Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Connected to net but cant not dl win updates connect to autolog and ma


  • This topic is locked This topic is locked

#16
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Odd that, and it keeps asking me to fix the other errors and buy. But no problem.

Wow this site keeped me looged on, good news.

TDSSKiller found nothing. Hope this is the right log.

2011/08/27 18:10:28.0150 4344 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/27 18:10:28.0162 4344 ================================================================================
2011/08/27 18:10:28.0162 4344 SystemInfo:
2011/08/27 18:10:28.0162 4344
2011/08/27 18:10:28.0162 4344 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/27 18:10:28.0163 4344 Product type: Workstation
2011/08/27 18:10:28.0163 4344 ComputerName: FLIPP-PC
2011/08/27 18:10:28.0163 4344 UserName: FLIPP
2011/08/27 18:10:28.0163 4344 Windows directory: C:\Windows
2011/08/27 18:10:28.0163 4344 System windows directory: C:\Windows
2011/08/27 18:10:28.0163 4344 Running under WOW64
2011/08/27 18:10:28.0163 4344 Processor architecture: Intel x64
2011/08/27 18:10:28.0163 4344 Number of processors: 4
2011/08/27 18:10:28.0163 4344 Page size: 0x1000
2011/08/27 18:10:28.0163 4344 Boot type: Normal boot
2011/08/27 18:10:28.0163 4344 ================================================================================
2011/08/27 18:10:28.0715 4344 Initialize success
2011/08/27 18:10:32.0279 4716 ================================================================================
2011/08/27 18:10:32.0279 4716 Scan started
2011/08/27 18:10:32.0279 4716 Mode: Manual;
2011/08/27 18:10:32.0279 4716 ================================================================================
2011/08/27 18:10:32.0768 4716 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/08/27 18:10:32.0821 4716 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/08/27 18:10:32.0859 4716 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/08/27 18:10:32.0887 4716 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/08/27 18:10:32.0917 4716 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/08/27 18:10:32.0965 4716 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/08/27 18:10:32.0999 4716 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/08/27 18:10:33.0042 4716 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/27 18:10:33.0087 4716 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/08/27 18:10:33.0124 4716 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/08/27 18:10:33.0152 4716 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/08/27 18:10:33.0233 4716 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/08/27 18:10:33.0266 4716 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/08/27 18:10:33.0324 4716 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/27 18:10:33.0400 4716 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/27 18:10:33.0435 4716 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/08/27 18:10:33.0469 4716 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/08/27 18:10:33.0659 4716 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/08/27 18:10:33.0685 4716 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/08/27 18:10:33.0700 4716 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/27 18:10:33.0736 4716 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/08/27 18:10:33.0870 4716 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/27 18:10:33.0960 4716 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/27 18:10:34.0025 4716 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/08/27 18:10:34.0071 4716 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/27 18:10:34.0116 4716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/27 18:10:34.0166 4716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/27 18:10:34.0190 4716 Bridge (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
2011/08/27 18:10:34.0202 4716 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
2011/08/27 18:10:34.0233 4716 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/27 18:10:34.0263 4716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/27 18:10:34.0288 4716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/27 18:10:34.0309 4716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/27 18:10:34.0339 4716 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/27 18:10:34.0380 4716 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/27 18:10:34.0452 4716 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/27 18:10:34.0527 4716 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/27 18:10:34.0593 4716 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/08/27 18:10:34.0677 4716 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/08/27 18:10:34.0697 4716 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/08/27 18:10:34.0714 4716 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/27 18:10:34.0771 4716 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/08/27 18:10:34.0809 4716 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/08/27 18:10:34.0860 4716 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/27 18:10:34.0906 4716 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/27 18:10:34.0956 4716 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/27 18:10:35.0001 4716 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/08/27 18:10:35.0050 4716 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/08/27 18:10:35.0355 4716 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/08/27 18:10:35.0414 4716 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/08/27 18:10:35.0467 4716 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/08/27 18:10:35.0491 4716 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/27 18:10:35.0527 4716 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/27 18:10:35.0565 4716 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/27 18:10:35.0590 4716 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/27 18:10:35.0630 4716 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/08/27 18:10:35.0657 4716 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/27 18:10:35.0678 4716 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/27 18:10:35.0794 4716 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
2011/08/27 18:10:35.0858 4716 hcw85cir (e55ca0624a437eccb450c21e57be46c4) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/27 18:10:35.0891 4716 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/08/27 18:10:35.0947 4716 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/27 18:10:35.0988 4716 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/27 18:10:36.0022 4716 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/27 18:10:36.0102 4716 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/27 18:10:36.0139 4716 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/08/27 18:10:36.0186 4716 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/08/27 18:10:36.0212 4716 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/08/27 18:10:36.0237 4716 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/27 18:10:36.0281 4716 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
2011/08/27 18:10:36.0314 4716 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/08/27 18:10:36.0341 4716 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/27 18:10:36.0414 4716 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/27 18:10:36.0490 4716 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/08/27 18:10:36.0510 4716 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/27 18:10:36.0552 4716 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/27 18:10:36.0588 4716 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/27 18:10:36.0614 4716 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/27 18:10:36.0632 4716 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/27 18:10:36.0647 4716 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/08/27 18:10:36.0683 4716 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/27 18:10:36.0705 4716 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/27 18:10:36.0719 4716 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/27 18:10:36.0747 4716 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/27 18:10:36.0782 4716 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/27 18:10:36.0879 4716 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/27 18:10:36.0900 4716 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/27 18:10:36.0951 4716 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/27 18:10:36.0985 4716 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/27 18:10:37.0010 4716 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/27 18:10:37.0043 4716 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/27 18:10:37.0084 4716 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/27 18:10:37.0175 4716 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/27 18:10:37.0252 4716 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/08/27 18:10:37.0286 4716 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/08/27 18:10:37.0313 4716 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/27 18:10:37.0345 4716 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/27 18:10:37.0370 4716 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/27 18:10:37.0385 4716 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/27 18:10:37.0404 4716 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/27 18:10:37.0443 4716 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/08/27 18:10:37.0471 4716 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/27 18:10:37.0507 4716 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/27 18:10:37.0536 4716 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/27 18:10:37.0569 4716 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/27 18:10:37.0606 4716 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/27 18:10:37.0622 4716 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/27 18:10:37.0649 4716 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/08/27 18:10:37.0665 4716 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/08/27 18:10:37.0715 4716 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/27 18:10:37.0758 4716 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/27 18:10:37.0786 4716 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/27 18:10:37.0807 4716 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/27 18:10:37.0826 4716 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/27 18:10:37.0853 4716 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/27 18:10:37.0876 4716 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/27 18:10:37.0900 4716 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/27 18:10:37.0911 4716 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/08/27 18:10:37.0966 4716 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/27 18:10:38.0021 4716 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/08/27 18:10:38.0045 4716 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/27 18:10:38.0056 4716 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/27 18:10:38.0091 4716 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/27 18:10:38.0112 4716 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/27 18:10:38.0135 4716 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/27 18:10:38.0180 4716 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/27 18:10:38.0342 4716 netr28x (653a267797a4de4a69014ed61945067a) C:\Windows\system32\DRIVERS\netr28x.sys
2011/08/27 18:10:38.0381 4716 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/27 18:10:38.0419 4716 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/08/27 18:10:38.0443 4716 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/27 18:10:38.0513 4716 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/08/27 18:10:38.0562 4716 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/27 18:10:38.0605 4716 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
2011/08/27 18:10:38.0867 4716 nvlddmkm (8596650117e9cf38d8ddbf8edba4e6ba) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/27 18:10:39.0256 4716 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/08/27 18:10:39.0282 4716 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/08/27 18:10:39.0313 4716 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/08/27 18:10:39.0376 4716 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/27 18:10:39.0417 4716 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/27 18:10:39.0447 4716 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/08/27 18:10:39.0534 4716 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/08/27 18:10:39.0556 4716 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/08/27 18:10:39.0587 4716 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/27 18:10:39.0627 4716 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/27 18:10:39.0719 4716 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/27 18:10:39.0747 4716 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/08/27 18:10:39.0799 4716 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
2011/08/27 18:10:39.0833 4716 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/27 18:10:39.0879 4716 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/27 18:10:39.0922 4716 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/08/27 18:10:39.0980 4716 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/27 18:10:40.0005 4716 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/27 18:10:40.0024 4716 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/27 18:10:40.0047 4716 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/27 18:10:40.0073 4716 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/27 18:10:40.0092 4716 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/27 18:10:40.0130 4716 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/27 18:10:40.0153 4716 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/27 18:10:40.0184 4716 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/08/27 18:10:40.0200 4716 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/27 18:10:40.0223 4716 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/08/27 18:10:40.0301 4716 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/27 18:10:40.0357 4716 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/08/27 18:10:40.0394 4716 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/27 18:10:40.0431 4716 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
2011/08/27 18:10:40.0464 4716 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/08/27 18:10:40.0485 4716 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/08/27 18:10:40.0509 4716 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/27 18:10:40.0545 4716 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/08/27 18:10:40.0565 4716 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/27 18:10:40.0586 4716 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/27 18:10:40.0605 4716 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/27 18:10:40.0632 4716 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/08/27 18:10:40.0665 4716 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/08/27 18:10:40.0730 4716 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/08/27 18:10:40.0838 4716 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/08/27 18:10:40.0889 4716 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/08/27 18:10:40.0935 4716 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/27 18:10:40.0977 4716 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/27 18:10:41.0021 4716 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/27 18:10:41.0055 4716 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/27 18:10:41.0078 4716 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/27 18:10:41.0101 4716 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/27 18:10:41.0173 4716 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
2011/08/27 18:10:41.0234 4716 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/27 18:10:41.0273 4716 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/27 18:10:41.0295 4716 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/27 18:10:41.0318 4716 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/27 18:10:41.0350 4716 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/27 18:10:41.0395 4716 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/27 18:10:41.0437 4716 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/27 18:10:41.0453 4716 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/27 18:10:41.0497 4716 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/27 18:10:41.0529 4716 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/08/27 18:10:41.0570 4716 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/27 18:10:41.0611 4716 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/27 18:10:41.0654 4716 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/08/27 18:10:41.0683 4716 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/27 18:10:41.0711 4716 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/27 18:10:41.0742 4716 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/27 18:10:41.0794 4716 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/27 18:10:41.0813 4716 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/27 18:10:41.0860 4716 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/27 18:10:41.0904 4716 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/27 18:10:41.0931 4716 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/08/27 18:10:41.0975 4716 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/27 18:10:42.0050 4716 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/27 18:10:42.0110 4716 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/27 18:10:42.0165 4716 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/27 18:10:42.0226 4716 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/27 18:10:42.0396 4716 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/27 18:10:42.0419 4716 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/08/27 18:10:42.0448 4716 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/08/27 18:10:42.0517 4716 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/08/27 18:10:42.0594 4716 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/08/27 18:10:42.0644 4716 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/08/27 18:10:42.0709 4716 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/27 18:10:42.0742 4716 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/27 18:10:42.0753 4716 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/27 18:10:42.0797 4716 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/08/27 18:10:42.0870 4716 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/27 18:10:43.0029 4716 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/27 18:10:43.0109 4716 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/27 18:10:43.0161 4716 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/27 18:10:43.0230 4716 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/27 18:10:43.0337 4716 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
2011/08/27 18:10:43.0441 4716 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/08/27 18:10:43.0480 4716 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
2011/08/27 18:10:43.0686 4716 Boot (0x1200) (8dc60cd954ae31214ca7f44f47dabb20) \Device\Harddisk0\DR0\Partition0
2011/08/27 18:10:43.0698 4716 Boot (0x1200) (5745d9da87dd39fc7100d311bf7664c0) \Device\Harddisk0\DR0\Partition1
2011/08/27 18:10:43.0705 4716 ================================================================================
2011/08/27 18:10:43.0705 4716 Scan finished
2011/08/27 18:10:43.0705 4716 ================================================================================
2011/08/27 18:10:43.0712 4944 Detected object count: 0
2011/08/27 18:10:43.0713 4944 Actual detected object count: 0




Just doing the other scan now.

Wayne
  • 0

Advertisements


#17
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
OTL logfile created on: 27/08/2011 18:17:11 - Run 5
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\FLIPP\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.79% Memory free
8.20 Gb Paging File | 6.51 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 626.38 Gb Free Space | 68.30% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.98 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FLIPP-PC | User Name: FLIPP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\FLIPP\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\FLIPP\Desktop\TDSSKiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FLIPP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/11 13:56:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/17 18:05:32 | 000,432,311 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14882 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2204173278-169951079-703970126-1000..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe (Support.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/27 17:06:10 | 000,464,144 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011/03/08 15:33:55 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/03/08 11:33:03 | 034,599,936 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2011/03/08 15:33:54 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{42ee88da-e157-11dd-be7e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42ee88da-e157-11dd-be7e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/01/27 17:06:10 | 000,464,144 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/27 18:10:02 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\FLIPP\Desktop\TDSSKiller.exe
[2011/08/27 14:34:12 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Roaming\Sammsoft
[2011/08/27 14:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2011
[2011/08/27 14:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
[2011/08/27 01:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/26 22:07:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/26 22:05:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/26 22:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/26 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/26 01:18:39 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/08/26 01:18:39 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/08/26 01:18:39 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/08/26 01:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/24 13:45:20 | 000,000,000 | ---D | C] -- C:\f12f1591da052aec4117
[2011/08/21 17:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/21 17:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/08/19 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Mozilla
[2011/08/19 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Deployment
[2011/08/19 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Apps
[2011/08/13 01:23:21 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/08/11 13:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/11 13:56:41 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/11 13:56:40 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/11 13:56:36 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/11 13:56:36 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/11 13:56:35 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/11 13:56:33 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/11 13:56:16 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/11 13:56:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/11 13:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/10 14:07:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 14:07:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 14:07:14 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/10 14:07:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 14:07:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 14:07:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 14:07:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 14:07:13 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/10 14:07:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/10 13:43:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/10 13:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/10 12:03:12 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 12:03:11 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 12:03:00 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 01:07:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/08/09 22:03:33 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\Documents\OneNote Notebooks
[2011/08/09 19:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/08 21:25:18 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/08/08 21:25:18 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

========== Files - Modified Within 30 Days ==========

[2011/08/27 18:13:08 | 000,002,635 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2011/08/27 18:00:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/27 18:00:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 18:00:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 18:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/27 14:53:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 14:33:56 | 000,001,669 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/27 14:33:56 | 000,001,663 | ---- | M] () -- C:\Users\FLIPP\Desktop\Check PC For Errors.lnk
[2011/08/27 01:21:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011/08/26 22:54:48 | 000,000,172 | ---- | M] () -- C:\Users\FLIPP\Desktop\Dr. Darden's H.I.T..url
[2011/08/26 22:24:09 | 000,000,934 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:24:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:04:52 | 000,000,725 | ---- | M] () -- C:\Users\FLIPP\Desktop\NTREGOPT.lnk
[2011/08/26 22:04:52 | 000,000,706 | ---- | M] () -- C:\Users\FLIPP\Desktop\ERUNT.lnk
[2011/08/26 20:33:32 | 000,001,200 | ---- | M] () -- C:\Users\FLIPP\Desktop\OTL.exe - Shortcut.lnk
[2011/08/26 18:23:30 | 000,000,222 | ---- | M] () -- C:\Users\FLIPP\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2011/08/26 01:18:32 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/08/26 01:18:32 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/08/26 01:18:32 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/08/26 01:18:32 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/08/25 12:03:21 | 000,715,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/25 12:03:21 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/25 12:03:21 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\FLIPP\Desktop\TDSSKiller.exe
[2011/08/20 02:03:33 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/19 02:42:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/19 02:42:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/14 21:07:34 | 000,144,144 | ---- | M] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_14_21_06_21.zip
[2011/08/12 23:27:08 | 000,000,322 | ---- | M] () -- C:\Users\FLIPP\Desktop\Building Muscle Mass A Quick Look at Muscular Growth and Hypertrophy • AmpedTraining.com • Matthew Perryman, CSCS.url
[2011/08/11 13:56:42 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/11 13:56:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/09 22:34:48 | 000,000,951 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2011/08/09 22:03:33 | 000,001,103 | ---- | M] () -- C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/09 19:36:59 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/08/03 02:18:19 | 000,140,288 | ---- | M] () -- C:\Users\FLIPP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 02:10:13 | 3073,871,496 | ---- | M] () -- C:\Users\FLIPP\Desktop\shift2u 2011-08-03 02-04-21-61.avi

========== Files Created - No Company Name ==========

[2011/08/27 14:33:56 | 000,001,669 | ---- | C] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/08/27 14:33:56 | 000,001,663 | ---- | C] () -- C:\Users\FLIPP\Desktop\Check PC For Errors.lnk
[2011/08/27 01:48:48 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 01:48:48 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/26 22:54:48 | 000,000,172 | ---- | C] () -- C:\Users\FLIPP\Desktop\Dr. Darden's H.I.T..url
[2011/08/26 22:24:09 | 000,000,934 | ---- | C] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:24:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:02:04 | 000,000,725 | ---- | C] () -- C:\Users\FLIPP\Desktop\NTREGOPT.lnk
[2011/08/26 22:02:04 | 000,000,706 | ---- | C] () -- C:\Users\FLIPP\Desktop\ERUNT.lnk
[2011/08/26 20:32:47 | 000,001,200 | ---- | C] () -- C:\Users\FLIPP\Desktop\OTL.exe - Shortcut.lnk
[2011/08/26 18:23:30 | 000,000,222 | ---- | C] () -- C:\Users\FLIPP\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2011/08/14 21:06:48 | 000,144,144 | ---- | C] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_14_21_06_21.zip
[2011/08/12 23:27:08 | 000,000,322 | ---- | C] () -- C:\Users\FLIPP\Desktop\Building Muscle Mass A Quick Look at Muscular Growth and Hypertrophy • AmpedTraining.com • Matthew Perryman, CSCS.url
[2011/08/11 13:56:42 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/09 22:34:48 | 000,000,951 | ---- | C] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2011/08/09 22:22:45 | 000,000,951 | ---- | C] () -- C:\Users\FLIPP\Desktop\Internet Explorer (64-bit).lnk
[2011/08/09 22:03:33 | 000,001,103 | ---- | C] () -- C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/09 19:04:15 | 000,327,680 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011/08/03 02:23:11 | 3073,871,496 | ---- | C] () -- C:\Users\FLIPP\Desktop\shift2u 2011-08-03 02-04-21-61.avi
[2011/05/02 22:28:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 22:28:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/26 19:16:50 | 000,000,192 | ---- | C] () -- C:\ProgramData\video
[2011/04/21 12:39:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 02:12:01 | 000,000,036 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\housecall.guid.cache
[2011/02/27 23:03:48 | 000,822,636 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\tmpIMG008.0
[2011/02/27 23:03:48 | 000,589,257 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\tmpIMG008.JPG
[2011/02/18 15:26:49 | 000,000,732 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\d3d9caps64.dat
[2010/06/04 00:26:18 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/04 00:26:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/10 14:44:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/10 14:43:51 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/12/25 19:37:42 | 000,070,575 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/25 19:27:08 | 000,070,575 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/11 02:01:29 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/11/11 02:01:29 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/11/11 02:01:29 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/11/11 02:01:29 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/11/11 02:01:29 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/11/11 02:01:29 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/11/11 02:01:29 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/11/11 02:01:29 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/11/11 02:01:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/11/11 02:01:29 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/11/11 02:01:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/11/11 02:01:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/11/11 02:01:29 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/11/11 02:01:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/11/11 02:01:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/11/11 02:01:29 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/11/11 02:01:29 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/11/11 02:01:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/11/11 02:01:29 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/11/10 21:52:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDER300Euro.ini
[2009/11/10 14:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/09/24 12:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 12:28:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/24 12:28:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 18:22:48 | 000,009,160 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\d3d9caps.dat
[2009/05/22 22:05:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/04/08 19:45:11 | 000,140,288 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/07 00:17:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/06 17:18:44 | 000,008,572 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/01/06 16:40:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/06 16:40:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
[2000/08/29 03:09:26 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== Files - Unicode (All) ==========
[2011/08/12 23:24:34 | 000,000,647 | ---- | M] ()(C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--«???????»--??????--?????.url) -- C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--《应用生理学杂志》--医学期刊频道--首席医学网.url
[2011/08/12 23:24:34 | 000,000,647 | ---- | C] ()(C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--«???????»--??????--?????.url) -- C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--《应用生理学杂志》--医学期刊频道--首席医学网.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 2873 bytes -> C:\Users\FLIPP\Documents\FW_ Animated Map of Europe During World War II.eml:OECustomProperty
@Alternate Data Stream - 16 bytes -> C:\Users\FLIPP\Documents\Shareaza Downloads:Shareaza.GUID

< End of report >


Wayne
  • 0

#18
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
OTL Extras logfile created on: 27/08/2011 18:17:11 - Run 5
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\FLIPP\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.79% Memory free
8.20 Gb Paging File | 6.51 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 626.38 Gb Free Space | 68.30% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.98 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FLIPP-PC | User Name: FLIPP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0E C9 B1 53 B5 46 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D2B3A7-D047-4ECE-9B8C-32978424E4E2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{02AAE1DD-D2F8-4C1B-A671-26F77E4BBCAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{046265AC-1B1D-4DD5-B9FD-8C31285DFF6E}" = lport=1701 | protocol=17 | dir=in | app=system |
"{04CCD77E-FDFC-4DCD-84D5-C7745A9C4B36}" = rport=5357 | protocol=6 | dir=out | app=system |
"{053F89A5-084A-411F-951F-69E1F899CEC6}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{0B819F22-5F7A-4B0A-B1A4-69D9B9586AF1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0E746C2F-C601-4FBE-928E-8181DFBCA329}" = lport=3390 | protocol=6 | dir=in | app=system |
"{173240F6-C79F-4036-84B2-7B0CB0B3304C}" = lport=5358 | protocol=6 | dir=in | app=system |
"{210A368E-FC1E-4428-A9CB-3371C497232B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2554ABAC-8E8C-4F4E-A0F8-C7FEE3D1F520}" = lport=139 | protocol=6 | dir=in | app=system |
"{25E441A1-AB09-466F-8580-BC4FC8CC2F60}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{25E899F4-88A0-40FB-9612-22F8BD990271}" = rport=138 | protocol=17 | dir=out | app=system |
"{27BEA95E-DDBB-4BB1-AB84-2C278340C4EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28C56C6B-11C2-4A2E-841E-E08104695811}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28CDFDD2-DF86-42F1-8D44-D615C24DED04}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A031940-33E2-430D-BE65-81DF7C49FB60}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4624B61B-1263-4EB4-9F16-26F65BB30A54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4862BEF7-A5F1-417E-A2E1-EE8EF804936A}" = rport=139 | protocol=6 | dir=out | app=system |
"{56457319-C8CC-4421-9722-6FFA6025D141}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58D327D1-1D0E-4B44-9551-75CB935780E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58EE35A4-F17D-482A-A363-813734852D3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{59415616-2861-4268-B184-AE56F58C1271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59F2D680-D631-4178-9A7C-81E160E395A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A6DF1FA-B9C3-4E59-BAF1-B380D5653BED}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D1CE477-06E0-4FBA-8B57-109D6DE57E1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E71CA1E-C8BD-4ACC-B515-5DED76DC046E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6517A276-310C-46B4-A730-BCBE47D6AA72}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{66CBFC2B-7F22-4591-BB7C-19CBBC0FBF6F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6CA8BD82-9CC1-4C82-95D9-31F968AD28D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6CC851F7-4232-46FA-9E13-3FE412AB79A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73C95694-0538-4841-8180-D737AA1CF451}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F5FDC71-1D27-4EBD-8C9B-2E286C669BE3}" = rport=5358 | protocol=6 | dir=out | app=system |
"{84293402-7FD6-4B5B-AE92-C6AB7F4CA309}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B6FBDC9-2D4D-43C4-9A25-E35749623CF1}" = lport=5357 | protocol=6 | dir=in | app=system |
"{920A971B-F68D-4221-8AE4-505BD54F19FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2764A54-2B4C-4589-9741-7D367FEF19E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA301CD6-77C7-4973-8FC5-432E4DB50863}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7B87364-1D02-40F0-A2BF-9C752E8039D6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BE62AB1A-F596-4323-82A7-2361528CAB1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE7436F4-31F8-4D3F-9749-0348F57CA0AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C24C7A2C-BFF6-4FFE-8098-7B68E8462944}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{CA73F90B-0DD1-4ED0-A8FC-632D513C829C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0924737-1454-4D68-A908-2B169C73B190}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2282FC6-6874-450D-96B6-98B1DA89F39C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E2CCE76A-968E-47ED-8DD4-0DA58893AF95}" = lport=1723 | protocol=6 | dir=in | app=system |
"{EAB924EE-E97B-4E56-AB35-CCA00980275E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EBF9A57D-DC2A-4554-AC37-469E4A0FA4FC}" = rport=1723 | protocol=6 | dir=out | app=system |
"{F2990E86-83EF-4A24-A316-511CAEB2BAFA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F413C410-252A-4032-A8E6-20A32D75182D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6154A82-E1D8-48AE-900E-7CF1D98CBBD6}" = rport=1701 | protocol=17 | dir=out | app=system |
"{F99233FD-D1A7-4838-A961-53A2C6006626}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065F900-15E3-4C2C-93A6-3F0B0E2B02AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{048E6CBB-5C30-4160-8EFB-8FF476CC4FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{04FFC0CB-985E-43E0-B97E-D553176B4172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{073F519C-C699-4263-B7D6-3DF4597B2C2C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{07646797-F04F-4A39-A5EC-083F9598D025}" = protocol=6 | dir=in | app=c:\program files (x86)\blubster\blubster.exe |
"{0AD486B2-2D10-41D3-8B9D-3ACCB0517214}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B20C80A-7AD7-4BD3-AF4A-6AC3564049C3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0BFAD6D5-9611-46C3-992B-4FDC9C1B1E0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C3EC9C0-2156-428E-9449-1FC36BBB2FB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft silverlight\4.0.60531.0\silverlight.configuration.exe |
"{0F5BCB09-F5F0-43B1-8056-667683AC2919}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C295F92-1C88-477C-B0FB-2FF412031425}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1D64C977-A6A9-4EC9-B4DD-AD634D95AC7E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{22076E88-E6C0-420F-A250-D23A06435FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{23CC9DEE-879E-45E5-828E-F8D0B3B9B303}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur™\blur.exe |
"{23E4C82F-1674-4FA8-BB5E-4137A1060381}" = protocol=17 | dir=in | app=c:\programdata\{e53f90e0-d7ca-4310-8844-f6e688407890}\ad-aware90install.exe |
"{2A2841BC-CE17-4995-8E6F-B3ADC5A9B689}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A7B31EA-5FC0-44EB-B179-A0FF9DE4DE1D}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{2D4D850F-EE65-439F-94A7-7042D275A62D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{31E80192-7C69-4EEE-8F0B-4B139C0A1C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33CA7DC2-73B2-4303-8349-20086CB20ADA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3B7B2EDF-F715-4E93-9EA2-CC80B2B7F3E3}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{3BACA39C-671C-4690-B5A7-0A99CDC25CBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46F21759-4CA3-456E-81AD-B94D17B12437}" = protocol=58 | dir=out | [email protected],-28546 |
"{48CB1A2A-6FEC-4B2E-8084-9B05E7BAC539}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4D2FF9F9-6439-4FFE-B8A6-12C741BD42B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5048C718-473E-42E8-8DEA-E6AF0F9D065D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50E7C1BC-C467-4D07-8027-4B14CD79DEDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5523D450-199A-4D74-9F22-26FDE35C9CEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{576722AB-E2B2-490E-83A8-21B6EE100F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{58268374-5BCD-44F1-A9BB-E115CD0F3115}" = protocol=6 | dir=in | app=c:\programdata\{e53f90e0-d7ca-4310-8844-f6e688407890}\ad-aware90install.exe |
"{59013F9B-8A92-4B34-811A-566801498ECB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{596EC312-070D-4F76-BC13-C5B36489FAFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5AAFFDF6-BCEF-4440-8FDA-A324D92EECEF}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{66338E78-EBB0-48C5-9CC8-17F9D3AF71ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{69090B75-3123-49ED-BAB8-34CD80BB10D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{6982BF44-00B4-4A94-BE12-023B4E908805}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{6BE8FE3D-1300-4291-8C23-3F86FEFDA2C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F86004-3738-4894-8D97-E33A0A86FB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{7A8DCFB3-14A0-470D-AF7E-9C0FB67BF87F}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{87998AB0-5FB3-4499-B2C6-B0BF7474504A}" = protocol=1 | dir=out | [email protected],-28544 |
"{8AA4FA61-07FD-413D-BE15-ED3B84F1EA4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft silverlight\4.0.60531.0\silverlight.configuration.exe |
"{907BD803-731B-48B1-B58B-C1D52F7CB5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{90E8318D-746C-4B3C-A443-19F3C59E121F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91EAC513-173B-47F3-B969-B59167E0069E}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{9358F1A5-2C0D-4A07-9B31-85AAE7A7EA60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9376F9DF-0B1D-4E9D-B56C-7A93766A7091}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{9552E8D2-C8AE-4A24-B01D-9D47734F7101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C78A63-AA00-4C40-B218-4CE449614B6E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A482BD75-18F9-424E-A3F4-82775A070943}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{AA976D61-971A-4430-B808-35EB69A95D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\3d vision\nvstview.exe |
"{ACC2F848-40CE-454A-8B9F-E4AC8B8D5215}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{ADDEB26A-B28F-41A9-AB0B-4DAA40FD9E52}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B6CAD3D4-DFB2-4239-843A-2447730E72ED}" = protocol=6 | dir=out | app=system |
"{B9B2FA1F-2C68-4B69-A42D-DB9638A65365}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur™\blur.exe |
"{BAD4181D-DC21-4D3A-86CA-92A0C612CC63}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BC532312-B76A-4382-9B00-CDD2F8084450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7883CE2-4135-4E8C-A5B3-38C431B647CE}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{C94915D5-B9A3-4EDB-9AC5-B120211AF25D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{C974E6E4-C176-4F53-A9F8-EA126CE40A72}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D0CFF87E-DFD0-41C0-BFA0-A5B8DE622C4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2801AA4-9390-4D0F-B3DE-30E5A3BF4B00}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D38652D4-5863-434D-9DE9-0A810CB82382}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D5729749-D88B-4DF3-B28E-CE3961A3B7AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9F568E4-2D6A-47E1-B9FE-A5246272265A}" = protocol=17 | dir=in | app=c:\program files (x86)\blubster\blubster.exe |
"{E3097E8B-B3A8-4355-AC4C-1FDD74732EF0}" = protocol=58 | dir=in | [email protected],-28545 |
"{E6654A62-C735-4DD5-9E86-0EC81841C210}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EA6E673A-4478-403C-80F6-E6952C9DE8BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE4B226B-6515-493F-B74D-A1CC713FBB2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB415FC-FB0A-4899-88A2-CDBDA55E4A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\3d vision\nvstview.exe |
"{EF50635C-822A-4DAB-8A9A-1920E1FBD0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F1E6116D-5E8A-40D3-9241-455EB1854B59}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F1E632FB-256E-4FDA-9A08-95E55DFAB1B3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{F2F12ECC-500E-4EC9-973A-0FAB99A09767}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{F7E9B19B-8899-4DD8-A254-05ADBC5F0B7B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F80F79A5-DDE1-4FAB-93F0-3DAB4C5FBC3B}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{FEE18470-4040-4052-AC2D-D5F19B6BD4E7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"TCP Query User{30E9CDDE-DE3F-499D-AC7B-92EBDCE9D0C6}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{3188541D-E01C-4A33-AC23-13E1E71E03F4}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{3AAC2912-13A3-4E64-BA34-54B4A876278C}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"TCP Query User{3CE7D616-4AEC-46DF-8A51-626E86275656}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"TCP Query User{4E274F48-2406-46CD-BBF2-FED77CC295BA}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{655A6036-AA21-4503-8B38-B3199D6C9495}C:\program files (x86)\electronic arts\nfs world\data\nfswo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\nfs world\data\nfswo.exe |
"TCP Query User{66A4A82A-C5CC-4A0E-8109-D4FDD0DDBF9C}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe |
"TCP Query User{6BEB860A-F2F5-4D5A-96DD-D479A37C3DF0}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"TCP Query User{74C3112B-079F-4EE4-BE05-26301D053996}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"TCP Query User{75ADDE8A-D187-4955-B449-6517CF9FA2E2}C:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe" = protocol=6 | dir=in | app=c:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe |
"TCP Query User{7637EDD7-CDCE-4B0B-B537-D56A7A2317A0}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"TCP Query User{7EC190B3-3B8E-4FB8-8D17-311FD58A2518}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"TCP Query User{808F0DA4-9747-414D-9FE2-FDDABA3B8692}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{80EC146D-C599-4E17-9C91-BC69C80BCE08}C:\users\flipp\appdata\roaming\siytcu\ruawu.exe" = protocol=6 | dir=in | app=c:\users\flipp\appdata\roaming\siytcu\ruawu.exe |
"TCP Query User{83DD15E5-9392-4612-B7ED-14AD8EF36EE6}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{847C6D32-D7DE-445E-932F-6308B39AC4EA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{858B59BF-31EE-493C-9DDF-449D709D9D8D}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"TCP Query User{99A46B6B-160C-448E-B3F0-D2EC8B3FD900}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{B5A83A8B-DE1C-4FBF-8FFE-A1FDEDAA23E7}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{C1D30453-11FA-4AA1-9BEB-23FE79009994}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"TCP Query User{C8B76827-8A60-448D-9405-B965C12CC459}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{CF6CDF34-183F-4532-8E00-53E5AB6E333D}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"TCP Query User{FCFF19A4-E951-4CE4-9C0C-CA38BD6675E8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{113225B7-C27D-46B8-B995-891F8646FDA1}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"UDP Query User{1F93ADB8-8F09-4E3C-A0C5-F547717F21BA}C:\program files (x86)\electronic arts\nfs world\data\nfswo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\nfs world\data\nfswo.exe |
"UDP Query User{2D4B5599-4397-4289-8288-FDC28D26D108}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{41E24003-89E9-4F6D-9FE9-64D7D86345DF}C:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe" = protocol=17 | dir=in | app=c:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe |
"UDP Query User{48BCD3A6-A71F-4F89-B473-D33B80F3DA96}C:\users\flipp\appdata\roaming\siytcu\ruawu.exe" = protocol=17 | dir=in | app=c:\users\flipp\appdata\roaming\siytcu\ruawu.exe |
"UDP Query User{4B2FC93D-FACA-417E-BACC-AA397167C36D}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"UDP Query User{5006CC6C-A538-49A3-BB93-F2FB92C9E93B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{58076FA1-6F92-4775-91AF-BE24B47EAE18}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{59EF4499-880C-4D0F-BBCF-F7474D543169}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"UDP Query User{6A2E42F7-7FE4-4EB5-974C-1DAE70881ECB}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{792AC3CC-A6AD-4E6F-8FF4-6CE018A02184}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"UDP Query User{7E69E347-F200-42C5-880C-3F49F8D640AF}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe |
"UDP Query User{90488EE6-A90B-41C8-970A-45A040B1AC54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{96DAF15E-0051-40C2-9DD0-2681CD5EEA9F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{97E3A2CF-4339-4F06-9733-6D6850190234}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{A3E8EF9C-B398-47F8-81E0-4A55C2A8DB39}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"UDP Query User{AEF772CD-A478-4C27-8AFE-283C9D26C3F7}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{B2A53909-4414-4654-A741-AF086A6BB5B8}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"UDP Query User{D098317F-B33F-4B17-B4E3-BFA0F45B30FF}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{E1237BC3-9CE9-47BE-97AD-1A290B74821B}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{E414AF33-E26A-42F3-B03E-CA1F08A929C6}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{F2A171C9-D533-4B60-838B-1F0A11536F3D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{FC6C18E2-6536-4ED6-9C9C-0197C6AFBEE2}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.51
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision®
"{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}" = muvee Reveal
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70C23A2D-11F9-4558-AD73-54BFA6F7E75A}" = Button Manager v1.60
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97099A77-2CD0-4C2C-8931-7F0B73CFE0FA}" = SoftMCE Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D3FF6-FFDD-4E4E-B887-4BF378174F04}" = ArcSoft PhotoStudio 6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ARO 2011_is1" = ARO 2011
"avast" = avast! Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW User’s Guide" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur™
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Movie Player Pro ActiveX Control_is1" = Movie Player Pro ActiveX Control
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"WinZip Self-Extractor" = WinZip Self-Extractor
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Wayne
  • 0

#19
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
It logged me out of this site this time.

I changed the internet, but that did not seem to help at all, so put it back, as it changed all my setting and is slower, sorry if I did wrong there.

Another silly problem, but it might help you understand whatever this problem is more, is that if I go to the Forza site, {I am in the UK} And if I hit the UK or USA site, nothing comes up in the main page, all I can see is Media, news and so and so, then all is black until I scroll down the whole page then I just see the odd bit down the bottom like turn 10. If I go to the UK part, it’s the same again, but the site asks me to install Silverlight. Also on the site if you click Forza Motorsport 4, you get tracks and cars, and I know if your in the UK you get to a huge page of this, but I get nothing.

http://forzamotorspo...us/Default.aspx

Wayne
  • 0

#20
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Hi and thx for your help and time again, however I am now going out for the night, but will be here all day tomorrow.

Wayne
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Odd that, and it keeps asking me to fix the other errors and buy.

I'm suspecting you may have inadvertently downloaded a rogue piece of software...not to worry we should be able to rectify this.

Actually I am not seeing any indication that ComboFix has been ran at all, if what you downloaded is still on the desktop(though I am not seeing anything in the logs posted) delete it please and we will download run the legitimate version of ComboFix at a later date.

I changed the internet, but that did not seem to help at all, so put it back, as it changed all my setting and is slower, sorry if I did wrong there.

OK not a problem.

With regard to the problems with the web-page you mentioned most likely due to the malware still on your system, actually it would be better if you limit your online activity until we have eradicated all. A inconvenience I know but probably for the best in the long run.

Hi and thx for your help and time again, however I am now going out for the night, but will be here all day tomorrow.

Fair play and you're welcome!

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start(Vista Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 9.4.5
HijackThis 2.0.2 <-- Out of date and not 64 bit compatible.
Java™ 6 Update 27 (64-bit)
Java™ 6 Update 26
Java™ 6 Update 7


To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cpl

Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On( recommended) >> Apply >> OK.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
[2010/03/10 14:44:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/10 14:43:51 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
@Alternate Data Stream - 16 bytes -> C:\Users\FLIPP\Documents\Shareaza Downloads:Shareaza.GUID

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#22
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Windows\SysWOW64\PnkBstrA.exe moved successfully.
C:\Windows\SysWOW64\PnkBstrB.exe moved successfully.
Unable to delete ADS C:\Users\FLIPP\Documents\Shareaza Downloads:Shareaza.GUID .
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: FLIPP
->Flash cache emptied: 57093 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56504 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FLIPP
->Temp folder emptied: 2795153 bytes
->Temporary Internet Files folder emptied: 26602385 bytes
->Java cache emptied: 306049 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43651679 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 758 bytes
RecycleBin emptied: 858783498 bytes

Total Files Cleaned = 889.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.5 log created on 08282011_123952

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF9887.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF988F.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF98E8.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF98F1.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF9918.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF9920.tmp not found!
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QEOD49XR\login_status[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9360BSB\like[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9360BSB\tweet_button[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7YZ1J9\fastbutton[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8D7YZ1J9\page__st__15[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19OGO77Z\search[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


Wayne
  • 0

#23
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/08/2011 12:58:50
mbam-log-2011-08-28 (12-58-50).txt

Scan type: Quick scan
Objects scanned: 180481
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Wayne
  • 0

#24
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Still the same internet problems and other, however as I said before, its running a lot faster.

Wayne
  • 0

#25
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Just thought I would say, as this might help you. When I go to the UK Forza site {this is why I think I can’t see all the site} it asks me to DL Silverlight, but when I try to, my comp tells me I all ready have a newer version.

Wayne
  • 0

Advertisements


#26
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Hi there, I know you said to do nothing on my own, but ran a full malwear scan, hope/imagine that was ok by you. Ho and when I asked my internet provides to help my, they are Sky, they said I most proberly had missing softwear.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/08/2011 19:31:57
mbam-log-2011-08-28 (19-31-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 411362
Time elapsed: 1 hour(s), 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Wayne
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Still the same internet problems and other, however as I said before, its running a lot faster.

OK.

Just thought I would say, as this might help you. When I go to the UK Forza site {this is why I think I can’t see all the site} it asks me to DL Silverlight, but when I try to, my comp tells me I all ready have a newer version.

No wonder, we have not completed the Malware Removal process yet.

I know you said to do nothing on my own, but ran a full malwear scan, hope/imagine that was ok by you. Ho and when I asked my internet provides to help my, they are Sky, they said I most proberly had missing softwear.

No harm done but please no more self fixes OK, thank you. As for ISP support, they have limited if any actual experience with regard to Malware Removal and if you follow any advice from them it will hinder me trying to assist you.

Now lets proceed as follows shall we...

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt. I do not need to review it at this time.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.

  • 0

#28
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Hi there,

I did or will not follow what the Sky people said, as you said they are very limited in what they know, just thought it best I tell you. I expect you know, but there are some Trojans and bits and bobs in quarantine in Malwerebytes you gave me. Also forgot to say, when I received mail saying you have posted, the links on that mail and all others do not work now.

Did the scan, it fixed a 100 errors, but will only fix the other 3392 if I buy. Not sure where the log is from Combofix ??? As nothing popped up after the scan. As the link took me to ARO2011. Problems seem the same.

Wayne
  • 0

#29
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Took off.

Wayne

Edited by waynegr, 28 August 2011 - 05:25 PM.

  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I did or will not follow what the Sky people said, as you said they are very limited in what they know, just thought it best I tell you. I expect you know, but there are some Trojans and bits and bobs in quarantine in Malwerebytes you gave me. Also forgot to say, when I received mail saying you have posted, the links on that mail and all others do not work now.

OK/fair play...what has been quarantined by Malwarebytes' Anti-Malware is fine to leave alone for the time being.

Did the scan, it fixed a 100 errors, but will only fix the other 3392 if I buy. Not sure where the log is from Combofix ??? As nothing popped up after the scan. As the link took me to ARO2011. Problems seem the same.

ARO2011 is what I would deem a rogue type optimising application and it appears to have hooked into your system. Lets see if we can uninstall it first...

Now please go to Start(Vista Orb) >> Control Panel >> Programs and Features and remove the following (if present):

ARO 2011

To do so click once on the above to highlight then click on Uninstall/Change and follow the prompts.

Next:

If it will not uninstall proceed to the below:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select Run as Administrator to run it.
  • Copy the content of the following quote-box(do not copy the word quote) into the main textfield:

    :folderfind
    ARO 2011

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP