space | 4.42 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARREN-PC
Current User Name: darren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3710337376-2023892170-4260369935-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119A20D6-66D6-4982-9BA7-EA3B15E61151}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6635CE0E-CC1A-4517-A6E4-011FD048E8A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{775992FF-F19E-45ED-91EC-594F4843B909}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8DF6ED5D-38AB-4EB1-9396-F4ED730A370C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9EF38FEF-0F85-4246-9E54-C18751AABBD7}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D39BD8B-5D1B-487D-BF19-12741E99E6C9}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{16336E58-5027-4AE2-9E2E-35F25D6E153E}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{55D7AE21-3828-4B64-83B2-72691B242024}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{721BCE88-9B1E-435E-A53D-F7E6BD02B0FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{737D456D-33AB-46D2-BEDD-99AF565770B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7BBEE90E-15F9-4301-BE16-5685364DD29A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8E5BA458-01E4-4C63-A71A-4EE9898C2425}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{90AF7CB2-80F2-4656-BC71-1E459B72BE94}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{2B56A526-346E-45C9-B5D0-0B0B14976C2C}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{5BA78F8A-E2BB-4557-9806-2551651C8259}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{5D26D8FD-DC85-46E0-8757-26B4EB4D842D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{69FAF9BD-2D42-4E55-8E19-0A8A35072E5B}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{6F9AD62E-8E23-4F87-999D-7BB267786BD2}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{7088BB01-8232-4347-B73C-98D2B06EED4C}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{796D9912-7696-40D0-9F74-5AAFD1FD4E52}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{9CF59C82-AA9A-4DDC-918C-956020AC2C3D}C:\rohan_global\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan_global\rohanclient.exe |
"TCP Query User{B60F3D30-E0AA-4CDC-96C4-3B6A101C1FA6}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{B82E4807-EFAB-4F6D-9FDE-7FC0FB19E7F1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B8B40537-7D14-4199-93C9-CA00586870D4}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"TCP Query User{BB13EB80-758D-4FD7-9DEA-29BFD2FFB435}C:\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan\rohanclient.exe |
"TCP Query User{C14D92D9-4D84-4191-9B1C-41E758132D85}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{C95E3996-305C-4C85-8C05-634B02011351}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{CD013816-A65E-434B-B79D-DCE7C329BC38}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{CD443AD9-201D-44E1-96ED-5D4026C98E15}C:\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan\rohanclient.exe |
"TCP Query User{E7513FF0-9D2A-40EE-9B02-3BF0F85720D9}C:\rohan_global\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan_global\rohanclient.exe |
"TCP Query User{F605459D-A4C5-4905-9844-26BFA027481B}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{19E0CED6-7ABE-4A4B-ACC5-DE8F4CBA4663}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{23E5D19E-7CEF-4E2E-8507-C72BAA391C4B}C:\rohan_global\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan_global\rohanclient.exe |
"UDP Query User{5BEB1E81-B131-4421-89C4-518C03E06DD5}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{5FE78F8A-6DBE-4F15-8B74-FA78F1C83616}C:\rohan_global\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan_global\rohanclient.exe |
"UDP Query User{708AD75B-55E2-434E-9DA0-04C90652B520}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{72580E6F-0267-49B7-8CA8-FB38222CDB20}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{74412D35-E5B6-48B8-864C-8DB5EF3C3FB0}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{7FFFFD91-5433-43C1-A7DA-15E8BAAA1D09}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{854C00DE-AF83-4C61-9ADA-7A533F9D19B0}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"UDP Query User{8AD853E6-DC25-4FD7-9812-3656BFAC2BC2}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"UDP Query User{9D492D41-FF7B-4A12-B66B-505E486E9003}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{A1AA2D08-85AF-47F8-9A44-5DF6EEC8F3CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A36BBEF8-C8FA-414B-A3A4-359C992A02D2}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{A390E6B0-CF82-4339-A8F5-2E1335627058}C:\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan\rohanclient.exe |
"UDP Query User{AAEB8548-E63E-48F7-BDD2-F9D24F7EBE1B}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{B45EB74D-2377-4139-874A-A9E0007539D7}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{C62213F9-B1E7-40CB-8D85-983F1D09B2F6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{CAA85582-98C8-4369-AB01-E123955BFED4}C:\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan\rohanclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{10714D98-9546-46EA-9E28-96B13B697642}" = Samsung PC Studio 3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}" = Install(US)2
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"CCleaner" = CCleaner (remove only)
"FantasyTennis" = FantasyTennis
"Google Desktop" = Google Desktop
"Gunbound Revolution_is1" = Gunbound Revolution
"Gunz" = ijji - Gunz
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Rohan_RBF" = Rohan_RBF
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Trickster Online" = Trickster Online
"WebCompass_is1" = WebCompass
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com" = ijji
"Leela lite 0.3.16" = Leela lite - the Go Program

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2009 7:36:56 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 2/27/2009 6:25:58 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 2/27/2009 11:05:43 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 3/1/2009 12:49:38 AM | Computer Name = darren-PC | Source = Application Error | ID = 1000
Description = Faulting application rounders.exe, version 1.0.0.0, time stamp 0x480de135,
faulting module MFC71.DLL, version 7.10.3077.0, time stamp 0x3e77fdfd, exception
code 0xc0000005, fault offset 0x00044ca5, process id 0x3e1c, application start time
0x01c99a25f7709db0.

Error - 3/2/2009 10:58:42 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 3/4/2009 2:04:25 AM | Computer Name = darren-PC | Source = Application Hang | ID = 1002
Description = The program rounders.exe version 1.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3128 Start Time: 01c99c8e2575b550 Termination Time: 173

Error - 3/6/2009 8:22:29 PM | Computer Name = darren-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 691c Start Time: 01c99eb7188f2d50 Termination Time: 195

Error - 3/10/2009 5:35:14 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 3/11/2009 9:41:18 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

Error - 3/11/2009 9:41:18 PM | Computer Name = darren-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest".Error
in manifest or policy file "C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe.Manifest"
on line 0. Invalid Xml syntax.

[ Media Center Events ]
Error - 9/12/2008 6:02:06 PM | Computer Name = darren-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 10/1/2008 7:39:05 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/2/2008 4:33:02 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/24/2008 6:48:01 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/20/2009 12:03:37 AM | Computer Name = darren-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 3/28/2009 1:36:47 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/23/2009 1:20:53 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:49:04 PM | Computer Name = darren-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/6/2010 7:10:36 PM | Computer Name = darren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/6/2010 7:11:16 PM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2010 8:32:49 PM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 5/6/2010 8:32:49 PM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 5/6/2010 9:19:23 PM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7016
Description =

Error - 5/6/2010 11:58:36 PM | Computer Name = darren-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:06 PM on 5/6/2010 was unexpected.

Error - 5/6/2010 11:58:52 PM | Computer Name = darren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/6/2010 11:59:34 PM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/7/2010 12:05:10 AM | Computer Name = darren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/7/2010 12:06:13 AM | Computer Name = darren-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Otl fix

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\System32\drivers\iaStor.sys successfully replaced with C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: darren
->Flash cache emptied: 2334739 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: darren
->Temp folder emptied: 995416 bytes
->Temporary Internet Files folder emptied: 1466643 bytes
->Java cache emptied: 1002654 bytes
->FireFox cache emptied: 35672246 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2394916 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05062010_230241

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


thanks
  • 0

#18
spiritboy3
Posted 06 May 2010 - 10:25 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
yes im still being redirected
  • 0

#19
jwang01
Posted 07 May 2010 - 01:48 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I'm still not seeing the root cause of the redirects. We need to try out some more things here.


Are you using a router? Are there other computers in your house that use the same internet connection? Are they being redirected as well?



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()
[2008/06/25 14:26:09 | 000,000,022 | ---- | C] () -- C:\Windows\msnmsgr.exe.ini

:Services

:Reg

:Files

:Commands
[purity]
[emptyflash]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next



Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#20
spiritboy3
Posted 07 May 2010 - 02:56 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
yes i use a router and yes theres more than one comp in the same internet connection. Will my other computer be affected by this virus cuz there might be important info on others.
  • 0

#21
jwang01
Posted 07 May 2010 - 02:59 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

yes i use a router and yes theres more than one comp in the same internet connection. Will my other computer be affected by this virus cuz there might be important info on others.

Is your other computer being redireced as well? I'm just trying to find out if possibly your router is the cause of the redirects. If that was the case, all the computers using that router would be getting redirected. :)

If thats not the case, I suspect that there is a rootkit still on board and we will need to track it down.

Edited by jwang01, 07 May 2010 - 03:00 PM.

  • 0

#22
spiritboy3
Posted 07 May 2010 - 04:05 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
umm i dont thinkk my other comp is redirected at least for not now.Anyways the scan stopped at the file C:\Windows\winsxs\Manifests\ for around 40 minutes... should i scan again or in safemode or is it normal? And what is the estimated time for the scan to finish? thanks
  • 0

#23
jwang01
Posted 07 May 2010 - 04:42 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I don't think it should take that long. Is it RootRepeal that is stuck? If so, go ahead and stop the scan. I will post some more instuctions shortly. :)
  • 0

#24
jwang01
Posted 07 May 2010 - 04:44 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Let's see if this tool will catch the rootkit.


  • Please download Norman TDSS Cleaner and save it to your desktop.
  • Then click on the program and run it.
  • Please post the log it produces in your next reply.

  • 0

#25
spiritboy3
Posted 07 May 2010 - 04:45 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
seems so,well im scanning for one more time and might give it 3-4hours,if its still stuck on the same file i doubt its gonna work, thanks
  • 0

Advertisements

#26
jwang01
Posted 07 May 2010 - 04:46 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I doubt it will work either. Go ahead and stop it and try the tool I posted in my last post. :)
  • 0

#27
spiritboy3
Posted 07 May 2010 - 05:28 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
hmm ok i'll do it later, btw do i have to right click and run as admin or its ok double clicking? thanks
  • 0

#28
jwang01
Posted 07 May 2010 - 05:34 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Go ahead and run it as an Administrator.

Edited by jwang01, 07 May 2010 - 05:34 PM.

  • 0

#29
spiritboy3
Posted 07 May 2010 - 10:41 PM

spiritboy3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
I ran the norman thing and it detects rootkit and i got bsod and after reboot nothing works(touchpad doesnt work, internet doesnt, graphic card doesnt,and cpu problems,and keyboard problem).It also said host process is closed(lucky i have a mouse to be able to move).Im gonna try everything (scans etc combofix).I also find that for the things that doesnt work theres one or more driver detail that comes from unknown and some could be roll back to previous.Wonder if i could delete them and roll back to previous driver.I think im ready to throw this comp away :)

Edited by spiritboy3, 07 May 2010 - 10:43 PM.

  • 0

#30
jwang01
Posted 08 May 2010 - 02:12 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

If your still having problems after running that tool, try and do a system restore and restore your computer to a previous date. Let me know if things are working again after do that. Some of the things that were removed already may come back as well, but we can clean that up again. :)


Also, did Norman produce a log?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP