Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help :(

Started by DieNamic , Nov 18 2010 01:23 AM

  • This topic is locked This topic is locked

#1
DieNamic
Posted 18 November 2010 - 01:23 AM

DieNamic

    Member

  • Member
  • PipPip
  • 11 posts
Hello there all you captains of industry and superheroes of the interwebs ;) I have a HUGE problem! Being a particularly nerdy individual myself I thought I could rid myself of this plague on my own but apparently not. I've decided to suck it up and come to you guys for some assistance. The problem is that I can't seem to update Windows, or update hardly any software for that matter such as Windows Defender. I followed the directions carefully and here is my OTL.Txt ... I haven't really had to run any anti virus software AT ALL up to this point, this is my first time having any sort of trouble since I first built my computer two years ago. I did have a driver problem (or rather still do have a driver problem) with my 4870x2 where I cannot update my driver without a BSOD every time I try to launch any type of multimedia, everything from a DirectX game to streaming from YouTube. To fix that problem I just reverted back to an older driver version that works for me. That likely has nothing to do with my current problem of what is likely to be a virus keeping me from updating Windows, but it is still something to think about. I did take some steps in order to resolve this problem on my own which was to download Panda Cloud Antivirus and run it, run Malwarebytes and to run ESET's Online Scanner. Panda Cloud Antivirus which I ran first detected absolutely no threats. Malwarebytes detected two threats dealing with Zango or something of that nature which were quickly disposed of. ESET detected I think 5 or 6 Trojans among other things and I quickly dispatched of those. I regret not keeping the logs from all that :D ;) That might have been helpful to you guys but unfortunately it didn't cross my mind. With that said, I hope someone will help me! I'll link you some cool electronic music or some 1920x1200 wallpapers to whoever can solve my problem! I'm a collector of both xD THANKS GUYS! ;)

OTL logfile created on: 11/18/2010 12:57:25 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 69.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.79 Gb Total Space | 90.64 Gb Free Space | 16.22% Space Free | Partition Type: NTFS

Computer Name: SILVERSTONE | User Name: Drew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 00:57:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/10/28 12:54:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/28 12:54:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/05/14 14:06:30 | 000,406,848 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/04/30 12:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/04/05 22:36:28 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/15 04:37:58 | 000,024,064 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/15 04:32:32 | 001,232,896 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 00:57:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/01/02 03:48:55 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2008/05/02 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/04/28 20:07:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/01 15:24:12 | 003,264,636 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/30 12:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/28 13:58:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/10 10:29:06 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/26 19:33:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/05/16 21:12:34 | 000,866,304 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2010/05/27 17:39:38 | 000,158,280 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2010/05/12 09:58:02 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2010/05/04 07:36:42 | 000,149,512 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\psinknc.sys -- (PSINKNC)
DRV:64bit: - [2010/04/30 12:46:40 | 000,121,864 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2010/04/30 12:46:38 | 000,114,696 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2009/12/11 15:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/12/11 13:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/05 23:44:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2009/10/07 08:48:08 | 000,067,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvsels64.sys -- (lvsels64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/22 02:58:28 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/22 02:58:28 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2009/07/22 02:58:20 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/22 02:58:20 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/07/22 02:58:10 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/22 02:58:10 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2009/07/22 02:57:52 | 001,622,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/22 02:57:42 | 001,577,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/22 02:57:28 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/22 02:57:06 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/22 02:56:58 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/22 02:56:46 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/22 02:56:30 | 000,698,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/22 02:56:22 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 09:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/05/30 13:06:23 | 000,018,984 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CrucialSMBusScan.sys -- (CrucialSMBusScan)
DRV:64bit: - [2009/04/28 21:32:10 | 005,357,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/04/23 23:43:18 | 000,110,904 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/12/17 00:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/12/07 14:52:18 | 000,015,872 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/05/06 00:36:50 | 000,211,464 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/03/13 01:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/18 23:25:08 | 000,172,584 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2007/10/11 19:58:26 | 001,381,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/10/31 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2004/12/31 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 FE 6A C5 8E 86 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/05 22:36:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 12:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 12:54:00 | 000,000,000 | ---D | M]

[2010/10/18 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Extensions
[2010/10/18 06:31:07 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hkcg8t65.default\extensions
[2010/10/18 06:31:07 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hkcg8t65.default\extensions\[email protected]
[2010/11/17 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions
[2010/10/20 17:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/20 09:41:56 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/10/28 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\[email protected]
[2010/11/13 19:53:40 | 000,000,931 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\searchplugins\dictionary.xml
[2010/11/17 12:57:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/19 17:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/03 16:25:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.70.172.13 207.70.128.209
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/24 09:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2010/10/19 18:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/19 17:59:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/19 17:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/19 17:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/19 17:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/07/15 04:40:40 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 00:45:07 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 00:45:07 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 12:51:30 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/17 12:51:30 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/17 12:51:30 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/17 12:45:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 12:45:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/11/17 02:19:18 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/17 02:19:18 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/17 02:19:18 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/04 12:42:03 | 016,723,421 | ---- | M] () -- C:\Users\Drew\Desktop\The Box is WTFXup.mp4
[2010/11/01 23:23:49 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/01 15:24:12 | 003,264,636 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/10/25 07:24:03 | 000,246,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/24 21:29:15 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/10/24 21:29:15 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010/10/19 11:25:19 | 000,026,359 | ---- | M] () -- C:\Users\Drew\Documents\some ole' [bleep].odt
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 12:39:28 | 016,723,421 | ---- | C] () -- C:\Users\Drew\Desktop\The Box is WTFXup.mp4
[2010/11/01 23:23:49 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/07/05 00:43:05 | 000,003,842 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010/06/30 15:54:39 | 000,000,680 | ---- | C] () -- C:\Users\Drew\AppData\Local\d3d9caps.dat
[2010/06/29 20:30:09 | 001,871,352 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_NET_Framework35_x64_MSI75F6.txt
[2010/06/29 20:29:15 | 000,158,100 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/06/29 20:29:04 | 000,393,690 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_dotnetfx35install.txt
[2010/06/29 20:29:04 | 000,006,036 | ---- | C] () -- C:\Users\Drew\AppData\Local\uxeventlog.txt
[2010/06/29 20:29:04 | 000,000,002 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_dotnetfx35error.txt
[2010/06/25 17:02:57 | 000,001,460 | ---- | C] () -- C:\Users\Drew\AppData\Local\d3d9caps64.dat
[2010/06/19 14:58:59 | 000,001,367 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/05 22:37:08 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/25 18:38:48 | 000,000,760 | ---- | C] () -- C:\Users\Drew\AppData\Roaming\setup_ldm.iss
[2009/12/10 20:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/10 20:24:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/17 21:19:46 | 000,001,048 | ---- | C] () -- C:\Windows\SysWow64\sk_bho.ini
[2009/07/15 05:26:54 | 000,029,644 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/07/15 04:38:02 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/06/08 07:39:36 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/04 13:15:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/05/26 19:17:18 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/26 18:13:31 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/26 18:13:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/26 17:52:23 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/04/05 19:16:33 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/02/26 18:00:58 | 000,000,131 | ---- | C] () -- C:\Windows\CRC.INI
[2009/02/19 16:28:02 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/12/07 17:20:13 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/07 14:44:21 | 000,034,221 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/11/20 12:32:40 | 005,527,385 | ---- | C] () -- C:\Windows\SysWow64\IDPRSig.dll
[2007/11/20 12:32:40 | 000,622,113 | ---- | C] () -- C:\Windows\SysWow64\IDPList.dll
[2007/11/20 12:32:40 | 000,013,772 | ---- | C] () -- C:\Windows\SysWow64\IDPImmData.dll
[2007/11/20 12:32:39 | 004,985,733 | ---- | C] () -- C:\Windows\SysWow64\IDPFSig.dll
[2007/11/20 12:32:39 | 000,343,272 | ---- | C] () -- C:\Windows\SysWow64\IDPESig.dll
[2007/11/20 12:32:39 | 000,002,380 | ---- | C] () -- C:\Windows\SysWow64\IDPBlkCoo.dll
[2007/11/20 12:32:39 | 000,000,162 | ---- | C] () -- C:\Windows\SysWow64\IDPCritProc.dll
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 18 November 2010 - 08:10 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O33 - MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:




OTL Custom Scan

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
DieNamic
Posted 18 November 2010 - 02:25 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 5555 removed from network.proxy.http_port
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f98bdf8-5c73-11df-a780-0023541d2cb2}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{971971ca-ca97-11de-bfa2-0023541d2cb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971971ca-ca97-11de-bfa2-0023541d2cb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{971971ca-ca97-11de-bfa2-0023541d2cb2}\ not found.
File E:\autorun.exe not found.
C:\Windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
File delete failed. C:\Windows\SysNative\SET159C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET15BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A33.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET952C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET956D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETA9EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETAA40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBCEE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBD01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE2EC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE408.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETED72.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETEE21.tmp scheduled to be deleted on reboot.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Drew
->Temp folder emptied: 1073 bytes
->Temporary Internet Files folder emptied: 22863764 bytes
->Java cache emptied: 50993296 bytes
->FireFox cache emptied: 203456720 bytes
->Flash cache emptied: 14240 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3062057 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257605 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 112892868 bytes

Total Files Cleaned = 375.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Drew
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11182010_135809

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET159C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET15BD.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET4A01.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET4A33.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET952C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET956D.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETA9EF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETAA40.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETBCEE.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETBD01.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE2EC.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE408.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETED72.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETEE21.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...










2010/11/18 14:03:32.0903 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/18 14:03:32.0903 ================================================================================
2010/11/18 14:03:32.0903 SystemInfo:
2010/11/18 14:03:32.0903
2010/11/18 14:03:32.0903 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/18 14:03:32.0903 Product type: Workstation
2010/11/18 14:03:32.0903 ComputerName: SILVERSTONE
2010/11/18 14:03:32.0903 UserName: Drew
2010/11/18 14:03:32.0903 Windows directory: C:\Windows
2010/11/18 14:03:32.0903 System windows directory: C:\Windows
2010/11/18 14:03:32.0903 Running under WOW64
2010/11/18 14:03:32.0903 Processor architecture: Intel x64
2010/11/18 14:03:32.0903 Number of processors: 4
2010/11/18 14:03:32.0903 Page size: 0x1000
2010/11/18 14:03:32.0903 Boot type: Normal boot
2010/11/18 14:03:32.0903 ================================================================================
2010/11/18 14:03:32.0903 Utility is running under WOW64
2010/11/18 14:03:35.0227 Initialize success
2010/11/18 14:03:39.0626 ================================================================================
2010/11/18 14:03:39.0626 Scan started
2010/11/18 14:03:39.0626 Mode: Manual;
2010/11/18 14:03:39.0626 ================================================================================
2010/11/18 14:03:40.0359 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/18 14:03:40.0422 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/18 14:03:40.0469 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/18 14:03:40.0562 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/18 14:03:40.0687 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/18 14:03:40.0734 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/18 14:03:40.0781 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/18 14:03:40.0812 ahcix64s (b2bb36482b43d55707a6426e3bf4381e) C:\Windows\system32\drivers\ahcix64s.sys
2010/11/18 14:03:40.0843 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/18 14:03:40.0874 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/11/18 14:03:40.0905 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/18 14:03:40.0952 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/18 14:03:41.0139 amdkmdag (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/11/18 14:03:41.0264 amdkmdap (91b89be832d436af257b91666bc32c30) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/18 14:03:41.0311 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
2010/11/18 14:03:41.0358 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/18 14:03:41.0373 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/18 14:03:41.0436 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/18 14:03:41.0467 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/18 14:03:41.0498 AtiHdmiService (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys
2010/11/18 14:03:41.0592 atikmdag (715e84b2fa3a78127345659815ebbedd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/18 14:03:41.0685 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/18 14:03:41.0717 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/18 14:03:41.0732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/18 14:03:41.0748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/18 14:03:41.0779 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/18 14:03:41.0810 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/18 14:03:41.0826 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/18 14:03:41.0888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/18 14:03:42.0278 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/18 14:03:42.0309 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/18 14:03:42.0372 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/18 14:03:42.0419 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/11/18 14:03:42.0465 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/18 14:03:42.0528 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/18 14:03:42.0543 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/11/18 14:03:42.0699 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2010/11/18 14:03:42.0731 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/18 14:03:43.0058 CrucialSMBusScan (02c86c005e8e9e0366b7491bf3ac86aa) C:\Windows\system32\drivers\CrucialSMBusScan.sys
2010/11/18 14:03:43.0058 Suspicious file (Forged): C:\Windows\system32\drivers\CrucialSMBusScan.sys. Real md5: 02c86c005e8e9e0366b7491bf3ac86aa, Fake md5: 12b40b0a3d347c9e3235688c43be2436
2010/11/18 14:03:43.0063 CrucialSMBusScan - detected Forged file (1)
2010/11/18 14:03:43.0148 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
2010/11/18 14:03:43.0208 CT20XUT (977f89fc1be6df030e7de2a0aa783a9a) C:\Windows\system32\drivers\CT20XUT.SYS
2010/11/18 14:03:43.0238 CT20XUT.SYS (977f89fc1be6df030e7de2a0aa783a9a) C:\Windows\System32\drivers\CT20XUT.SYS
2010/11/18 14:03:43.0273 ctac32k (06f0bca7e74b3aefe7915f8c8a5f8c8f) C:\Windows\system32\drivers\ctac32k.sys
2010/11/18 14:03:43.0318 ctaud2k (33d33b872e23aba340c7c3b778b6a5b4) C:\Windows\system32\drivers\ctaud2k.sys
2010/11/18 14:03:43.0368 CTEXFIFX (db70a4c9859316e7d5588dd6fa748400) C:\Windows\system32\drivers\CTEXFIFX.SYS
2010/11/18 14:03:43.0438 CTEXFIFX.SYS (db70a4c9859316e7d5588dd6fa748400) C:\Windows\System32\drivers\CTEXFIFX.SYS
2010/11/18 14:03:43.0463 CTHWIUT (d917bd60450c51dd732e0e5bc98e5693) C:\Windows\system32\drivers\CTHWIUT.SYS
2010/11/18 14:03:43.0473 CTHWIUT.SYS (d917bd60450c51dd732e0e5bc98e5693) C:\Windows\System32\drivers\CTHWIUT.SYS
2010/11/18 14:03:43.0488 ctprxy2k (1f268a51d0a4f0685b35d3298eaed927) C:\Windows\system32\drivers\ctprxy2k.sys
2010/11/18 14:03:43.0558 ctsfm2k (d67a3416820c3be29c2c213702eb7386) C:\Windows\system32\drivers\ctsfm2k.sys
2010/11/18 14:03:43.0633 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/18 14:03:43.0678 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/18 14:03:43.0743 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/18 14:03:43.0863 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/18 14:03:43.0898 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/18 14:03:43.0933 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/18 14:03:43.0963 EIO64 (be9eeea2a8cac5f6cd92c97f234e2fe1) C:\Windows\system32\DRIVERS\EIO64.sys
2010/11/18 14:03:43.0988 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/18 14:03:44.0033 emupia (8eb1229e57589aabff4310c9f39b8668) C:\Windows\system32\drivers\emupia2k.sys
2010/11/18 14:03:44.0073 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2010/11/18 14:03:44.0088 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/18 14:03:44.0138 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/18 14:03:44.0173 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/18 14:03:44.0218 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/18 14:03:44.0233 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/18 14:03:44.0253 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/18 14:03:44.0263 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/18 14:03:44.0288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/18 14:03:44.0328 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/18 14:03:44.0353 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/18 14:03:44.0373 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/18 14:03:44.0413 ha20x22k (353f1c92121eea28c00332dacc9e0205) C:\Windows\system32\drivers\ha20x22k.sys
2010/11/18 14:03:44.0453 ha20x2k (e9f11d91769a2483cff2eb4d96c250a5) C:\Windows\system32\drivers\ha20x2k.sys
2010/11/18 14:03:44.0533 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2010/11/18 14:03:44.0573 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/18 14:03:44.0613 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/18 14:03:44.0623 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/11/18 14:03:44.0648 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/18 14:03:44.0683 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/18 14:03:44.0733 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/18 14:03:44.0763 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/18 14:03:44.0803 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/18 14:03:44.0828 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/18 14:03:44.0873 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/18 14:03:44.0893 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/18 14:03:44.0913 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/18 14:03:44.0953 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/18 14:03:44.0988 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/18 14:03:45.0008 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/18 14:03:45.0028 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/18 14:03:45.0048 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/18 14:03:45.0073 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/18 14:03:45.0088 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/18 14:03:45.0108 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/18 14:03:45.0123 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/18 14:03:45.0143 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/18 14:03:45.0198 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/18 14:03:45.0228 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/18 14:03:45.0258 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2010/11/18 14:03:45.0293 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/18 14:03:45.0313 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/18 14:03:45.0343 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/18 14:03:45.0363 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/18 14:03:45.0388 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/18 14:03:45.0403 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/18 14:03:45.0418 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/18 14:03:45.0483 lvpopf64 (70f452363ec50149697b0df4fc3cf171) C:\Windows\system32\DRIVERS\lvpopf64.sys
2010/11/18 14:03:45.0548 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/11/18 14:03:45.0568 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/11/18 14:03:45.0613 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/11/18 14:03:45.0633 lvsels64 (99bcd802fe1c480e94dcb29d904f56cc) C:\Windows\system32\DRIVERS\lvsels64.sys
2010/11/18 14:03:45.0693 LVUSBS64 (f1cc5f4341df18da482531e55e0bb074) C:\Windows\system32\drivers\LVUSBS64.sys
2010/11/18 14:03:45.0918 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2010/11/18 14:03:46.0113 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
2010/11/18 14:03:46.0183 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/18 14:03:46.0218 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/18 14:03:46.0253 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/18 14:03:46.0283 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/18 14:03:46.0298 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/18 14:03:46.0313 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/18 14:03:46.0328 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/18 14:03:46.0348 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/18 14:03:46.0368 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/18 14:03:46.0388 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/18 14:03:46.0413 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/18 14:03:46.0433 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/18 14:03:46.0453 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/18 14:03:46.0493 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/18 14:03:46.0503 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/11/18 14:03:46.0518 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/18 14:03:46.0553 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/18 14:03:46.0578 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/18 14:03:46.0618 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/18 14:03:46.0633 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/18 14:03:46.0658 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/18 14:03:46.0673 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/18 14:03:46.0698 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/18 14:03:46.0713 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/18 14:03:46.0733 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/11/18 14:03:46.0748 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/18 14:03:46.0768 mv61xx (9ddc6ff08623d52c1ebc9e8c7b13cb50) C:\Windows\system32\drivers\mv61xx.sys
2010/11/18 14:03:46.0853 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/18 14:03:46.0878 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/18 14:03:46.0908 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/18 14:03:46.0923 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/18 14:03:46.0943 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/18 14:03:46.0963 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/18 14:03:46.0988 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/18 14:03:47.0013 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/18 14:03:47.0053 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/18 14:03:47.0078 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/18 14:03:47.0108 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/18 14:03:47.0148 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/18 14:03:47.0183 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/18 14:03:47.0203 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/18 14:03:47.0218 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/18 14:03:47.0243 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/18 14:03:47.0308 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/18 14:03:47.0343 ossrv (a543e6cb11118398d098e222ee20f281) C:\Windows\system32\drivers\ctoss2k.sys
2010/11/18 14:03:47.0368 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/18 14:03:47.0393 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/18 14:03:47.0448 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
2010/11/18 14:03:47.0493 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/18 14:03:47.0518 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/11/18 14:03:47.0533 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/18 14:03:47.0568 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/18 14:03:47.0648 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/18 14:03:47.0663 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2010/11/18 14:03:47.0693 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/18 14:03:47.0738 PSINAflt (e1fa774421134c59561292248694de86) C:\Windows\system32\DRIVERS\PSINAflt.sys
2010/11/18 14:03:47.0763 PSINFile (fd4e3926b5999e188f6068d3f375ff48) C:\Windows\system32\DRIVERS\PSINFile.sys
2010/11/18 14:03:47.0778 PSINKNC (260ad37cff5a38aab4341ec3b4285147) C:\Windows\system32\DRIVERS\psinknc.sys
2010/11/18 14:03:47.0788 PSINProc (692af36308a2d9f8fb94248d6136bc69) C:\Windows\system32\DRIVERS\PSINProc.sys
2010/11/18 14:03:47.0813 PSINProt (d8207c9e9433147f3cc071ea5d2a02bd) C:\Windows\system32\DRIVERS\PSINProt.sys
2010/11/18 14:03:47.0853 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/18 14:03:47.0888 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/18 14:03:47.0908 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/18 14:03:47.0923 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/18 14:03:47.0953 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/18 14:03:47.0978 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/18 14:03:48.0003 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/18 14:03:48.0023 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/18 14:03:48.0043 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/18 14:03:48.0068 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/18 14:03:48.0088 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/18 14:03:48.0128 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/18 14:03:48.0163 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/18 14:03:48.0188 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/18 14:03:48.0208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/18 14:03:48.0233 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/18 14:03:48.0268 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/11/18 14:03:48.0293 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/18 14:03:48.0348 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/11/18 14:03:48.0363 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/18 14:03:48.0378 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/18 14:03:48.0398 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/18 14:03:48.0418 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/18 14:03:48.0438 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/18 14:03:48.0468 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/18 14:03:48.0493 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/18 14:03:48.0563 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/11/18 14:03:48.0563 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/11/18 14:03:48.0568 sptd - detected Locked file (1)
2010/11/18 14:03:48.0588 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/11/18 14:03:48.0618 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/18 14:03:48.0638 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/18 14:03:48.0663 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/18 14:03:48.0688 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/18 14:03:48.0708 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/18 14:03:48.0728 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/18 14:03:48.0773 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/18 14:03:48.0858 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/18 14:03:48.0888 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/18 14:03:48.0918 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/18 14:03:48.0933 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/18 14:03:48.0963 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/18 14:03:48.0983 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/18 14:03:49.0018 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/18 14:03:49.0028 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/18 14:03:49.0053 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/18 14:03:49.0073 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/18 14:03:49.0123 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/18 14:03:49.0158 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/18 14:03:49.0173 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/18 14:03:49.0183 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/18 14:03:49.0203 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/18 14:03:49.0243 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/18 14:03:49.0278 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/11/18 14:03:49.0303 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/18 14:03:49.0333 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/18 14:03:49.0378 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/18 14:03:49.0398 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/18 14:03:49.0413 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/18 14:03:49.0428 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/18 14:03:49.0453 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/18 14:03:49.0468 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/18 14:03:49.0488 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/18 14:03:49.0508 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/18 14:03:49.0523 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/18 14:03:49.0543 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/18 14:03:49.0558 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/18 14:03:49.0608 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/18 14:03:49.0638 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/18 14:03:49.0653 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/18 14:03:49.0678 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/18 14:03:49.0713 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 14:03:49.0723 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 14:03:49.0743 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/18 14:03:49.0768 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/18 14:03:49.0858 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/18 14:03:49.0898 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/18 14:03:49.0918 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/18 14:03:49.0958 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/18 14:03:49.0983 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
2010/11/18 14:03:50.0008 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2010/11/18 14:03:50.0038 ================================================================================
2010/11/18 14:03:50.0038 Scan finished
2010/11/18 14:03:50.0038 ================================================================================
2010/11/18 14:03:50.0043 Detected object count: 2
2010/11/18 14:04:17.0478 Forged file(CrucialSMBusScan) - User select action: Skip
2010/11/18 14:04:17.0483 Locked file(sptd) - User select action: Skip
2010/11/18 14:04:28.0353 ================================================================================
2010/11/18 14:04:28.0353 Scan started
2010/11/18 14:04:28.0353 Mode: Manual;
2010/11/18 14:04:28.0353 ================================================================================
2010/11/18 14:04:28.0703 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/18 14:04:28.0738 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/18 14:04:28.0763 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/18 14:04:28.0793 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/18 14:04:28.0808 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/18 14:04:28.0843 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/18 14:04:28.0858 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/18 14:04:28.0888 ahcix64s (b2bb36482b43d55707a6426e3bf4381e) C:\Windows\system32\drivers\ahcix64s.sys
2010/11/18 14:04:28.0913 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/18 14:04:28.0933 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/11/18 14:04:28.0948 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/18 14:04:28.0963 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/18 14:04:29.0053 amdkmdag (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/11/18 14:04:29.0113 amdkmdap (91b89be832d436af257b91666bc32c30) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/18 14:04:29.0128 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
2010/11/18 14:04:29.0153 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/18 14:04:29.0173 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/18 14:04:29.0218 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/18 14:04:29.0238 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/18 14:04:29.0268 AtiHdmiService (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys
2010/11/18 14:04:29.0348 atikmdag (715e84b2fa3a78127345659815ebbedd) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/18 14:04:29.0423 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/18 14:04:29.0433 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/18 14:04:29.0453 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/18 14:04:29.0468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/18 14:04:29.0488 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/18 14:04:29.0513 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/18 14:04:29.0548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/18 14:04:29.0568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/18 14:04:29.0583 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/18 14:04:29.0603 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/18 14:04:29.0623 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/18 14:04:29.0643 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/11/18 14:04:29.0663 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/18 14:04:29.0698 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/18 14:04:29.0713 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/11/18 14:04:29.0793 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2010/11/18 14:04:29.0803 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/18 14:04:29.0833 CrucialSMBusScan (02c86c005e8e9e0366b7491bf3ac86aa) C:\Windows\system32\drivers\CrucialSMBusScan.sys
2010/11/18 14:04:29.0833 Suspicious file (Forged): C:\Windows\system32\drivers\CrucialSMBusScan.sys. Real md5: 02c86c005e8e9e0366b7491bf3ac86aa, Fake md5: 12b40b0a3d347c9e3235688c43be2436
2010/11/18 14:04:29.0838 CrucialSMBusScan - detected Forged file (1)
2010/11/18 14:04:29.0868 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
2010/11/18 14:04:29.0893 CT20XUT (977f89fc1be6df030e7de2a0aa783a9a) C:\Windows\system32\drivers\CT20XUT.SYS
2010/11/18 14:04:29.0923 CT20XUT.SYS (977f89fc1be6df030e7de2a0aa783a9a) C:\Windows\System32\drivers\CT20XUT.SYS
2010/11/18 14:04:29.0948 ctac32k (06f0bca7e74b3aefe7915f8c8a5f8c8f) C:\Windows\system32\drivers\ctac32k.sys
2010/11/18 14:04:29.0983 ctaud2k (33d33b872e23aba340c7c3b778b6a5b4) C:\Windows\system32\drivers\ctaud2k.sys
2010/11/18 14:04:30.0023 CTEXFIFX (db70a4c9859316e7d5588dd6fa748400) C:\Windows\system32\drivers\CTEXFIFX.SYS
2010/11/18 14:04:30.0058 CTEXFIFX.SYS (db70a4c9859316e7d5588dd6fa748400) C:\Windows\System32\drivers\CTEXFIFX.SYS
2010/11/18 14:04:30.0098 CTHWIUT (d917bd60450c51dd732e0e5bc98e5693) C:\Windows\system32\drivers\CTHWIUT.SYS
2010/11/18 14:04:30.0108 CTHWIUT.SYS (d917bd60450c51dd732e0e5bc98e5693) C:\Windows\System32\drivers\CTHWIUT.SYS
2010/11/18 14:04:30.0123 ctprxy2k (1f268a51d0a4f0685b35d3298eaed927) C:\Windows\system32\drivers\ctprxy2k.sys
2010/11/18 14:04:30.0143 ctsfm2k (d67a3416820c3be29c2c213702eb7386) C:\Windows\system32\drivers\ctsfm2k.sys
2010/11/18 14:04:30.0173 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/18 14:04:30.0218 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/18 14:04:30.0248 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/18 14:04:30.0318 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/18 14:04:30.0348 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/18 14:04:30.0373 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/18 14:04:30.0403 EIO64 (be9eeea2a8cac5f6cd92c97f234e2fe1) C:\Windows\system32\DRIVERS\EIO64.sys
2010/11/18 14:04:30.0423 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/18 14:04:30.0448 emupia (8eb1229e57589aabff4310c9f39b8668) C:\Windows\system32\drivers\emupia2k.sys
2010/11/18 14:04:30.0468 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2010/11/18 14:04:30.0478 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/18 14:04:30.0528 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/18 14:04:30.0558 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/18 14:04:30.0578 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/18 14:04:30.0598 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/18 14:04:30.0613 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/18 14:04:30.0623 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/18 14:04:30.0648 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/18 14:04:30.0678 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/18 14:04:30.0693 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/18 14:04:30.0703 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/18 14:04:30.0743 ha20x22k (353f1c92121eea28c00332dacc9e0205) C:\Windows\system32\drivers\ha20x22k.sys
2010/11/18 14:04:30.0783 ha20x2k (e9f11d91769a2483cff2eb4d96c250a5) C:\Windows\system32\drivers\ha20x2k.sys
2010/11/18 14:04:30.0838 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2010/11/18 14:04:30.0928 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/18 14:04:31.0043 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/18 14:04:31.0083 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/11/18 14:04:31.0123 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/18 14:04:31.0168 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/18 14:04:31.0228 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/18 14:04:31.0248 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/18 14:04:31.0268 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/18 14:04:31.0338 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/18 14:04:31.0363 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/18 14:04:31.0383 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/18 14:04:31.0403 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/18 14:04:31.0433 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/18 14:04:31.0493 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/18 14:04:31.0523 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/18 14:04:31.0563 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/18 14:04:31.0588 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/18 14:04:31.0698 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/18 14:04:31.0713 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/18 14:04:31.0743 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/18 14:04:31.0758 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/18 14:04:31.0783 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/18 14:04:31.0813 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/18 14:04:31.0828 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/18 14:04:31.0858 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2010/11/18 14:04:31.0908 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/18 14:04:31.0943 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/18 14:04:31.0973 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/18 14:04:31.0993 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/18 14:04:32.0013 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/18 14:04:32.0023 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/18 14:04:32.0063 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/18 14:04:32.0108 lvpopf64 (70f452363ec50149697b0df4fc3cf171) C:\Windows\system32\DRIVERS\lvpopf64.sys
2010/11/18 14:04:32.0203 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/11/18 14:04:32.0213 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2010/11/18 14:04:32.0258 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2010/11/18 14:04:32.0288 lvsels64 (99bcd802fe1c480e94dcb29d904f56cc) C:\Windows\system32\DRIVERS\lvsels64.sys
2010/11/18 14:04:32.0303 LVUSBS64 (f1cc5f4341df18da482531e55e0bb074) C:\Windows\system32\drivers\LVUSBS64.sys
2010/11/18 14:04:32.0478 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2010/11/18 14:04:32.0553 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
2010/11/18 14:04:32.0583 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/18 14:04:32.0608 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/18 14:04:32.0623 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/18 14:04:32.0648 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/18 14:04:32.0703 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/18 14:04:32.0728 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/18 14:04:32.0743 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/18 14:04:32.0768 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/18 14:04:32.0788 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/18 14:04:32.0808 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/18 14:04:32.0833 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/18 14:04:32.0868 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/18 14:04:32.0903 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/18 14:04:32.0923 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/18 14:04:32.0943 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/11/18 14:04:32.0963 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/18 14:04:32.0993 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/18 14:04:33.0013 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/18 14:04:33.0038 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/18 14:04:33.0053 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/18 14:04:33.0073 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/18 14:04:33.0103 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/18 14:04:33.0123 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/18 14:04:33.0138 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/18 14:04:33.0193 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/11/18 14:04:33.0213 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/18 14:04:33.0248 mv61xx (9ddc6ff08623d52c1ebc9e8c7b13cb50) C:\Windows\system32\drivers\mv61xx.sys
2010/11/18 14:04:33.0303 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/18 14:04:33.0333 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/18 14:04:33.0353 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/18 14:04:33.0373 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/18 14:04:33.0393 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/18 14:04:33.0408 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/18 14:04:33.0423 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/18 14:04:33.0453 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/18 14:04:33.0483 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/18 14:04:33.0508 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/18 14:04:33.0543 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/18 14:04:33.0578 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/18 14:04:33.0603 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/18 14:04:33.0623 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/18 14:04:33.0638 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/18 14:04:33.0663 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/18 14:04:33.0708 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/18 14:04:33.0733 ossrv (a543e6cb11118398d098e222ee20f281) C:\Windows\system32\drivers\ctoss2k.sys
2010/11/18 14:04:33.0758 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/18 14:04:33.0783 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/18 14:04:33.0818 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
2010/11/18 14:04:33.0848 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/18 14:04:33.0868 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/11/18 14:04:33.0888 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/18 14:04:33.0923 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/18 14:04:33.0998 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/18 14:04:34.0023 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2010/11/18 14:04:34.0058 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/18 14:04:34.0088 PSINAflt (e1fa774421134c59561292248694de86) C:\Windows\system32\DRIVERS\PSINAflt.sys
2010/11/18 14:04:34.0113 PSINFile (fd4e3926b5999e188f6068d3f375ff48) C:\Windows\system32\DRIVERS\PSINFile.sys
2010/11/18 14:04:34.0143 PSINKNC (260ad37cff5a38aab4341ec3b4285147) C:\Windows\system32\DRIVERS\psinknc.sys
2010/11/18 14:04:34.0158 PSINProc (692af36308a2d9f8fb94248d6136bc69) C:\Windows\system32\DRIVERS\PSINProc.sys
2010/11/18 14:04:34.0173 PSINProt (d8207c9e9433147f3cc071ea5d2a02bd) C:\Windows\system32\DRIVERS\PSINProt.sys
2010/11/18 14:04:34.0228 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/18 14:04:34.0258 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/18 14:04:34.0278 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/18 14:04:34.0298 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/18 14:04:34.0318 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/18 14:04:34.0343 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/18 14:04:34.0368 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/18 14:04:34.0383 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/18 14:04:34.0408 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/18 14:04:34.0433 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/18 14:04:34.0453 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/18 14:04:34.0478 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/18 14:04:34.0508 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/18 14:04:34.0528 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/18 14:04:34.0553 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/18 14:04:34.0578 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/18 14:04:34.0603 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/11/18 14:04:34.0618 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/18 14:04:34.0653 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/11/18 14:04:34.0668 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/18 14:04:34.0698 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/18 14:04:34.0718 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/18 14:04:34.0743 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/18 14:04:34.0758 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/18 14:04:34.0793 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/18 14:04:34.0823 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/18 14:04:34.0863 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/11/18 14:04:34.0863 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/11/18 14:04:34.0868 sptd - detected Locked file (1)
2010/11/18 14:04:34.0888 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/11/18 14:04:34.0928 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/18 14:04:34.0948 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/18 14:04:34.0973 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/18 14:04:34.0998 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/18 14:04:35.0013 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/18 14:04:35.0033 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/18 14:04:35.0078 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/18 14:04:35.0123 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/18 14:04:35.0148 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/18 14:04:35.0163 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/18 14:04:35.0183 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/18 14:04:35.0198 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/18 14:04:35.0213 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/18 14:04:35.0253 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/18 14:04:35.0263 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/18 14:04:35.0283 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/18 14:04:35.0313 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/18 14:04:35.0333 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/18 14:04:35.0358 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/18 14:04:35.0373 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/18 14:04:35.0388 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/18 14:04:35.0408 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/18 14:04:35.0423 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/18 14:04:35.0458 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/11/18 14:04:35.0483 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/18 14:04:35.0503 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/18 14:04:35.0528 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/18 14:04:35.0548 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/18 14:04:35.0568 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/18 14:04:35.0578 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/18 14:04:35.0603 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/18 14:04:35.0623 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/18 14:04:35.0633 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/18 14:04:35.0653 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/18 14:04:35.0668 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/18 14:04:35.0678 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/18 14:04:35.0693 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/18 14:04:35.0728 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/18 14:04:35.0753 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/18 14:04:35.0783 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/18 14:04:35.0808 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/18 14:04:35.0828 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 14:04:35.0838 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/18 14:04:35.0858 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/18 14:04:35.0888 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/18 14:04:35.0958 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/18 14:04:35.0998 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/18 14:04:36.0023 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/18 14:04:36.0053 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/18 14:04:36.0088 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
2010/11/18 14:04:36.0118 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2010/11/18 14:04:36.0143 ================================================================================
2010/11/18 14:04:36.0143 Scan finished
2010/11/18 14:04:36.0143 ================================================================================
2010/11/18 14:04:36.0153 Detected object count: 2
2010/11/18 14:05:14.0658 Forged file(CrucialSMBusScan) - User select action: Skip
2010/11/18 14:05:14.0663 Locked file(sptd) - User select action: Skip




OTL logfile created on: 11/18/2010 2:15:49 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.79 Gb Total Space | 88.61 Gb Free Space | 15.86% Space Free | Partition Type: NTFS

Computer Name: SILVERSTONE | User Name: Drew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 00:57:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/10/28 12:54:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 14:06:30 | 000,406,848 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/04/30 12:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/04/05 22:36:28 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/15 04:37:58 | 000,024,064 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/15 04:32:32 | 001,232,896 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 00:57:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/01/02 03:48:55 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/09/30 19:02:17 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009/04/11 00:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll
MOD - [2009/04/11 00:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/04/11 00:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008/05/02 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008/01/20 20:50:15 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/04/28 20:07:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/01 15:24:12 | 003,264,636 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/30 12:47:30 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/28 13:58:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/10 10:29:06 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/26 19:33:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/05/16 21:12:34 | 000,866,304 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2010/05/27 17:39:38 | 000,158,280 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2010/05/12 09:58:02 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2010/05/04 07:36:42 | 000,149,512 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\psinknc.sys -- (PSINKNC)
DRV:64bit: - [2010/04/30 12:46:40 | 000,121,864 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2010/04/30 12:46:38 | 000,114,696 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2009/12/11 15:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/12/11 13:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/05 23:44:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2009/10/07 08:48:08 | 000,067,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvsels64.sys -- (lvsels64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/22 02:58:28 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/22 02:58:28 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2009/07/22 02:58:20 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/22 02:58:20 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2009/07/22 02:58:10 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/22 02:58:10 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2009/07/22 02:57:52 | 001,622,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/22 02:57:42 | 001,577,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/22 02:57:28 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/22 02:57:06 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/22 02:56:58 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/22 02:56:46 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/22 02:56:30 | 000,698,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/22 02:56:22 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 09:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/05/30 13:06:23 | 000,018,984 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CrucialSMBusScan.sys -- (CrucialSMBusScan)
DRV:64bit: - [2009/04/28 21:32:10 | 005,357,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/04/23 23:43:18 | 000,110,904 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2008/12/17 00:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/12/07 14:52:18 | 000,015,872 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/05/06 00:36:50 | 000,211,464 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/03/13 01:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/18 23:25:08 | 000,172,584 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2007/10/11 19:58:26 | 001,381,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/10/31 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2004/12/31 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 FE 6A C5 8E 86 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 22:50:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/05 22:36:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 12:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 12:54:00 | 000,000,000 | ---D | M]

[2010/10/18 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Extensions
[2010/10/18 14:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/18 06:31:07 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hkcg8t65.default\extensions
[2010/10/18 06:31:07 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hkcg8t65.default\extensions\[email protected]
[2010/11/18 14:12:36 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions
[2010/10/20 17:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/20 09:41:56 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/10/28 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\extensions\[email protected]
[2010/11/13 19:53:40 | 000,000,931 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\udq4mxxr.default\searchplugins\dictionary.xml
[2010/11/18 14:12:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/28 12:54:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/19 17:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 12:53:59 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/28 12:53:59 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/11/24 14:35:00 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/03 16:25:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/10/28 12:54:00 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/05 22:36:40 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/05 22:36:45 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
[2010/04/05 22:36:39 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/09/14 14:41:42 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/14 14:41:42 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/14 14:41:42 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 14:41:42 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/14 14:41:42 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 14:41:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 14:41:42 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/18 13:58:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.70.172.13 207.70.128.209
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 13:58:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/17 07:24:22 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Drew\Desktop\TDSSKiller.exe
[2010/10/19 17:59:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/19 17:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/19 17:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/19 17:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/07/15 04:40:40 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 14:06:43 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/18 14:06:43 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/18 14:06:43 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/18 14:01:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 14:01:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/18 14:01:18 | 000,246,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/18 14:01:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/18 14:01:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/11/18 13:59:52 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/18 13:59:52 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/18 13:59:52 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Drew\Desktop\TDSSKiller.exe
[2010/11/04 12:42:03 | 016,723,421 | ---- | M] () -- C:\Users\Drew\Desktop\The Box is WTFXup.mp4
[2010/11/01 23:23:49 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/01 15:24:12 | 003,264,636 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/10/24 21:29:15 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010/10/24 21:29:15 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 12:39:28 | 016,723,421 | ---- | C] () -- C:\Users\Drew\Desktop\The Box is WTFXup.mp4
[2010/11/01 23:23:49 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/07/05 00:43:05 | 000,003,842 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010/06/30 15:54:39 | 000,000,680 | ---- | C] () -- C:\Users\Drew\AppData\Local\d3d9caps.dat
[2010/06/29 20:30:09 | 001,871,352 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_NET_Framework35_x64_MSI75F6.txt
[2010/06/29 20:29:15 | 000,158,100 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/06/29 20:29:04 | 000,393,690 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_dotnetfx35install.txt
[2010/06/29 20:29:04 | 000,006,036 | ---- | C] () -- C:\Users\Drew\AppData\Local\uxeventlog.txt
[2010/06/29 20:29:04 | 000,000,002 | ---- | C] () -- C:\Users\Drew\AppData\Local\dd_dotnetfx35error.txt
[2010/06/25 17:02:57 | 000,001,460 | ---- | C] () -- C:\Users\Drew\AppData\Local\d3d9caps64.dat
[2010/06/19 14:58:59 | 000,001,367 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/05 22:37:08 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/25 18:38:48 | 000,000,760 | ---- | C] () -- C:\Users\Drew\AppData\Roaming\setup_ldm.iss
[2009/12/10 20:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/10 20:24:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/17 21:19:46 | 000,001,048 | ---- | C] () -- C:\Windows\SysWow64\sk_bho.ini
[2009/07/15 05:26:54 | 000,029,644 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/07/15 04:38:02 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/06/08 07:39:36 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/04 13:15:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/05/26 19:17:18 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/26 18:13:31 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/26 18:13:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/26 17:52:23 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/04/05 19:16:33 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/02/26 18:00:58 | 000,000,131 | ---- | C] () -- C:\Windows\CRC.INI
[2009/02/19 16:28:02 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/12/07 17:20:13 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/07 14:44:21 | 000,034,221 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/11/20 12:32:40 | 005,527,385 | ---- | C] () -- C:\Windows\SysWow64\IDPRSig.dll
[2007/11/20 12:32:40 | 000,622,113 | ---- | C] () -- C:\Windows\SysWow64\IDPList.dll
[2007/11/20 12:32:40 | 000,013,772 | ---- | C] () -- C:\Windows\SysWow64\IDPImmData.dll
[2007/11/20 12:32:39 | 004,985,733 | ---- | C] () -- C:\Windows\SysWow64\IDPFSig.dll
[2007/11/20 12:32:39 | 000,343,272 | ---- | C] () -- C:\Windows\SysWow64\IDPESig.dll
[2007/11/20 12:32:39 | 000,002,380 | ---- | C] () -- C:\Windows\SysWow64\IDPBlkCoo.dll
[2007/11/20 12:32:39 | 000,000,162 | ---- | C] () -- C:\Windows\SysWow64\IDPCritProc.dll
[2004/10/11 11:19:00 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/12/07 16:33:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/02/26 17:51:03 | 000,005,874 | ---- | M] () -- C:\Bug.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/10/01 18:42:08 | 000,001,095 | -H-- | M] () -- C:\IPH.PH
[2009/03/12 06:44:33 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/18 14:01:04 | 305,123,326 | -HS- | M] () -- C:\pagefile.sys
[2008/12/07 15:10:18 | 000,000,086 | ---- | M] () -- C:\Setup.log
[2009/02/12 01:53:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/12 11:11:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/12 22:23:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/13 17:53:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/12 01:53:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/12 11:11:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/12 22:23:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/13 17:53:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/11/18 14:08:40 | 000,124,908 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_18.11.2010_14.03.32_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 09:05:44 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 09:05:44 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 09:05:44 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/30 00:05:13 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/02 16:38:24 | 000,000,286 | -HS- | M] () -- C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 09:03:11 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/06/30 00:29:03 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/06/30 00:28:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/06/30 00:28:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/06/30 00:28:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/06/30 00:28:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/06/30 00:28:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/12/07 14:41:39 | 000,000,402 | -HS- | M] () -- C:\Users\Drew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/13 17:04:16 | 000,003,842 | ---- | M] () -- C:\ProgramData\driverinfo.txt
[2010/06/24 15:02:02 | 000,001,367 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2008/12/08 09:00:36 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 15:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\SysWOW64\acwizard.ico
[2005/08/28 20:51:42 | 000,000,766 | ---- | M] () -- C:\Windows\SysWOW64\Uninstall.ico

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/05/31 05:24:05 | 000,699,848 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/11/18 14:15:39 | 003,407,872 | -HS- | M] () -- C:\Users\Drew\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2009/11/05 23:47:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010/04/12 15:22:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Armagetron Advanced
[2010/03/31 12:01:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2008/12/07 17:10:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Auslogics
[2010/11/01 23:23:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/10/18 14:36:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/02/26 18:00:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\COMODO
[2009/07/29 13:58:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2009/07/29 13:59:24 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
[2009/11/05 23:44:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/05 23:41:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/01/02 03:49:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/11/17 15:22:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2009/05/26 19:17:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ffdshow
[2009/06/03 16:20:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2009/10/16 22:43:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2010/10/24 09:58:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GNU
[2010/06/24 17:49:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GRETECH
[2010/06/19 15:03:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/06/19 15:04:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2009/07/17 21:44:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IdentityPatrol
[2010/03/11 02:16:50 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/08/13 08:20:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/10/19 17:59:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/01/12 21:33:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2010/06/24 14:58:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2009/02/26 17:49:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/08 17:40:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2008/12/14 22:36:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/09/30 15:34:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2009/03/10 11:37:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/09/30 11:54:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/10/25 07:23:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2008/12/14 01:57:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/06/25 19:48:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/28 12:54:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 09:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/06/20 14:03:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/24 14:59:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MySpace
[2009/05/26 18:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2009/01/12 21:33:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/10/18 14:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panda Security
[2010/06/30 15:51:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Phyxion.net
[2010/09/28 15:11:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/04/05 22:36:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2006/11/02 09:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/06/30 14:00:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RegCleaner
[2010/06/18 21:02:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/07/14 20:01:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/02/26 17:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SUPERAntiSpyware
[2006/11/02 09:33:57 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/09/25 12:12:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2009/06/28 21:27:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/10/18 14:32:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VirtualDJ
[2009/07/28 16:27:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2010/07/26 03:32:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2010/07/26 03:32:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp Detect
[2010/06/30 00:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 21:08:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 21:08:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/12/08 17:42:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/03/15 14:39:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/13 08:20:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/06/30 00:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 09:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/06/30 00:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2010/06/30 12:57:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/06/30 00:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/02/21 12:42:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2010/08/24 00:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\World of Warcraft Beta
[2008/12/17 22:08:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2009/09/19 18:28:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Z8Games

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2008/01/20 20:46:48 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

< %USERPROFILE%\Desktop\*.exe >
[2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Drew\Desktop\TDSSKiller.exe
[2007/01/24 17:22:14 | 000,594,432 | ---- | M] () -- C:\Users\Drew\Desktop\zsnesw.exe

< %PROGRAMFILES%\*.* >
[2008/01/20 21:21:14 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system\*.dat >

< %AppData%\AdobeUM\upldrvdrv2\*.* >

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

< %AppData%\AdobeUM\vclvclupl66\*.* >

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< %systemroot%\SV1\*.* >

< %systemroot%\system32\Hotspot\*.* >

< %systemroot%\java\*.* >

< %systemroot%\system32\JAVA\*.* >

< %systemroot%\system32\syst\*.* >

< %systemroot%\msapps\*.* >

< %systemroot%\Fonts\*.html >

< %systemroot%\WinRecycleb\*.* >

< %systemroot%\system32\PassTools\*.* >

< %USERPROFILE%\Templates\*.txt >

< %systemroot%\system32\[bleep]\*.* >

< %systemroot%\system32\xmldm\*.* >

< %systemroot%\system32\ui\*.* /s >

< %SYSTEMDRIVE%\autorun.inf\*.* /s >

< %ProgramFiles%\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\c\*.* /s >

< %systemroot%\win\*.* >

< %systemroot%\system32\update_flash\*.* >

< %systemroot%\system32\dllcache\*.bak >

< %SYSTEMDRIVE%\wedfwefeee.exe\*.* >

< %SYSTEMDRIVE%\explorxxxx.exe\*.* >

< %USERPROFILE%\My Documents\Windows\*.* /s >

< %ProgramFiles%\Application\*.* >

< %systemroot%\Help\*.exe >

< %systemroot%\system32\dllcache\*.bat >

< %systemroot%\system32\User\*.* >

< %systemroot%\system32\eifrest\*.* >

< %SYSTEMDRIVE%\directory\*.* /s >

< %systemroot%\system32\programs\*.* >

< %systemroot%\ProNet\*.* >

< %systemroot%\Tasks\svchost\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main|DEPOff /rs >

< HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx64 >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run]

< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers >

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell]

< HKLM\Software\Policies\Microsoft\Windows\System\Scripts /s >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = no
"RunInvalidSignatures" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/07/11 16:32:06 | 000,000,000 | ---D | M](C:\Users\Drew\Favorites\??sorted Bookmarks) -- C:\Users\Drew\Favorites\࿈ɔsorted Bookmarks

< End of report >







Thank you Mr. Mr. for helping me out! :D I much appreciate it! ;) Cool Giraffe thing u got going on. I hope my logs are proper and everything is in order! ;)
  • 0

#4
DieNamic
Posted 18 November 2010 - 02:26 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OH I ALMOST FORGOT THIS ONE! :D




OTL Extras logfile created on: 11/18/2010 2:15:49 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.79 Gb Total Space | 88.61 Gb Free Space | 15.86% Space Free | Partition Type: NTFS

Computer Name: SILVERSTONE | User Name: Drew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = BE 65 0B AF 1D 18 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BBB3CE-1695-4D44-A838-C65D9381CFC1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0CAEA2BD-2C03-486B-A1BB-B8423BC40A0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{0EA2D374-68F0-4D2A-A7A4-22F620AAF94A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1414C1CC-779B-4B41-958E-17CFD2EC0D1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18E76694-0AD9-4294-A60C-83E01FEBD795}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1AC0F743-CC0C-407B-B357-5E61D8EF6B07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2669DBED-269D-4AC5-A98A-D05A6BAAC5B9}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2684809D-EF6D-479D-86DD-D220FE2F6F37}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{3863E8D7-0BD5-4BB7-951E-47AA7F9D3316}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3B616B68-3010-4953-8CA2-B0B56F4E26C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CD90380-7E89-4AA8-AF57-93CAE21CCF68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E7DFB83-EEF8-46CB-AC09-EBF4E589D2BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{401E0999-CFB1-43BE-A6E6-576DA6585E06}" = lport=138 | protocol=17 | dir=in | app=system |
"{458EADC6-24C4-4944-B8D1-C0B33B3C7334}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5C976C12-FA8F-4903-8BA8-5E7D636659A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{62DC3FC6-882D-4118-AA3F-A8C5750D3134}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64532034-AAAD-44E0-996E-6F3DC5C014E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6786F511-A110-4345-997C-8C8298526D06}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C54548C-ED0B-405A-9E7A-B56CF5A3BB5D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E61C391-F28E-4AC6-88E4-6515A45B5405}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77302314-055D-4D35-B246-6C8445F72BFD}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{7CD947CF-CB5F-4EF2-9730-F60DCE2395DA}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{7F67D78B-6428-4B39-A3F4-C1B2AC0D3D5E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{80778BC3-239F-43ED-84E2-9B023461DFD7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{811FA46A-79AF-400D-91B9-BDE5FBA70265}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8241F2A7-EB48-4DFE-AC35-246335C6DB47}" = rport=139 | protocol=6 | dir=out | app=system |
"{87166823-6317-49F9-A7FD-1A58B0C36D14}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{875ED671-F078-41D0-93B2-E5DF6C0CBE47}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88B4A792-EA23-4C09-8BAE-72C91DCA84D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8B8FDB0A-0405-45FD-B66C-65082DD32252}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9395DFF6-655A-4E2F-9FF8-62F037240618}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93E9CA94-0E16-4BAC-BC7E-F646335436B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{959D0A9F-1BF4-4DE2-A25F-BC7A20B59D80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9881F9C6-FF63-4504-AB7B-62B53CFA068F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F235AB1-D4C9-4515-AF9F-0424286B47C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1FF662C-BF13-4136-8455-8FCD8194D8D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4B8B66A-1B6D-4293-9146-B5006D1E8912}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A6C48248-5B40-41A8-951D-7AC6B352984A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B2912BB9-7621-4BC9-BAE3-B2C735EB3077}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4FC38F3-D13B-4D48-BAFA-4D443BF038DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD9A5A-4F9D-49DF-8703-2F2C9087AC59}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BA6E7A1F-7BE3-4346-9543-EAB2B5BC2921}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BC8F154B-B375-438F-92A9-6E440748F257}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC9DABE4-7DE8-4DFA-9DF1-38E9F82DE8D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C595E70D-4CE1-4D18-AE63-62E8D246CD33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C633C0EA-0656-49BB-9F84-1BEF90E5E953}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6E7EA64-020B-4030-993C-1FD401B54EA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEA95CF8-2CD5-4DD9-8B74-8CE20A0543EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{D468CFF7-B038-44B0-9AC5-821ADF221793}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DD8ABEAD-5532-4E48-8F42-69BAC5F52552}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E2DFB183-53E4-46D2-8C4F-3C902A858B68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6676FF3-6BF4-4F3B-872A-F758E214D3D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F558890F-4D0B-46B9-AECF-FD1579587934}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7E72B66-95C1-492E-96A2-13F50B616DF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD39C15C-1CB6-4695-8C14-4E7D0F0878A2}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0164FDF4-BF46-4E3C-9846-2C06F662BF7A}" = protocol=6 | dir=in | app=c:\downloads\announce_trailer_en_us.exe |
"{043D2672-7501-457B-97C0-4BD0BE9C9799}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{056AAFFE-2F53-4F3D-9467-200C44F91186}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{062D28C6-7236-499B-855A-21E79E10B21C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{08AA3814-833D-406C-AAB6-60BCA8A4008C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A0A8D14-F6B6-4592-947A-DF48F8E9FC26}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft beta\launcher.exe |
"{0AAB6222-FF13-4A43-9FA8-34D85AB7A7A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B491530-9D81-433C-9448-9F8F8A289C04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CC93972-51B9-4446-8012-CD52842C5908}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0DB9A396-6BE6-48D5-823D-2C91C8B18AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft beta\wow-4.0.0.12539-enus-downloader.exe |
"{10239C9C-71ED-4410-BF22-3BC42487AD7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1063B516-9A1E-4A9B-9AF2-8D58F60D37A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1066779A-714A-4ADA-80AB-FB101C935672}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{110376CE-08D7-4147-8EA9-2C98CF21E21F}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{12D25297-FB30-4964-A091-D0DF5FEBE5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{136002EB-8AE4-4CB6-A633-282050570561}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{136CD9C1-051D-4AA2-8A99-C2482D1A2304}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15D58A70-582A-493B-AF9F-8202CDAEDCB7}" = protocol=17 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |
"{173D913B-FED9-487A-B750-305C43FF9A1C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17B9F918-CB64-4E50-939D-74469FF6B825}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{186EE76C-862B-473E-8F47-ED2C365BD964}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18ADC47D-E1E1-4801-8863-AB46E914A83B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1967C057-4990-4AF5-B76B-231F7725328C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A760EE7-130B-41AC-BBEB-54E5F3EA1494}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A8FBA9C-704A-4EE7-ADCE-3751C00C2F7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B393D78-573C-4776-B118-2C87A08F4D14}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1B95C778-5F2D-4F8C-AEC2-78F9D8CE8DEA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{1BA1B21B-B8E5-4BBA-ACAC-F38C71EE5F0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D70DEA9-CDBA-4293-8AFB-C64BF4212AAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1DF1B2CC-25CD-4B72-984B-991B2FD429E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21162C75-836F-419E-A187-A2CA54688CBA}" = protocol=1 | dir=in | [email protected],-28543 |
"{215E4084-18F7-4F0A-A573-BA7446CAC10A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2174F4D9-D489-48B4-95A7-CD4A62B13E06}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{22B2D7AB-59D5-421D-B0A8-7095FE22D380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25FA6455-3E4A-4019-AF1C-78110CE3795D}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{27DD4B35-E3C7-4637-977E-C3F418986377}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28EF8B06-BD00-4CFB-A7D9-54C0FAF57662}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AEDA252-5DAF-47D4-899D-BA43254C5FAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B042DCD-FF32-4D68-8880-E6EF760AB4D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D62C612-F0F2-4B23-9EA8-0E20B0372DC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F941A31-60AE-4BFA-8825-86C75BC5FB53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2FFEF24D-9F84-4857-AB5E-A517E52FA9AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{300CFC9B-972D-4C42-99A1-A88283536C21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{310F47E6-4935-4314-B383-83EC3540CAC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36D9E8BF-AB00-4D27-9BD9-46C95A30E6CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37DFA424-3BA2-46FD-9E51-BCB7FDA6CC3F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{38655BC8-6896-4B43-AE46-A831F7397DF5}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |
"{3973B240-06A1-4BED-9267-62B384FC34A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A63E849-1A95-42F4-9E08-B36611F2E04C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{3AB5533E-C4DA-40CB-8C4A-642E1FA6AC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{3B39A75A-F9FE-41DB-A232-0598BD5F8C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B64657C-3ADD-4946-9C0D-D31E363BC63F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BCA3F9E-DCCB-40F3-88DC-3C77CA8B4E52}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft beta\launcher.exe |
"{3C4E4B29-393D-407D-8007-0E8D751E02F0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{3D554BCE-C5C5-456D-9A70-5B8245274EC0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4075EA56-8E1C-4790-8FED-10759A66D66B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4082B685-4CCB-43C7-8641-180EF8C37EA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41B8A02E-D5F5-40D1-96AF-C4F4D2553CF3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{45C1664E-0881-401D-B898-CBF531F9295A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{48202BA2-CB80-40B1-8F4F-8EC7EFD94038}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{49E22562-809A-45F1-9A70-B7D98B7A9505}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4BD631C0-42C5-4E5B-9446-3D738A4A5CAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F521692-43C8-4CC8-82B9-BC147E610345}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{513C53E3-3B51-4096-9914-90BB1BCDA533}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft beta\wow-4.0.0.12539-enus-downloader.exe |
"{51FBFDB9-28E9-4D30-A927-2F72B163CD9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B45C409-725B-457A-8B66-325CF065C810}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D831E1E-402F-4C47-864B-8E1424CB6231}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{5EBBB9FA-721E-4867-A67F-CFAF7AC44F4E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{5EC38C5E-7F15-40F1-BA30-26EF31D601BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F7E9690-6C1F-4A9C-A23D-837FD104705E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5F88C549-CFB0-45F2-AC3A-F2EE2ACF2E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{61D11AD9-A5F6-4E3C-81BC-396DD3D15E3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6272CE0D-8C89-4599-AF84-6AD90FA59324}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{628CECC1-5952-48D8-8F4A-51D7D90E9065}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62C51F00-91A4-4B4B-B7BF-99E5DC9FDA6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62D0F296-809B-40C9-AFB0-2ECF932D8616}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"{6326E444-9487-4262-9BD8-9351EA40412E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63FD8325-6B47-421A-AB57-CE84184728C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67A85550-E708-474F-87B5-1CAE6D7F7E26}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{67D14326-CC50-4FD4-B50B-26D38466C950}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6D80E49E-FD6A-4B08-9BF8-4072E237312D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FE6AD77-DD24-4342-AF48-C6CC2ECCE109}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{704B00FE-68BD-4DE3-94AD-0B928F8DE798}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70E54667-AD17-4DF3-98E2-A4FDCDACDC9C}" = protocol=1 | dir=out | [email protected],-28544 |
"{719940B8-BDE4-44B7-BA9C-66A002827AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{729837D8-88A4-4B4A-ADC6-FB3D52C5BEA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73BE38C0-741F-46AF-B8EE-85EF47B80C77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74EAEC0D-258B-4F63-9578-74BDC72358F1}" = protocol=6 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |
"{76D66AA5-41C9-415D-9772-DB9264798525}" = protocol=17 | dir=in | app=c:\users\drew\appdata\roaming\rayv\viewer\rayv.dll |
"{78E12E47-9FE0-4770-A02E-4045D77D6448}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{79242810-D2C3-4089-827B-F865DEBC27D1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{7A81C89E-C9FE-4AA1-8AE1-A0FB4BCCBB4B}" = protocol=17 | dir=in | app=c:\downloads\announce_trailer_en_us.exe |
"{7D1922A6-B6F9-422A-80B0-C27A0CA87CF8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{7DF8D493-AE97-4E8A-9A90-80362861038D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{860AFC36-51E5-4DCC-911D-FAF10B13B6CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A0DDF81-0145-4E22-A658-9DCC7FD9B2BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{8B8066B2-2419-46F6-8C0A-3746B650E8FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8BC2E2BD-9F8E-4AA8-973F-1DA3ED8A0C8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8BD594FB-4763-44AD-8D32-DE102FD4CC6C}" = protocol=17 | dir=in | app=c:\users\drew\appdata\roaming\rayv\viewer\rayv.dll |
"{8C4B68B6-CB61-48ED-BA56-83EAC4DEAA44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F57B66E-445F-43A3-ABDD-EAEB13B4CA83}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{90DB5D05-EC68-4FA8-A415-C9FDD37796A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9361292D-5E32-45DF-B4D1-4DBD73C13AB4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-enus-ptr-downloader.exe |
"{956D05E9-DA49-4D98-81E0-408343352ECA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{96755DF9-F4DA-4ECF-844D-0667D9539783}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{96F23301-D4C9-40C6-8D7C-7D26BAFD1D25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97D1C578-EAE3-4E10-87A7-32457127D4FE}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{995918D5-405A-4653-86DF-7B65F7638419}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{99596F89-5AE7-4A53-9C9D-11796264943A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B9E79EF-CB82-4A23-B6F1-680A532A4E88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C742904-027A-4087-BD9C-7D2F458B2FF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EA0776C-7387-4159-96DE-C6DAA9EACE38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A01ED27A-2A83-4C28-9648-A9F6469B7DD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A058D8DD-57F3-42C2-A726-ED0868A9786A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A154C614-7531-4954-8C44-C431E33F8F11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A193BD1D-12EB-4F74-95C1-8CEF7E3F49DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A56DBBDD-0690-411A-9E0A-5CD96382D0F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7215809-9AE9-416A-94B9-DBCB6D3F0C37}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A89DE8DA-6428-4FED-9D9C-8B023F543AB9}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{AB9FF4E9-1B3E-4E53-9EC5-D52EEDEF9B61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ADA48907-B30F-406F-BFB9-9AFB0724A9D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{ADAB6DA2-E72E-4857-BA8F-CDC4AA6E4928}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{B0AED5D6-2279-4043-9A18-7FE86556A0E1}" = protocol=6 | dir=in | app=c:\users\drew\appdata\roaming\rayv\viewer\rayv.dll |
"{B4955C79-962A-490B-8E0A-33EFFBE00D47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4EB9AAC-D9CE-42F0-9DDF-4B14BB04AED2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{B68F663E-4EA2-4D23-93F0-2FD0829D81E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B966D795-0CFE-461F-A333-32CFB27FEDF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{BB41DAE9-60D0-4DAE-9A50-BAAAC3BD9703}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC6F17BA-3E0E-4C39-9FE4-E167E52D33AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{BF814416-56F9-4343-BA16-6CBA93A3A52F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"{C1E86FE9-615A-4531-8FFF-8AA4FAC390AA}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{C3917267-D308-41CF-B9DA-B4C3CF621A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3D410D1-E3C3-4B6D-9F3B-CF3FE21F6CC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3D98503-A34F-4BB5-8F6A-AADA204C2FBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3F98011-DB4D-43F1-9BC4-2DAF557F527C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C61E34B8-E883-4877-A808-5F86B339CBEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9E06FCA-5CDE-43DF-9A38-3CFE16461FA8}" = protocol=58 | dir=out | [email protected],-28546 |
"{CA18A27C-8B21-47AF-9D2C-4D8B15F23176}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{CA75FC79-550E-4972-8388-E4317E53FAA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBED1CC9-265C-4897-8D33-565AD7566B7A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCFF802E-6E79-4C64-A286-F17A9F962C69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CD5ACB2E-145A-401C-A5F7-C64D953F57F1}" = protocol=6 | dir=in | app=c:\users\drew\appdata\roaming\rayv\viewer\rayv.dll |
"{CE1DBE56-EBF6-479C-AF58-7E60F13A654F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0F7F1EE-E1BB-4C80-AADC-FFB8CD141486}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |
"{D137A34F-3D06-4BE4-BB9E-2F377BCFFB4D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{D24D36B8-63DA-4F7D-B1DA-092CAFF39E78}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-enus-ptr-downloader.exe |
"{D6F59A84-0150-47F1-8DDE-1F8A06491371}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA873DAB-2199-4B65-BF04-DBCFA54145BB}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |
"{DAE5DF6E-FCF6-4A2B-947C-4D4D2AD3B382}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-enus-ptr-downloader.exe |
"{DBFABC1F-AC19-45BE-8F70-955AACB462DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DDF47A18-DD28-4EE5-ADF7-5071BC597DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{DFFFF4D5-5E6A-4EEF-8188-AEB9E5806F0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E01E01AC-E399-4356-B1FD-C50A5F6CB925}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2567D45-43A9-4BD5-B8E9-D70658A2396E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{E388E8A0-747D-4AA3-B5CF-E341C8789BE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6AE8771-D8FF-4454-81DE-C81483137763}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{E73C2078-16E8-4DA4-B798-F99C9056B004}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E76E3996-82EF-483E-9D71-0FEDF14A5E96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8316A77-6E5D-46D4-B7FF-C0D01549BDB5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E9084322-A58C-48C9-9BA9-CF3AEE8F2A25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ECBA6060-60B2-43DC-B563-AA9A1623BAC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFCFC650-E93F-46FB-8F1A-F28270683EA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F009B56D-A860-4772-AAFC-234557E87924}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll |
"{F2083DA3-EBE8-42AC-894A-C5D0885ED3C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F66E742B-418A-4241-8EC1-12280EF52976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F89E7E93-70A0-40F7-89BF-E022418B3C32}" = protocol=58 | dir=in | [email protected],-28545 |
"{F96B25A7-FF1C-4288-95E7-76BD7E7C0055}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9829105-16D0-460D-8BDE-1648D7058DD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA5B8FAA-B229-4ACD-80B3-D5C1E47FA095}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FAEA28F6-4E8C-4B7C-AA41-F1049BE7A465}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"{FC3E994E-758B-472D-85FB-1E191A76A548}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC41F39F-F175-4C94-B62E-DFF0F38A464C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE1AA848-2B84-4C4D-A9E9-1DA551B1AC0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEFA492A-3AA6-4BDF-8BC9-765F41D2E635}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEFFAE3A-4B27-44B8-859E-8C3E3D97328C}" = protocol=6 | dir=out | app=system |
"{FF77DBA9-C720-4590-B7B9-85177517B355}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FF812857-1C9E-4E77-8C82-CDBB097B919D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{075B68F9-ABB7-445E-9E62-5BA13590DBC3}C:\users\drew\downloads\pc_far.cry.2 -.direct.play.-toed\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\pc_far.cry.2 -.direct.play.-toed\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{088F2F29-25B6-4D8A-BC42-E5A71075E6FB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{08B5109D-A0CB-4CF2-9F1E-B000749BED54}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{1626B3A4-52CD-43B5-A53C-923A9FBAB0F2}C:\games\codwaw-kaos\codwaw.exe" = protocol=6 | dir=in | app=c:\games\codwaw-kaos\codwaw.exe |
"TCP Query User{164C7D86-BB2C-48CA-A8D9-0B52DBF0F002}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{1F409998-7D01-40B3-9C1E-9A7C8300BFF3}C:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe |
"TCP Query User{294E846F-F4F9-4D14-88ED-AB53DD65C307}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{3268E38B-16AC-4F48-8DF6-7BE063C57BEB}C:\users\drew\downloads\race.driver.grid.multi-5.full-rip.skullptura\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\race.driver.grid.multi-5.full-rip.skullptura\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe |
"TCP Query User{3DD20756-A9AB-4B74-B2FA-2222796EEDE1}C:\users\public\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\public\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{3E9B7B60-7491-4366-9E36-52F64EC95C53}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{46A9B071-263F-47EA-9862-4A294B055D3A}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{499584A5-8A16-4EAD-8606-C728322FE42E}C:\program files (x86)\world of warcraft beta\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft beta\launcher.exe |
"TCP Query User{5376ACEE-05DA-4D9B-81C6-D4C74353950F}C:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\wicked-dow2\dow2.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\wicked-dow2\dow2.exe |
"TCP Query User{56A20F71-6469-44C7-BBD0-5C7A80BDB70D}C:\users\drew\downloads\pc_section.8.(proper).full-rip.-tptb\southpeakgames\southpeak games\section 8\binaries\s8game-f.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\pc_section.8.(proper).full-rip.-tptb\southpeakgames\southpeak games\section 8\binaries\s8game-f.exe |
"TCP Query User{7BCB1B9C-0F86-49E4-8EE7-90922B2A6A4A}C:\users\drew\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{A2D14763-68CF-416C-92D8-02504BED157B}C:\program files (x86)\starcraft ii beta\versions\base14356\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14356\sc2.exe |
"TCP Query User{A6BB39BE-5562-45A3-A058-88CB0987BBAC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{BAD17128-1B07-4DA0-B28D-5E1E4B4E49A0}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{CECC7658-CB36-4011-B012-238DA0159EB9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D9B7E737-C6FA-47EF-AF46-9DCC14844DF3}C:\users\drew\downloads\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe at war earth assault\uawea.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe at war earth assault\uawea.exe |
"TCP Query User{EC6C4DFF-D0B3-424B-942E-65B52563037F}C:\users\drew\appdata\local\temp\blizzard launcher temporary - c1c28d10\launcher.exe" = protocol=6 | dir=in | app=c:\users\drew\appdata\local\temp\blizzard launcher temporary - c1c28d10\launcher.exe |
"TCP Query User{F34A5088-8A48-49BF-9482-8A06D6ED19D9}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{FC8F79DE-1EAA-4B8B-ADA7-F2056CCCDC7B}C:\users\drew\appdata\local\temp\blizzard launcher temporary - e9654a00\launcher.exe" = protocol=6 | dir=in | app=c:\users\drew\appdata\local\temp\blizzard launcher temporary - e9654a00\launcher.exe |
"TCP Query User{FFC05C66-4364-4623-8455-1997765D8406}C:\users\drew\downloads\call.of.duty.5.world.at.war.fullrip-kaos\kas-codwaw\codwaw.exe" = protocol=6 | dir=in | app=c:\users\drew\downloads\call.of.duty.5.world.at.war.fullrip-kaos\kas-codwaw\codwaw.exe |
"UDP Query User{0E900DE1-E054-4FD8-A3E3-2C55289EAEF3}C:\users\drew\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\tom.clancys.rainbow.six.vegas.2.full-rip.skullptura\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{17048B7F-D2C2-4FA2-9F71-341BB419DB56}C:\program files (x86)\starcraft ii beta\versions\base14356\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14356\sc2.exe |
"UDP Query User{25E71399-3AFD-460B-9F7E-A0960EC7006E}C:\program files (x86)\world of warcraft beta\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft beta\launcher.exe |
"UDP Query User{26A07C67-233B-4F49-A83D-4C1B30311076}C:\users\drew\downloads\race.driver.grid.multi-5.full-rip.skullptura\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\race.driver.grid.multi-5.full-rip.skullptura\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe |
"UDP Query User{2C350182-E24D-496B-BC63-949CABC53908}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{35407036-6CEA-4953-8113-E9B433CE8686}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{3CDA54D9-3635-4927-8AA0-126017385BCF}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{41C758C2-885C-48E8-9CF0-A4AD1B2AB6EF}C:\users\public\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\public\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{5C641DB0-6B2F-48A1-BF42-FCA5B4D4CA93}C:\users\drew\downloads\pc_far.cry.2 -.direct.play.-toed\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\pc_far.cry.2 -.direct.play.-toed\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{709CFED7-96F4-45AE-9020-EA389B5C1708}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{83F72122-9231-479B-A055-28A5727456B8}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{8463F8BB-6DE2-4E49-A517-BD7C1E01A649}C:\users\drew\downloads\pc_section.8.(proper).full-rip.-tptb\southpeakgames\southpeak games\section 8\binaries\s8game-f.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\pc_section.8.(proper).full-rip.-tptb\southpeakgames\southpeak games\section 8\binaries\s8game-f.exe |
"UDP Query User{856D566A-E136-4088-9A79-FDA5D5E17FBF}C:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\dow2.exe |
"UDP Query User{87598D24-9089-4B8A-BFC0-0465C7F4ABBB}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{917C4BD9-AB2A-4EAC-91F4-301EEC5C714B}C:\users\drew\appdata\local\temp\blizzard launcher temporary - e9654a00\launcher.exe" = protocol=17 | dir=in | app=c:\users\drew\appdata\local\temp\blizzard launcher temporary - e9654a00\launcher.exe |
"UDP Query User{97439D69-FAEB-44C3-8FF8-3A924A0B14CE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{ABFCA694-D9EF-488A-9BB3-BD985D0EBFC0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{B0193B16-CF52-480D-A5DA-7DC8BC894238}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{B81352E0-DC1E-453B-B455-82CBD1C6D57D}C:\games\codwaw-kaos\codwaw.exe" = protocol=17 | dir=in | app=c:\games\codwaw-kaos\codwaw.exe |
"UDP Query User{BA64865F-9847-4DDA-996A-36240F96A9B2}C:\users\drew\appdata\local\temp\blizzard launcher temporary - c1c28d10\launcher.exe" = protocol=17 | dir=in | app=c:\users\drew\appdata\local\temp\blizzard launcher temporary - c1c28d10\launcher.exe |
"UDP Query User{D193A38A-4529-41B9-987A-1ABA06616683}C:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\wicked-dow2\dow2.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\warhammer_dawn_of_war_2-wicked\wicked-dow2\dow2.exe |
"UDP Query User{D3AE95D6-75CF-43EF-A4D7-2169EA78589F}C:\users\drew\downloads\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe at war earth assault\uawea.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe.at.war.earth.assault.full-rip.multi-12.skullptura\universe at war earth assault\uawea.exe |
"UDP Query User{E7A8A733-0205-4A66-AFC0-03C1E80660EB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{EF52CC47-1A59-4C1D-80A6-4BA397D55F5C}C:\users\drew\downloads\call.of.duty.5.world.at.war.fullrip-kaos\kas-codwaw\codwaw.exe" = protocol=17 | dir=in | app=c:\users\drew\downloads\call.of.duty.5.world.at.war.fullrip-kaos\kas-codwaw\codwaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{03D3BAD4-28ED-4EF2-A369-D148A240D0B3}" = Foxit PDF IFilter
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BAE72B35-821F-6780-18C5-BE4EBDF8DC7A}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{DD9DABA7-45CB-4386-AE31-ACC344260FCB}" = NetDeviceManager64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"Crysis WARHEAD®" = Crysis WARHEAD®
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 22
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE03663-FEE7-4D25-9E3E-52F97784F2A0}" = G9 Device Package
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO Registry Cleaner 1.0.17.23
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D35A8247-0E94-4DE5-BC97-804B449A7122}" = Microsoft Office Live Meeting 2007
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ALchemy" = Creative ALchemy
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Cross Fire_is1" = Cross Fire En
"Crysis WARHEAD®" = Crysis WARHEAD®
"Diagnostics 4_5" = Creative Diagnostics
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"OpenAL" = OpenAL
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SFBM" = SoundFont Bank Manager
"Steam App 10500" = Empire: Total War
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2010 10:42:52 AM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

Error - 11/13/2010 2:56:42 PM | Computer Name = SilverStone | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3951, time stamp 0x4cc7ae16,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0x14bc, application start time
0x01cb834b9eb0bdc0.

Error - 11/15/2010 4:11:50 AM | Computer Name = SilverStone | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2010 4:11:50 AM | Computer Name = SilverStone | Source = Windows Search Service | ID = 3013
Description =

Error - 11/15/2010 7:46:46 PM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

Error - 11/16/2010 6:14:07 AM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

Error - 11/16/2010 6:47:55 AM | Computer Name = SilverStone | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3951, time stamp 0x4cc7ae16,
faulting module FOXITR~1.OCX, version 1.0.0.1, time stamp 0x495057f6, exception
code 0xc0000005, fault offset 0x00002c8e, process id 0x12f4, application start time
0x01cb85771c6cff90.

Error - 11/17/2010 2:36:51 PM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

Error - 11/17/2010 2:45:26 PM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

Error - 11/18/2010 4:01:41 PM | Computer Name = SilverStone | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 1/4/2009 2:47:47 PM | Computer Name = SilverStone | Source = Mcx2Svc | ID = 301
Description =

Error - 1/4/2009 2:47:54 PM | Computer Name = SilverStone | Source = Mcx2Svc | ID = 301
Description =

Error - 1/4/2009 2:48:00 PM | Computer Name = SilverStone | Source = Mcx2Svc | ID = 301
Description =

Error - 1/4/2009 2:48:08 PM | Computer Name = SilverStone | Source = Mcx2Svc | ID = 301
Description =

Error - 1/4/2009 2:49:40 PM | Computer Name = SilverStone | Source = Mcx2Dvcs | ID = 405
Description =

Error - 3/7/2009 2:41:20 AM | Computer Name = SilverStone | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:35:08 AM | Computer Name = SilverStone | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:32:21 PM | Computer Name = SilverStone | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/15/2009 5:45:09 AM | Computer Name = SilverStone | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/16/2010 1:42:57 AM | Computer Name = SilverStone | Source = yukonx64 | ID = 458853
Description = Driver status 1

Error - 11/16/2010 1:42:57 AM | Computer Name = SilverStone | Source = yukonx64 | ID = 458853
Description = Driver status 1

Error - 11/16/2010 1:42:57 AM | Computer Name = SilverStone | Source = yukonx64 | ID = 458853
Description = Driver status 1

Error - 11/16/2010 6:13:45 AM | Computer Name = SilverStone | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:46:39 AM on 11/16/2010 was unexpected.

Error - 11/16/2010 6:14:07 AM | Computer Name = SilverStone | Source = Service Control Manager | ID = 7026
Description =

Error - 11/17/2010 2:36:51 PM | Computer Name = SilverStone | Source = Service Control Manager | ID = 7026
Description =

Error - 11/17/2010 2:45:26 PM | Computer Name = SilverStone | Source = Service Control Manager | ID = 7026
Description =

Error - 11/18/2010 3:58:09 PM | Computer Name = SilverStone | Source = Service Control Manager | ID = 7034
Description =

Error - 11/18/2010 4:01:21 PM | Computer Name = SilverStone | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Officejet Pro L7780 with
shared resource name HP Officejet Pro L7780. Error 2114. The printer cannot be
used by others on the network.

Error - 11/18/2010 4:01:41 PM | Computer Name = SilverStone | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#5
SweetTech
Posted 18 November 2010 - 05:45 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: ""
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[14 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"=-
"RunInvalidSignatures"=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



WVCheck
Please download WVCheck from Artellos.com.
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#6
DieNamic
Posted 21 November 2010 - 11:58 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for not replying!!! ;) I haven't been home much lately, but this is one of the steps you wanted to see ...

Windows Validation Check
Version: 1.9.11.4
Log Created On: 2342_21-11-2010
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last Success Time for Update Detection: 2010-09-06 23:16:58
Last Success Time for Update Download: 2010-08-12 22:45:07
Last Success Time for Update Installation: 2010-08-13 07:22:35


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - d29fdb5dedbdc1bd882164dc6dc4dd53


-------- End of File, program close at 2347_21-11-2010 --------


I'll run OTL again tomorrow. I just started a new job so they are working my [bleep] off over at the Best Buy :D I'm really tired so imma' sleep THANK YOU SO MUCH AGAIN!!! ;) ;) I'll keep posting, I haven't forgotten you yet kind sir :) peace out bruh till tomorrow!!! hopefully! :(
  • 0

#7
SweetTech
Posted 22 November 2010 - 09:12 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. I'll await your next reply with the other logs.
  • 0

#8
DieNamic
Posted 24 November 2010 - 07:39 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

11/24/2010 7:37:43 PM
mbam-log-2010-11-24 (19-37-43).txt

Scan type: Quick scan
Objects scanned: 117895
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






and this is the OTL ...



All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "" removed from network.proxy.http
Prefs.js: "" removed from network.proxy.http_port
Prefs.js: "" removed from network.proxy.no_proxies_on
Prefs.js: "" removed from network.proxy.type
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
File delete failed. C:\Windows\SysNative\SET159C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET15BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A33.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET952C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET956D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETA9EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETAA40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBCEE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBD01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE2EC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE408.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETED72.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETEE21.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET159C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET15BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET4A33.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET952C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET956D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETA9EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETAA40.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBCEE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETBD01.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE2EC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETE408.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETED72.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SETEE21.tmp scheduled to be deleted on reboot.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\\CheckExeSignatures not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\\RunInvalidSignatures not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Downloads\cmd.bat deleted successfully.
C:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Drew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6838680 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50050696 bytes
->Flash cache emptied: 962 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3062057 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255060 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Drew
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11242010_192403



THANK YOU SIR! :D
  • 0

#9
SweetTech
Posted 24 November 2010 - 07:44 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
DieNamic
Posted 24 November 2010 - 07:50 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OH! My bad I didn't update it fully it seems. kk running MBAM now... TY again! :D
  • 0

Advertisements

#11
SweetTech
Posted 24 November 2010 - 07:53 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Your welcome. :D
  • 0

#12
DieNamic
Posted 24 November 2010 - 07:55 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Would it help if I deleted Panda anti virus and got a paid version of a fancier anti virus like Kaspersky or ESET NOD 32?? o.o Oh and I'm trying to download the new patch for World of Warcraft from Blizzard and its slow because it says my computer is behind a firewall, but the windows firewall is totally disabled and I have no other firewall... o.o not even at my router :D Idk what the deal is ;) maybe you might have some insight lol
  • 0

#13
DieNamic
Posted 24 November 2010 - 07:57 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5185

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

11/24/2010 7:53:37 PM
mbam-log-2010-11-24 (19-53-37).txt

Scan type: Quick scan
Objects scanned: 143999
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



There is the log from Malware bytes that just came up :D I had 4 malware threats this time!!! dang!!! I don't even watch porn! honest! where is this stuff coming from???? ;)
  • 0

#14
DieNamic
Posted 24 November 2010 - 07:59 PM

DieNamic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
by the way I just deleted Panda Antivirus. I'd like to try something else. Any recommendations? We sell Trend Micro, Norton, Kaspersky and Web Root at the Best Buy I work at but I'm almost positive that stuffs crap but I can't say for sure.
  • 0

#15
SweetTech
Posted 24 November 2010 - 08:13 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If your looking to go with a paid version of an Anti-Virus I'd recommend either Kaspersky or ESET. I'd recommend those two programs over Webroot, McAfee, and Norton any day.

Lets run an online scanner to see if it finds anything.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP