Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Engine Redirect


  • This topic is locked This topic is locked

#1
mvp27

mvp27

    New Member

  • Member
  • Pip
  • 5 posts
Hi to all,

Im glad my friend recommended this forum.

i dont know when exactly this redirect occur because i havent search anyhitng on google as i have the bookmarks on websites i often visit. as far as i know my brother used my pc and i found this problem about 3rd of July.
I've seen the topic about the google redirects but and tried the steps but the redirect keeps occuring.

i run a full scan using Malwarebytes Anti-Malware and found a trojan and was deleted but my problem was not resolve. I also deleted all the cookies and temp files.
i also run a scan using Spybot S&D and it fix some things but it didnt resolve my problem.
then i follow the steps on How to fix Google Redirects
i run the TDSSkiller and found malicious objects and it was deleted. i tested if my problem was resolve but 50% of the time it will redirect again.
i also tried free trial of hitman pro and found something and was deleted but i still have the same problem.wish someone could help

ive downloaded the OTL as instructed and it created a log.

OTL.Txt
----------------------------------------------------------------------------------------
OTL logfile created on: 05/07/2011 11:11:28 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\GJ\Downloads\IDM Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.05% Memory free
4.94 Gb Paging File | 2.84 Gb Available in Paging File | 57.51% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.04 Gb Total Space | 35.64 Gb Free Space | 15.77% Space Free | Partition Type: NTFS

Computer Name: GJ2008 | User Name: GJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 11:11:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GJ\Downloads\IDM Programs\OTL.exe
PRC - [2011/06/29 11:42:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/23 23:01:32 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/06/02 13:32:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/23 17:27:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2011/04/28 14:28:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/06 21:06:46 | 000,099,840 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2010/10/13 12:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/10/13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/10/13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010/10/13 12:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010/09/13 16:26:14 | 000,012,592 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/02 21:40:10 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 11:11:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GJ\Downloads\IDM Programs\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/29 18:53:37 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/29 11:42:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/02 13:32:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 14:28:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/10/13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/10/13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010/09/13 16:26:14 | 000,012,592 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2009/11/23 19:02:37 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/14 22:19:49 | 000,087,288 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/06/29 11:42:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 11:42:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/09 16:50:58 | 000,089,888 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/10/05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/08/15 22:41:42 | 000,100,368 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/07/02 11:08:32 | 000,384,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_HDAL_i386.sys -- (SRS_HDAL_Service)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/07 07:42:36 | 001,053,056 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CAMTHWDM.sys -- (CAMTHWDM)
DRV - [2009/06/10 16:59:32 | 000,024,576 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RPGMOUSEV1.sys -- (KMWDFilterV1)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/10/31 01:04:32 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/31 01:04:16 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/08/24 19:34:00 | 000,015,872 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2007/06/07 06:42:08 | 000,083,456 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/02/01 15:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Users\GJ\Downloads\MyRO\MyRO\npkcrypt.sys -- (npkcrypt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GJ\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GJ\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/28 17:53:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 11:41:11 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/28 17:53:45 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 11:41:11 | 000,000,000 | ---D | M]

[2009/09/11 18:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GJ\AppData\Roaming\Mozilla\Extensions
[2009/03/12 12:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GJ\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/02 19:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\extensions
[2009/09/12 11:08:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/03 14:13:18 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/01/03 14:13:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\extensions\[email protected]
[2010/03/11 23:30:05 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\extensions\[email protected]
[2009/09/12 11:56:06 | 000,009,949 | ---- | M] () -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\searchplugins\mywebsearch.xml
[2011/05/14 13:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/20 23:29:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/29 11:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 16:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/16 09:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/14 13:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GJ\APPDATA\ROAMING\IDM\IDMMZCC3
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/03/04 00:06:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/03/04 00:06:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/03/04 00:06:54 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/03/04 00:06:54 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplu...lug/beta/SP.cab (StreamPlug Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...b/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://ares.netgame....ch_USAv1002.cab (MGLaunch_USAv1001 Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Little%20Shop%20-%20Road%20Trip/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\GJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\GJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\FFVIII_autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\Windows\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 10:18:24 | 000,000,000 | ---D | C] -- C:\Users\GJ\Desktop\GooredFix Backups
[2011/06/28 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\GJ\AppData\Roaming\Malwarebytes
[2011/06/28 14:52:05 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 14:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 14:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/28 14:51:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/28 14:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 14:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manga Studio EX 4.0
[2011/06/28 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CELSYS
[2011/06/28 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\GJ\AppData\Roaming\Smith Micro
[2011/06/28 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\GJ\Documents\Smith Micro
[2011/06/28 13:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/06/28 13:36:48 | 000,000,000 | ---D | C] -- C:\Users\GJ\Desktop\MSEX405
[2011/06/23 16:50:47 | 000,089,888 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2011/06/21 00:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/06/18 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\GJ\Documents\eden eternal
[2011/06/17 03:07:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/17 03:07:10 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/17 03:07:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/17 03:07:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/13 19:34:56 | 000,000,000 | ---D | C] -- C:\Users\GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/06/13 19:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/06/13 19:34:17 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/06/13 19:34:16 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2011/06/13 09:49:21 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/09 12:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/06/09 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\GJ\AppData\Roaming\ATI
[2011/06/09 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\GJ\AppData\Local\ATI
[2011/06/09 12:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/06/09 12:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/06/09 12:28:42 | 000,100,368 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtihdLH3.sys
[2011/06/09 12:26:30 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2011/06/06 13:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 002,378,136 | ---- | M] () -- C:\Users\Public\Documents\AA0001.jpg
[2049/12/31 16:00:00 | 002,335,753 | ---- | M] () -- C:\Users\Public\Documents\AA0002.jpg
[2049/12/31 16:00:00 | 002,307,980 | ---- | M] () -- C:\Users\Public\Documents\AA0004.jpg
[2049/12/31 16:00:00 | 002,228,849 | ---- | M] () -- C:\Users\Public\Documents\AA0003.jpg
[2049/12/31 16:00:00 | 000,919,231 | ---- | M] () -- C:\Users\Public\Documents\AA0005.jpg
[2011/07/05 11:08:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3723858854-2387825460-2792907647-1000UA.job
[2011/07/05 10:47:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 10:47:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 10:09:06 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/07/05 10:09:06 | 000,000,144 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2011/07/05 10:00:13 | 000,020,552 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/07/04 20:48:05 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2011/07/04 20:47:38 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\yhkeeoqlfi.job
[2011/07/04 20:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/04 20:47:33 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 20:45:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/04 16:08:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3723858854-2387825460-2792907647-1000Core.job
[2011/07/01 09:58:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/30 10:01:03 | 002,315,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 09:52:12 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/30 09:52:12 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/29 11:42:06 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/06/29 11:42:06 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/06/29 08:09:00 | 000,002,032 | ---- | M] () -- C:\Users\GJ\Desktop\Google Chrome.lnk
[2011/06/29 08:09:00 | 000,001,994 | ---- | M] () -- C:\Users\GJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 15:48:14 | 000,080,384 | ---- | M] () -- C:\Users\GJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/28 14:52:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 14:35:20 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/06/28 14:26:04 | 172,907,324 | ---- | M] () -- C:\Users\GJ\Desktop\MangaStudioEXWinDemo_4_0.zip
[2011/06/25 11:41:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/21 01:10:49 | 000,000,000 | ---- | M] () -- C:\Users\GJ\.TFileChooserFavourites
[2011/06/16 10:57:41 | 000,130,958 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/06/13 19:34:58 | 000,001,091 | ---- | M] () -- C:\Users\GJ\Desktop\AVS4YOU Software Navigator.lnk
[2011/06/13 16:00:10 | 000,045,202 | ---- | M] () -- C:\Users\GJ\AppData\Roaming\room_v3.dat
[2011/06/09 16:50:58 | 000,089,888 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2011/06/09 12:28:29 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/06/09 12:15:18 | 000,005,892 | ---- | M] () -- C:\Users\GJ\AppData\Local\d3d9caps.dat
[2011/06/08 10:53:24 | 010,915,840 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2011/06/08 10:53:12 | 010,833,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/06/06 17:16:45 | 000,000,725 | ---- | M] () -- C:\Users\GJ\Desktop\EdenEternal.lnk
[2011/06/06 16:08:22 | 1743,655,704 | ---- | M] () -- C:\Users\GJ\Desktop\edeneternal_install_20110527.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 10:09:06 | 000,000,144 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2011/06/28 14:52:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 14:42:59 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\yhkeeoqlfi.job
[2011/06/28 14:32:40 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Manga Studio EX 4.0.lnk
[2011/06/28 14:13:39 | 172,907,324 | ---- | C] () -- C:\Users\GJ\Desktop\MangaStudioEXWinDemo_4_0.zip
[2011/06/21 01:10:49 | 000,000,000 | ---- | C] () -- C:\Users\GJ\.TFileChooserFavourites
[2011/06/13 19:34:58 | 000,001,091 | ---- | C] () -- C:\Users\GJ\Desktop\AVS4YOU Software Navigator.lnk
[2011/06/09 12:35:03 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/09 12:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/06 17:16:45 | 000,000,725 | ---- | C] () -- C:\Users\GJ\Desktop\EdenEternal.lnk
[2011/06/06 13:04:40 | 1743,655,704 | ---- | C] () -- C:\Users\GJ\Desktop\edeneternal_install_20110527.exe
[2011/06/02 13:33:12 | 000,384,752 | ---- | C] () -- C:\Windows\System32\drivers\SRS_HDAL_i386.sys
[2011/05/29 18:00:27 | 000,130,811 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011/05/29 18:00:27 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011/05/26 21:21:57 | 000,045,202 | ---- | C] () -- C:\Users\GJ\AppData\Roaming\room_v3.dat
[2011/04/22 23:09:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/22 23:42:53 | 000,046,658 | ---- | C] () -- C:\Users\GJ\AppData\Roaming\room.dat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/10/13 17:23:16 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/28 13:13:08 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/14 20:08:02 | 000,004,380 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/29 12:39:17 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/09/24 08:33:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:33:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 17:04:19 | 000,130,958 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/12 11:14:29 | 000,005,892 | ---- | C] () -- C:\Users\GJ\AppData\Local\d3d9caps.dat
[2009/04/29 22:19:22 | 000,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/02/11 17:32:29 | 000,000,487 | ---- | C] () -- C:\Windows\eReg.dat
[2008/12/09 03:00:54 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2008/11/07 04:05:52 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/10/31 01:04:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/10/31 01:04:16 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/09/18 07:49:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/21 12:18:17 | 000,023,888 | ---- | C] () -- C:\Users\GJ\AppData\Roaming\UserTile.png
[2008/04/27 15:56:07 | 000,055,257 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008/03/25 23:20:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/03/22 12:57:04 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7K.DLL
[2008/03/21 13:02:38 | 000,080,384 | ---- | C] () -- C:\Users\GJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 12:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008/03/19 21:18:08 | 000,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/03/19 01:45:59 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2008/03/19 01:45:59 | 000,192,512 | R--- | C] () -- C:\Windows\System32\AegisI5.exe
[2008/03/19 01:45:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/12/01 08:50:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/10/25 23:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/03/01 00:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 002,315,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1409277B
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:126591AF
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FE2D31D5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9DAAA6AF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F264BECE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B741B2C2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5A8F8A0C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:605864D7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:AC8ECED1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:891E6CB1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:708BB0FA
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B3BAC02F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0459F5AC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A468A21E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:7ADA8871
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:883EDFB5

< End of report >
--------------------------------------------------------------------

the other one

Extras.Txt
--------------------------------------------------------------------
OTL Extras logfile created on: 05/07/2011 11:11:28 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\GJ\Downloads\IDM Programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.05% Memory free
4.94 Gb Paging File | 2.84 Gb Available in Paging File | 57.51% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.04 Gb Total Space | 35.64 Gb Free Space | 15.77% Space Free | Partition Type: NTFS

Computer Name: GJ2008 | User Name: GJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0005BCDF-CC6F-4AE9-9DB1-7F8AD6481ABE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0F29F66D-8544-45E1-A23B-F7D94D1CAFC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{105A9C85-00C5-4ADF-8768-D3B9F8512C3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2385B8EC-BF45-4EB0-863B-09A76DDC69A8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{43EBB69E-3A09-4184-A294-5B1BE9035684}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D2519FB-2757-43AD-A367-5F88DB7AA0C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E4F9713-1202-4BD6-BD64-D9D68628C24D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50DB8502-E28E-4703-8246-FD29A1DF0837}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{61A43992-0353-4FD4-8AFF-A960581D9151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B933977-417F-4687-9A90-818D80FFE9EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{73EEEFFF-AB38-4805-A84A-F8F4DAD9CC63}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{81218024-7860-4999-AA0C-007BF9ED9C72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8926D18E-7487-4E85-A073-66883183C85B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FCAF812-948A-4BA5-A7AF-D4DC88600958}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91767DB5-67A2-4553-BF4F-53E9B6E61FEB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92ED3A4E-81D0-47A4-8613-57E76A43A8F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DBD248E-4B79-41F8-A68C-7F43A5AF9A0D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AD7BDDCE-E947-4E03-95DC-1E1394F84C77}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB35BA32-2870-4EF0-86A4-A20EF418EA67}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8BF5C3B-79D1-4401-A2D3-C37C675151A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FD6E6FE8-515B-4468-B2A8-4B5C09A149F5}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA29D4A-3031-4517-9E86-954847E96DC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B0A14CE-077F-410C-AB5D-794780D94A88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0F8CFF99-C946-4C3F-8AC9-AE0B82372374}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
"{11FBA204-FBFE-4419-A6B4-1DA81D934E38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1699974F-FD83-46EE-B9EB-705ADD49D396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17BF1BB5-D908-436A-84BB-6AC7B0F5600E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ADDB04E-CCB3-4037-8037-AD80E9824BC8}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{20E3EAA6-A641-4E9D-9ACB-7FF3AD396A6E}" = protocol=6 | dir=in | app=c:\users\gj\appdata\local\google\chrome\application\chrome.exe |
"{25896E52-7E41-4872-8B33-5ED5577A70F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25BFF2D1-5F8F-4818-B53D-85F44FE484CA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{27FD4394-50CF-428D-B08A-2CCDC93BCCC6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{30BAB036-46D7-4830-B99D-C87165206137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32F1A57F-E772-4726-B662-255852065C87}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{342C5D57-2F8B-4672-9A37-A90E697F0E51}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3AE9EE08-D5FB-4EE1-ABAD-6BF8C757B7A9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{3B69F60A-4A83-46FB-A844-28F25C386FBB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3CD3C90E-23A7-42F9-B2A1-89E86DFE5EFB}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{4315FCC2-4D4E-48EC-9267-D249893ACA31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DFE8CD5-BBC6-4C61-BE17-9F8C8C43B3DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50B5A574-A0B1-4495-8076-A3B8A9713C99}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{50E88647-8DD4-4C22-A3F9-00B9AB1F46C6}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{54A600F7-8EC5-4636-A07A-1F8F972203AD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5D0FFF76-7CD2-435B-80FD-51E61E17B55A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5DC415DD-1EC0-4A00-AECA-70255EFA78BC}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{5F1CE5D3-4E1D-4592-AE59-F2EDE425DA67}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{620545B6-9F19-4F61-AA71-386574B1D404}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{6D5300CB-2609-4A9C-A3C7-178FE83AE1BF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6DF9EFD3-5017-4DFD-8155-FB9A094BE221}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7240EE51-ED76-4EAD-B912-4C94C14F5D03}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{7CC015C0-3D56-4692-9EE9-66E2D0B2BAA1}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
"{7CD12402-5EBF-4929-BA86-127E7D9E85BB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{875AACB9-11C9-4695-B648-83A69F95A9B8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8F2BDF20-DD88-4AA4-8849-A4A2961C5C88}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{96972832-1051-4728-98EF-8237A206F589}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{98C39B45-EED0-4579-B873-170775ADBAE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F7C4ED7-69BA-488C-B27E-5FE75D1CB182}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2EFC8F6-B71A-4761-A93C-2063AD898963}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A3B84401-C909-43AA-805C-D486EDA00D61}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{A79E2CC8-0E06-4835-A533-510771720BC7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A80A355A-2CF0-4751-A1C2-F7FE2B0013F1}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A97277BF-8EB2-49DF-BE87-D5C22DBFCF0B}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{AA06DCA4-AA55-4AB7-ADF4-711BF7FF9A7F}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{AD1A9E48-1A6C-4AA6-9F3D-63F39BD48412}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{BA24B160-AEEC-407D-A347-CE5B13E9A567}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAB4B373-6A91-4FCE-82A1-FB3F60814729}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3264ECE-94F9-47EB-8D30-EA21DCBF3C7F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C412D3E5-5887-4212-9D4B-DAF7627F5D58}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{C8C17606-B019-46E2-92CE-9377AF6B2B1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE0EF023-2971-4AF8-B142-C2E194470BF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC0A30BA-C49F-450F-956E-6E78D2F73718}" = protocol=17 | dir=in | app=c:\users\gj\appdata\local\google\chrome\application\chrome.exe |
"{E4C62E3B-EC0C-4C34-9A67-9FB01F1D503A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E936E398-9755-4FF7-962C-F935BC14255D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{EA89A0CD-75BD-497E-A851-3892871C9B5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC2728EB-C987-41F3-8A7E-86D5FAFCEC95}" = protocol=6 | dir=out | app=system |
"{F73BAEE7-9EB0-4180-BC7B-B07BE83A1EBE}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{FD23DA86-51C6-4206-B5CE-98B46E25F46D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{2E4963CE-B954-4E3A-9106-5DE9205487E2}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{34838471-7259-4BB9-AD36-BC8E2C15FC5B}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{35F7ACCE-BD84-4BCB-A690-D4965700603B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{47B305D1-43B2-4D41-A941-B1C4980F00E6}C:\users\gj\downloads\rgc\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=c:\users\gj\downloads\rgc\ranked gaming client\rgc.exe |
"TCP Query User{5F3D5246-6EDE-4EBB-BD19-DFFA7FB629DF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{62E9A31C-F92A-4C31-A9D0-BDE19D2E2614}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{63BFF4CF-7E7C-41A5-AB99-73E505D83417}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{689F4CAD-7FCA-4E8B-946B-28A7135F4EBC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{84E77AE5-A8F6-46DB-A097-9A47D39C356B}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{8733C40E-E608-4647-A918-D3403AD5F175}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{89D55476-A4F6-4971-A258-B3165E0827B5}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{95B7AEFC-4639-4D39-86DC-A6468B6260C7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{9DBF7000-4C31-4885-933F-B9E8C95E2BF8}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A1C638D2-5E2B-4A94-AA3F-474B7A3D695C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AF3DA76E-1D1E-4A4B-9312-457498E70287}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{D5DB5ADB-D7D3-4623-8DB6-7695B87B3B4D}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{D8816B66-EA2F-4A51-9AF9-2AE33F484CFB}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{D97B4962-43B3-4D84-9A66-466D0223CEA3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F312144D-D539-4C14-92CD-41117BF3D706}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{00E0F073-537C-40F0-BC74-79E0AD79ED42}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{097CC1A1-905B-444A-A638-E7821753928F}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{2BDC66E1-0B4B-4FCE-88BB-9098136FC3D8}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{389D282E-D6FB-41F7-8AF0-38E7B2C6C5D6}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{3E624A5E-27AA-476D-9712-C0662FBB3B81}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{46D2FDCC-8849-4A51-83BC-855E3E8040C1}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4CCE35EA-8CBD-46EA-A49B-FBD5E7AB47E2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{552AE0DD-8322-4B91-B2B0-C292D348977F}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{5AECB889-F7C2-495D-BFE9-0058A733E2D3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5C7B697E-139D-4EDB-A1C0-89DDCEE0DF93}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{6DB51176-3A6B-496E-9461-B87700E0B374}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{74417C5A-9A10-4781-B13E-A94F81AEA35A}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{A3BF6190-087B-4005-984E-2038084CB43A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{AB1E7948-C22B-4043-9065-F02B23891DCF}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B3AE13ED-8D90-4A56-8454-AF0F4F912244}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{B4F6FCA2-00C7-4A3B-B987-A009A603CB41}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{BD52E286-D193-4C6C-B929-807AF6ECD8AD}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{DA839F2D-3217-46F8-951B-107B944B6B1D}C:\users\gj\downloads\rgc\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=c:\users\gj\downloads\rgc\ranked gaming client\rgc.exe |
"UDP Query User{DB532892-F517-4385-8C85-DBFE32063177}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0110F866-6DC8-D528-AD84-99A2A64A67A8}" = ccc-utility
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11812362-F737-6874-FA40-F845ABFC9F2F}" = CCC Help Spanish
"{1453977F-19E6-7172-45A3-64DFD0EE7921}" = CCC Help Portuguese
"{153EF7B7-1D60-0B47-80AC-2A61930995D7}" = CCC Help Polish
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C4B355-08AA-050E-AAEF-96D5F43C5E17}" = CCC Help Swedish
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{234014C1-6F1D-D54E-AC70-CE00400126BB}" = CCC Help Finnish
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 25
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A407AF3-B8B3-54C0-9C6E-78D12DC4E728}" = CCC Help German
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3369417B-D079-A2EB-CC29-5EE8E74150F6}" = CCC Help Hungarian
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41552C47-1379-D9D1-A8AF-E4494A4B03D7}" = CCC Help Chinese Standard
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D91AC93-9A94-6D3E-325E-9F3ACAEFBBF2}" = CCC Help English
"{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1" = Cat Girl Alliance 1.0
"{4EADF4F5-C1C3-B865-8E72-E555BA29B65C}" = CCC Help Dutch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{553A7BDF-211A-6A44-6420-874F8D31C9D4}" = Catalyst Control Center Localization All
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588A57A4-4E74-427D-8D0C-AA18EBE439F7}" = MorphVOX Pro
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5D4EF6E3-E1F5-CB27-5DE5-309A477F0CFF}" = Catalyst Control Center Graphics Previews Common
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EBBC850-8E86-4CBB-BD63-403D4808C402}" = Manga Studio EX 4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B09A944-8B70-9A88-43D3-34DD9EF62F8C}" = CCC Help Czech
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{76F85EAD-4ACF-1826-1E3D-9DF55DA1FAB3}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7E8A67A0-AD62-BBE3-DE3C-5FB84377DBF3}" = ATI Catalyst Install Manager
"{7E982B9C-017D-1941-806F-F1E3D2972A3A}" = CCC Help French
"{7F1F3BC5-A34F-F2F0-B8C7-068550CA9572}" = CCC Help Danish
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87EF6287-15B7-968B-E66F-A6E22EDE3842}" = CCC Help Korean
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{888C0C02-162C-8C2E-A3BB-8028B76EDCE9}" = Catalyst Control Center Graphics Previews Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9275098D-F695-4248-8D14-C22AD04B6CC9}" = AsdaStory
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{979A5B37-C4F6-CC52-F1D8-AAE72FBA4E71}" = HydraVision
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}" = Warcraft III 1.22 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F41545E-B404-1013-875D-2D7959378605}" = CCC Help Turkish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A34BE684-D648-DD14-B75E-8DBD5EF11376}" = CCC Help Norwegian
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE14E46C-16DB-8BA9-EDD1-9FF9BC29CF0A}" = CCC Help Japanese
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF83CA55-2DD8-AE45-CE08-BA71492C8B3A}" = ATI AVIVO Codecs
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FDE441-6522-AA0C-1034-07E2BDB1EC05}" = Catalyst Control Center InstallProxy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D33D19AF-FFF1-E134-768B-C795C561A685}" = CCC Help Greek
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB01298-B142-6ACB-14F8-B696A0CA0063}" = CCC Help Italian
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF80E056-3F24-4C02-8F1B-C247E42A59BF}" = SRS HD Audio Lab
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E47DF794-4A16-C9B0-56E2-66FC958E67D7}" = ccc-core-static
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4446870-977C-96AD-9866-35EF0029296B}" = CCC Help Thai
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF5C192E-97D8-2896-7685-6355EA95CC60}" = CCC Help Chinese Traditional
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Akamai" = Akamai NetSession Interface
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Camfrog 5.1" = Camfrog Video Chat 5.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CorumOnline" = CorumOnline
"Counter-Strike 1.6" = Counter-Strike 1.6
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.7
"Dream Of Mirror Online" = Dream Of Mirror Online
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy-WebPrint" = Easy-WebPrint
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"EdenEternal" = EdenEternal
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FINAL FANTASY VIII" = FINAL FANTASY VIII
"Free Window Registry Repair" = Free Window Registry Repair
"FrostWire" = FrostWire 4.21.8
"G-ForceBlue" = G-Force Blue
"GoToAssist" = GoToAssist Corporate
"HangARoo_is1" = HangARoo v2.052
"HDMI" = Intel® Graphics Media Accelerator Driver
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Imikimi Plugin" = Imikimi Plugin
"Internet Download Manager" = Internet Download Manager
"LimeWire" = LimeWire 5.5.8
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"My Ragnarok Online" = My Ragnarok Online
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"SpeedConnect Internet Accelerator v.8.0 Retail zoo_is1" = SpeedConnect Internet Accelerator v.8.0
"The Sims 2 Super Pack 2007_is1" = The Sims 2 Super Pack 2007
"Veetle TV" = Veetle TV 0.9.18
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"VLC media player" = VLC media player 0.9.8a
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"WebcamMax" = WebcamMax
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/06/2011 09:36:08 | Computer Name = GJ2008 | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2011 09:36:10 | Computer Name = GJ2008 | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2011 09:36:10 | Computer Name = GJ2008 | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2011 09:36:28 | Computer Name = GJ2008 | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2011 09:36:28 | Computer Name = GJ2008 | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2011 09:47:38 | Computer Name = GJ2008 | Source = Application Error | ID = 1000
Description = Faulting application Lhi.exe, version 2.0.0.122, time stamp 0x4df61dd3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01d7eaa7, process id 0x1dd4, application start time 0x01cc3599489dfdd7.

Error - 02/07/2011 18:29:24 | Computer Name = GJ2008 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3d5c Start Time: 01cc3906f5384ad3 Termination Time: 20

Error - 03/07/2011 10:10:22 | Computer Name = GJ2008 | Source = TabletServicePen | ID = 1
Description =

Error - 04/07/2011 16:18:20 | Computer Name = GJ2008 | Source = Application Error | ID = 1000
Description = Faulting application iekn9skn.exe, version 1.0.15.15640, time stamp
0x4de220a0, faulting module iekn9skn.exe, version 1.0.15.15640, time stamp 0x4de220a0,
exception code 0xc0000005, fault offset 0x0000c676, process id 0xb8c, application
start time 0x01cc3a8737fd4054.

Error - 04/07/2011 16:20:31 | Computer Name = GJ2008 | Source = Application Error | ID = 1000
Description = Faulting application iekn9skn.exe, version 1.0.15.15640, time stamp
0x4de220a0, faulting module iekn9skn.exe, version 1.0.15.15640, time stamp 0x4de220a0,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x1074, application
start time 0x01cc3a878fbbde04.

[ OSession Events ]
Error - 27/09/2009 13:36:14 | Computer Name = GJ2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/12/2009 22:17:47 | Computer Name = GJ2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/03/2010 13:44:29 | Computer Name = GJ2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 114 seconds with 60 seconds of active time. This session ended with a crash.

Error - 30/03/2010 13:50:00 | Computer Name = GJ2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/03/2010 13:50:40 | Computer Name = GJ2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/06/2011 06:33:19 | Computer Name = GJ2008 | Source = Service Control Manager | ID = 7009
Description =

Error - 26/06/2011 06:33:19 | Computer Name = GJ2008 | Source = Service Control Manager | ID = 7000
Description =

Error - 28/06/2011 14:13:28 | Computer Name = GJ2008 | Source = DCOM | ID = 10010
Description =

Error - 30/06/2011 04:57:01 | Computer Name = GJ2008 | Source = DCOM | ID = 10010
Description =

Error - 30/06/2011 22:07:00 | Computer Name = GJ2008 | Source = DCOM | ID = 10010
Description =

Error - 02/07/2011 19:44:00 | Computer Name = GJ2008 | Source = DCOM | ID = 10010
Description =

Error - 02/07/2011 21:33:33 | Computer Name = GJ2008 | Source = DCOM | ID = 10010
Description =

Error - 04/07/2011 16:25:40 | Computer Name = GJ2008 | Source = DCOM | ID = 10005
Description =

Error - 04/07/2011 16:25:40 | Computer Name = GJ2008 | Source = Service Control Manager | ID = 7009
Description =

Error - 04/07/2011 16:25:40 | Computer Name = GJ2008 | Source = Service Control Manager | ID = 7000
Description =


< End of report >


i would be very greatful for your help thank you.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello mvp27 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
    FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="
    [2009/09/12 11:56:06 | 000,009,949 | ---- | M] () -- C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\searchplugins\mywebsearch.xml
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\FFVIII_autorun.exe
    [2011/07/04 20:47:38 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\yhkeeoqlfi.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
mvp27

mvp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi maliprog thanks. i been away so i havent check my post untill now. google stops redirecting but as you said absence of symptoms doesnt mean my computer is clean. i run the OTL as you instructed but it stops running and it shows this message to close the program. what should i do?
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mvp27,

Glad to hear that your system is better now. I will change my first post then. Do not run Combofix now. Here is what you will do for me.

Step 1

Try tu run OTL fix in Safe Mode

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 2

Run TDSSKiller now and post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#5
mvp27

mvp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi maliprog

after i close the OTL which stopped respoding i restarted my computer
and a notepad appear as soon as i log in. is this the right log for OTL.
if it is not ill run the OTL in safe mode as you instructed.


All processes killed
========== OTL ==========
Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine
Prefs.js: "http://www.mywebsear...kwd&searchfor=" removed from keyword.URL
File C:\Users\GJ\AppData\Roaming\Mozilla\Firefox\Profiles\wwlq5tfo.default\searchplugins\mywebsearch.xml not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\FFVIII_autorun.exe not found.
File C:\Windows\tasks\yhkeeoqlfi.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\GJ\Downloads\IDM Programs\cmd.bat deleted successfully.
C:\Users\GJ\Downloads\IDM Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jai Jai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 568935514 bytes
->Java cache emptied: 51283803 bytes
->FireFox cache emptied: 89106346 bytes
->Flash cache emptied: 514734 bytes

User: Janber
->Temp folder emptied: 11579629 bytes
->Temporary Internet Files folder emptied: 106200811 bytes
->Java cache emptied: 38019818 bytes
->FireFox cache emptied: 50929335 bytes
->Flash cache emptied: 21323 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39466 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 874.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GJ
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Jai Jai
->Flash cache emptied: 0 bytes

User: Janber
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.0 log created on 07082011_110815

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mvp27,

This is the right log. Run TDSSKiller now and post log.
  • 0

#7
mvp27

mvp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi maliprog

sorry i took long again to reply

here is the log for TDSSKiller


2011/07/11 13:36:18.0749 3888 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 13:36:18.0983 3888 ================================================================================
2011/07/11 13:36:18.0983 3888 SystemInfo:
2011/07/11 13:36:18.0983 3888
2011/07/11 13:36:18.0983 3888 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/11 13:36:18.0983 3888 Product type: Workstation
2011/07/11 13:36:18.0983 3888 ComputerName: GJ2008
2011/07/11 13:36:18.0983 3888 UserName: GJ
2011/07/11 13:36:18.0983 3888 Windows directory: C:\Windows
2011/07/11 13:36:18.0983 3888 System windows directory: C:\Windows
2011/07/11 13:36:18.0983 3888 Processor architecture: Intel x86
2011/07/11 13:36:18.0983 3888 Number of processors: 2
2011/07/11 13:36:18.0983 3888 Page size: 0x1000
2011/07/11 13:36:18.0983 3888 Boot type: Normal boot
2011/07/11 13:36:18.0983 3888 ================================================================================
2011/07/11 13:36:20.0528 3888 Initialize success
2011/07/11 13:36:22.0923 2052 ================================================================================
2011/07/11 13:36:22.0923 2052 Scan started
2011/07/11 13:36:22.0923 2052 Mode: Manual;
2011/07/11 13:36:22.0923 2052 ================================================================================
2011/07/11 13:36:25.0678 2052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/11 13:36:25.0744 2052 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/07/11 13:36:25.0850 2052 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/11 13:36:25.0916 2052 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/11 13:36:25.0971 2052 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/11 13:36:26.0012 2052 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/11 13:36:26.0100 2052 AegisP (18e0e08f3490eb8760a6b24f85a66c17) C:\Windows\system32\DRIVERS\AegisP.sys
2011/07/11 13:36:26.0160 2052 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/11 13:36:26.0297 2052 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/11 13:36:26.0361 2052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/11 13:36:26.0417 2052 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/11 13:36:26.0466 2052 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/11 13:36:26.0498 2052 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/11 13:36:26.0536 2052 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/11 13:36:26.0568 2052 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/11 13:36:26.0760 2052 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/11 13:36:27.0206 2052 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/11 13:36:27.0302 2052 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/11 13:36:27.0343 2052 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/11 13:36:27.0395 2052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 13:36:27.0439 2052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/11 13:36:27.0494 2052 AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
2011/07/11 13:36:27.0551 2052 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/11 13:36:27.0632 2052 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/11 13:36:27.0667 2052 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/11 13:36:27.0710 2052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/11 13:36:27.0843 2052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 13:36:27.0895 2052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/11 13:36:27.0917 2052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/11 13:36:27.0951 2052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/11 13:36:27.0975 2052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/11 13:36:28.0008 2052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/11 13:36:28.0034 2052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/11 13:36:28.0104 2052 BthAvrcp (5f38bec5ff408d557d46f8363298389b) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/07/11 13:36:28.0151 2052 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/11 13:36:28.0194 2052 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/11 13:36:28.0229 2052 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/11 13:36:28.0271 2052 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/07/11 13:36:28.0330 2052 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/11 13:36:28.0408 2052 CAMTHWDM (0a110efb1307b1c1aa19ebe0b53790ae) C:\Windows\system32\DRIVERS\CAMTHWDM.sys
2011/07/11 13:36:28.0499 2052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 13:36:28.0553 2052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/11 13:36:28.0603 2052 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/11 13:36:28.0658 2052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/11 13:36:28.0734 2052 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/11 13:36:28.0765 2052 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/07/11 13:36:28.0798 2052 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/11 13:36:28.0824 2052 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/11 13:36:28.0894 2052 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 13:36:28.0955 2052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/11 13:36:29.0047 2052 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/11 13:36:29.0083 2052 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/11 13:36:29.0142 2052 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/11 13:36:29.0186 2052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 13:36:29.0239 2052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 13:36:29.0308 2052 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/11 13:36:29.0410 2052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/11 13:36:29.0469 2052 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/11 13:36:29.0573 2052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/11 13:36:29.0639 2052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 13:36:29.0676 2052 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 13:36:29.0735 2052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 13:36:29.0771 2052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 13:36:29.0805 2052 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 13:36:29.0863 2052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 13:36:29.0935 2052 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/11 13:36:29.0995 2052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 13:36:30.0047 2052 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/11 13:36:30.0146 2052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/07/11 13:36:30.0336 2052 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/11 13:36:30.0408 2052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/11 13:36:30.0466 2052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/11 13:36:30.0501 2052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/11 13:36:30.0554 2052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 13:36:30.0593 2052 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/11 13:36:30.0709 2052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 13:36:30.0825 2052 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/11 13:36:30.0876 2052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/11 13:36:31.0002 2052 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/11 13:36:31.0224 2052 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/11 13:36:31.0301 2052 IDMWFP (a7ffc60f06929c5433b452c7f13650e0) C:\Windows\system32\DRIVERS\idmwfp.sys
2011/07/11 13:36:31.0435 2052 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/11 13:36:31.0504 2052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/11 13:36:31.0621 2052 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/11 13:36:31.0756 2052 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/11 13:36:31.0798 2052 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 13:36:31.0853 2052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 13:36:32.0071 2052 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/11 13:36:32.0194 2052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/11 13:36:32.0292 2052 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/07/11 13:36:32.0363 2052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/11 13:36:32.0407 2052 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/07/11 13:36:32.0455 2052 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/11 13:36:32.0510 2052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/11 13:36:32.0540 2052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/11 13:36:32.0618 2052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/11 13:36:32.0653 2052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 13:36:32.0690 2052 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 13:36:32.0754 2052 KMWDFilterV1 (cc362af6c5d13c3c5403819577abd8c9) C:\Windows\System32\Drivers\RPGMOUSEV1.sys
2011/07/11 13:36:32.0801 2052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 13:36:32.0875 2052 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/11 13:36:32.0911 2052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 13:36:32.0980 2052 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/11 13:36:33.0032 2052 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/11 13:36:33.0073 2052 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/11 13:36:33.0113 2052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/11 13:36:33.0153 2052 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/11 13:36:33.0252 2052 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/11 13:36:33.0300 2052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/11 13:36:33.0348 2052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 13:36:33.0391 2052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 13:36:33.0436 2052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 13:36:33.0483 2052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 13:36:33.0528 2052 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/11 13:36:33.0573 2052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 13:36:33.0607 2052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/11 13:36:33.0710 2052 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/11 13:36:33.0788 2052 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/11 13:36:33.0841 2052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 13:36:33.0895 2052 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 13:36:33.0961 2052 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 13:36:34.0005 2052 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 13:36:34.0054 2052 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/11 13:36:34.0088 2052 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/11 13:36:34.0157 2052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 13:36:34.0207 2052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/11 13:36:34.0266 2052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 13:36:34.0302 2052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 13:36:34.0334 2052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 13:36:34.0387 2052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 13:36:34.0419 2052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/11 13:36:34.0441 2052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 13:36:34.0474 2052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/11 13:36:34.0540 2052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 13:36:34.0613 2052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/11 13:36:34.0662 2052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 13:36:34.0703 2052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 13:36:34.0733 2052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 13:36:34.0776 2052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 13:36:34.0824 2052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 13:36:34.0931 2052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/11 13:36:35.0060 2052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/11 13:36:35.0137 2052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 13:36:35.0277 2052 npkcrypt (aaf9b4df67938753cb21808ea3574242) C:\Users\GJ\Downloads\MyRO\MyRO\npkcrypt.sys
2011/07/11 13:36:35.0319 2052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 13:36:35.0400 2052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 13:36:35.0461 2052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/11 13:36:35.0495 2052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/11 13:36:35.0534 2052 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 13:36:35.0579 2052 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 13:36:35.0618 2052 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/11 13:36:35.0717 2052 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/07/11 13:36:35.0834 2052 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/07/11 13:36:35.0979 2052 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/11 13:36:36.0030 2052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 13:36:36.0066 2052 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/11 13:36:36.0149 2052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/11 13:36:36.0190 2052 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/07/11 13:36:36.0220 2052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/11 13:36:36.0273 2052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/11 13:36:36.0404 2052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 13:36:36.0436 2052 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/11 13:36:36.0510 2052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 13:36:36.0551 2052 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/11 13:36:36.0610 2052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/11 13:36:36.0672 2052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 13:36:36.0713 2052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 13:36:36.0759 2052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 13:36:36.0823 2052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 13:36:36.0878 2052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 13:36:36.0934 2052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 13:36:37.0003 2052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 13:36:37.0054 2052 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/11 13:36:37.0161 2052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 13:36:37.0210 2052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 13:36:37.0277 2052 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2011/07/11 13:36:37.0332 2052 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/11 13:36:37.0399 2052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 13:36:37.0451 2052 RTL8169 (851971a68617505b2dc5ed1fbfdb00c5) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/11 13:36:37.0501 2052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/11 13:36:37.0595 2052 SCDEmu (e9bbd87afd80dc1212ecd762858b45c7) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/11 13:36:37.0701 2052 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
2011/07/11 13:36:37.0760 2052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 13:36:37.0839 2052 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/11 13:36:37.0879 2052 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/11 13:36:37.0936 2052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/11 13:36:38.0055 2052 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/11 13:36:38.0137 2052 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/11 13:36:38.0170 2052 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/11 13:36:38.0232 2052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/11 13:36:38.0291 2052 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/11 13:36:38.0322 2052 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/11 13:36:38.0353 2052 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/11 13:36:38.0422 2052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 13:36:38.0499 2052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/11 13:36:38.0553 2052 SRS_HDAL_Service (55426fed504356125080d1085024564c) C:\Windows\system32\drivers\SRS_HDAL_i386.sys
2011/07/11 13:36:38.0758 2052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 13:36:38.0853 2052 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 13:36:38.0897 2052 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 13:36:38.0955 2052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/11 13:36:39.0069 2052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/11 13:36:39.0125 2052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/11 13:36:39.0201 2052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/11 13:36:39.0234 2052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/11 13:36:39.0352 2052 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 13:36:39.0421 2052 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 13:36:39.0540 2052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 13:36:39.0623 2052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 13:36:39.0647 2052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 13:36:39.0695 2052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 13:36:39.0741 2052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/11 13:36:39.0927 2052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 13:36:40.0061 2052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/11 13:36:40.0147 2052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 13:36:40.0184 2052 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/11 13:36:40.0247 2052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 13:36:40.0338 2052 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/11 13:36:40.0394 2052 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/11 13:36:40.0456 2052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/11 13:36:40.0495 2052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/11 13:36:40.0560 2052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/11 13:36:40.0630 2052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/11 13:36:40.0678 2052 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/11 13:36:40.0736 2052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 13:36:40.0812 2052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/11 13:36:40.0892 2052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/11 13:36:41.0117 2052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 13:36:41.0315 2052 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/11 13:36:41.0441 2052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 13:36:41.0537 2052 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/11 13:36:41.0684 2052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/11 13:36:41.0768 2052 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/11 13:36:41.0927 2052 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/11 13:36:42.0173 2052 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\Windows\system32\DRIVERS\vcsvad.sys
2011/07/11 13:36:42.0657 2052 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 13:36:42.0715 2052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/11 13:36:42.0760 2052 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/11 13:36:42.0799 2052 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/11 13:36:42.0834 2052 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/11 13:36:42.0886 2052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/11 13:36:43.0064 2052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 13:36:43.0247 2052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/11 13:36:43.0375 2052 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/11 13:36:43.0531 2052 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/07/11 13:36:43.0585 2052 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/07/11 13:36:43.0618 2052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/11 13:36:43.0707 2052 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/07/11 13:36:43.0816 2052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 13:36:43.0862 2052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 13:36:43.0959 2052 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/11 13:36:44.0126 2052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 13:36:44.0651 2052 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/11 13:36:45.0077 2052 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/11 13:36:45.0224 2052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 13:36:45.0406 2052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 13:36:45.0483 2052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/11 13:36:45.0513 2052 Boot (0x1200) (89677cabc22202577ebcb8780bc68d50) \Device\Harddisk0\DR0\Partition0
2011/07/11 13:36:45.0528 2052 ================================================================================
2011/07/11 13:36:45.0528 2052 Scan finished
2011/07/11 13:36:45.0528 2052 ================================================================================
2011/07/11 13:36:45.0556 2188 Detected object count: 0
2011/07/11 13:36:45.0556 2188 Actual detected object count: 0
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mvp27,

OK. How is your system now? Do you still get redirected?

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

  • 0

#9
mvp27

mvp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi maliprog

sorry again for the late reply. i've been busy with training.
regarding about my system. i found it a slower than before at start-up.
the problem has been resolved. before the suggested keywords when you type something in the search box in google doesnt show, now it was back to normal and it doesnt redirect me to some dodgy websites. i think the cause of my problem before was a website that my brother visited while on incognito mode on g.chrome.
anyway here is the log you've requested..
many many thanks!


aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software
Run date: 2011-07-13 20:16:10
-----------------------------
20:16:10.337 OS Version: Windows 6.0.6002 Service Pack 2
20:16:10.337 Number of processors: 2 586 0xF0D
20:16:10.338 ComputerName: GJ2008 UserName: GJ
20:16:13.707 Initialize success
20:16:49.447 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:16:49.450 Disk 0 Vendor: WDC_WD2500AAJS-00VTA0 01.01B01 Size: 238475MB BusType: 3
20:16:51.501 Disk 0 MBR read successfully
20:16:51.505 Disk 0 MBR scan
20:16:51.508 Disk 0 unknown MBR code
20:16:53.513 Disk 0 scanning sectors +488391120
20:16:53.574 Disk 0 scanning C:\Windows\system32\drivers
20:17:11.185 Service scanning
20:17:13.595 Disk 0 trace - called modules:
20:17:13.602
20:17:13.606 Scan finished successfully
20:17:38.652 Disk 0 MBR has been saved successfully to "C:\Users\GJ\Desktop\MBR.dat"
20:17:38.653 The log file has been saved successfully to "C:\Users\GJ\Desktop\aswMBR.txt"
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that your problem is gone. Let's try to clean your system and speed it up a little. Let me know when you finish this steps.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP