Nasty ol Hitman PRO
Started by
Krisiune
, Dec 15 2011 10:14 PM
#1
Posted 15 December 2011 - 10:14 PM
Krisiune
-
- Member
-
- 18 posts
Member
#2
Posted 16 December 2011 - 12:56 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Can you get an OTL log? Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
*********************
As far as I know Hitman creates a service and a driver. We can try removing them and see if that helps:
Right click on Computer and select Manage (Continue) then Services and Applications then Services. In the right pane see if you can find
HitmanPro35CrusaderBoot or anything that says Hitman. Right click on it and select Properties and then change the Startup Type: to Disabled. Apply.
Now in the left pane click on Device Manager. View, Show Hidden Devices. In the right pane look for
HitmanPro35. (I'd look under non-Plug and Play devices first so hit the + in front of that to open it up) If you find it or any other Hitman devices, Right click on it and Uninstall or Disable.
Reboot into regular mode and see if things work better.
If not go back into Safe Mode with Networking and see if you can run:
****************
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
If you get an error: 'illegal operation attempted on a registery key that has been marked for deletion'
just reboot once and it should go away.
Ron
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
*********************
As far as I know Hitman creates a service and a driver. We can try removing them and see if that helps:
Right click on Computer and select Manage (Continue) then Services and Applications then Services. In the right pane see if you can find
HitmanPro35CrusaderBoot or anything that says Hitman. Right click on it and select Properties and then change the Startup Type: to Disabled. Apply.
Now in the left pane click on Device Manager. View, Show Hidden Devices. In the right pane look for
HitmanPro35. (I'd look under non-Plug and Play devices first so hit the + in front of that to open it up) If you find it or any other Hitman devices, Right click on it and Uninstall or Disable.
Reboot into regular mode and see if things work better.
If not go back into Safe Mode with Networking and see if you can run:
****************
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
If you get an error: 'illegal operation attempted on a registery key that has been marked for deletion'
just reboot once and it should go away.
Ron
#3
Posted 17 December 2011 - 12:35 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
Otl.txt:
OTL logfile created on: 12/15/2011 9:50:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emilio\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
3.13 Gb Paging File | 2.66 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 96.99 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.67 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive F: | 3.95 Gb Total Space | 3.95 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Computer Name: EMILIO-PC | User Name: Emilio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/15 21:48:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Emilio\Downloads\OTL.exe
PRC - [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/30 13:25:33 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 10:31:02 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/06/19 21:43:17 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/12/14 16:23:13 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/09 17:40:16 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 17:40:16 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 22:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 22:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2010/09/14 04:46:26 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/26 17:21:02 | 001,956,096 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/12/18 03:55:10 | 000,018,424 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/23 06:45:44 | 000,008,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/17 10:01:06 | 000,022,016 | -H-- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 20:23:25 | 000,220,672 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 20:23:21 | 000,016,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/01 22:37:18 | 000,330,240 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/25 02:40:58 | 007,617,600 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 03:27:26 | 000,155,136 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/27 01:48:46 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 01:36:43 | 002,028,032 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 06:47:48 | 000,073,696 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA6}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Emilio\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/02 04:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 02:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 10:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/06 11:12:12 | 000,000,000 | ---D | M]
[2010/11/08 18:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions
[2010/11/08 18:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/05/01 14:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/14 15:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions
[2011/03/27 10:39:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/04 22:31:40 | 000,000,000 | ---D | M] (ArchiveFacebook) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA6}
[2011/11/18 23:53:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/22 17:19:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(567)
[2011/11/12 11:46:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/03 23:31:31 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/04/02 08:17:59 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2011/07/03 13:47:54 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2011/07/03 13:47:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2009/12/12 23:02:47 | 000,004,554 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\aim-search.xml
[2009/05/03 23:33:13 | 000,000,681 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\ask.xml
[2010/06/05 12:28:39 | 000,001,840 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\bing.xml
[2011/03/24 12:22:02 | 000,000,919 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\conduit.xml
[2009/06/20 22:07:03 | 000,002,399 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\daemon-search.xml
[2011/11/30 22:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/30 22:30:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 10:31:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/30 22:29:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 07:15:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:31:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Emilio\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1717032D-3B4E-4E2D-A2C7-9BADF16B5362}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB459EAD-289D-4EDA-A05B-E072B462A3F6}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fe30d46-c399-11de-96e3-0023aeb3f426}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{5b4b442f-5e16-11de-980d-0023aeb3f426}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4b442f-5e16-11de-980d-0023aeb3f426}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = P1n] -- Reg Error: Key error. File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/12/15 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\WindowsForUs
[2011/12/15 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\RegistryBackups
[2011/12/15 19:17:26 | 000,025,272 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspRegMon32.sys
[2011/12/15 19:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
[2011/12/15 19:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2011/12/15 09:53:09 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\75648066.sys
[2011/12/15 09:48:46 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91174987.sys
[2011/12/15 09:47:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/15 09:47:01 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Emilio\Documents\TDSSKiller.exe
[2011/12/14 08:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/24 12:32:12 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Roaming\SecondLife
[2011/11/24 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\SecondLife
[2011/11/18 10:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/18 10:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 10:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/18 10:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/18 10:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/24 19:37:37 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Emilio\AppData\Roaming\DataSafeDotNet.exe
[2009/07/09 17:48:22 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2009/07/09 17:48:20 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2009/07/09 17:48:18 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[2008/01/30 15:02:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/01/30 14:59:24 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/01/30 14:57:42 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/01/30 14:56:56 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/01/30 14:55:14 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/01/30 14:54:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/01/30 14:54:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/01/30 14:53:32 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/01/30 14:53:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/01/30 14:52:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/15 21:43:25 | 000,603,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 21:43:25 | 000,103,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 21:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 21:38:47 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/12/15 21:33:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 21:27:58 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/12/15 21:06:08 | 000,001,356 | ---- | M] () -- C:\Users\Emilio\AppData\Local\d3d9caps.dat
[2011/12/15 19:35:35 | 000,403,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 09:53:09 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\75648066.sys
[2011/12/15 09:48:46 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91174987.sys
[2011/12/14 22:24:42 | 000,041,861 | ---- | M] () -- C:\MGlogs.zip
[2011/12/14 22:23:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/14 22:23:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/14 22:18:56 | 000,006,162 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_221852.reg
[2011/12/14 21:11:06 | 000,006,918 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_211101.reg
[2011/12/14 19:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 19:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 19:25:48 | 000,002,268 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/12/14 18:43:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 18:26:00 | 001,077,076 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_182549.reg
[2011/12/14 18:24:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\Users\Emilio\AppData\Local\l3af80q8jt7abr
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\ProgramData\l3af80q8jt7abr
[2011/12/14 16:22:08 | 000,116,230 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\nvModes.001
[2011/12/14 15:51:04 | 000,116,230 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\nvModes.dat
[2011/12/14 08:18:29 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/14 08:10:25 | 000,000,868 | ---- | M] () -- C:\Users\Emilio\Desktop\mbam.exe - Shortcut.lnk
[2011/12/13 11:22:31 | 000,090,112 | ---- | M] () -- C:\Users\Emilio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 10:41:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Emilio\Documents\TDSSKiller.exe
[2011/12/12 18:38:10 | 000,025,272 | ---- | M] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspRegMon32.sys
[2011/11/19 00:45:05 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/18 10:38:33 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/15 17:36:51 | 000,000,985 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyscape.lnk
[2011/12/14 22:23:27 | 000,041,861 | ---- | C] () -- C:\MGlogs.zip
[2011/12/14 22:23:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/14 22:23:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/14 22:18:54 | 000,006,162 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_221852.reg
[2011/12/14 21:11:04 | 000,006,918 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_211101.reg
[2011/12/14 19:27:33 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/12/14 19:25:48 | 000,002,268 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/12/14 18:25:51 | 001,077,076 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_182549.reg
[2011/12/14 12:06:57 | 000,009,732 | -HS- | C] () -- C:\Users\Emilio\AppData\Local\l3af80q8jt7abr
[2011/12/14 12:06:57 | 000,009,732 | -HS- | C] () -- C:\ProgramData\l3af80q8jt7abr
[2011/12/14 08:18:29 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/14 08:10:25 | 000,000,868 | ---- | C] () -- C:\Users\Emilio\Desktop\mbam.exe - Shortcut.lnk
[2011/11/18 10:38:33 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/21 17:02:55 | 000,000,112 | ---- | C] () -- C:\ProgramData\nva744w.dat
[2011/07/06 19:21:32 | 000,017,089 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\UserTile.png
[2011/04/02 08:37:53 | 000,138,056 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/04/02 08:37:53 | 000,138,056 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\PnkBstrK.sys
[2011/04/02 08:37:38 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/04/02 08:37:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/20 21:36:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/22 16:49:25 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/06/22 16:49:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2009/06/22 16:49:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2009/06/14 16:27:43 | 000,001,356 | ---- | C] () -- C:\Users\Emilio\AppData\Local\d3d9caps.dat
[2009/05/03 11:54:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/03 11:54:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/03 11:42:32 | 000,090,112 | ---- | C] () -- C:\Users\Emilio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 16:52:26 | 000,003,628 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\wklnhst.dat
[2009/04/22 18:31:17 | 000,116,230 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\nvModes.001
[2009/04/22 18:31:04 | 000,116,230 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\nvModes.dat
[2009/04/17 00:21:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/04/17 00:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/17 00:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/16 21:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/16 21:44:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/16 21:44:19 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/03/25 14:53:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/03/25 14:53:10 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/03/25 14:52:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/03/25 14:50:36 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/03/25 14:50:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/03/25 14:50:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/03/25 14:49:58 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/03/25 14:48:56 | 000,532,480 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/03/25 14:48:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/06/09 16:52:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2008/06/02 15:02:18 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2008/02/03 17:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,403,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,603,960 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 03:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
========== LOP Check ==========
[2009/04/30 10:52:29 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\acccore
[2011/12/14 08:23:28 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Azureus
[2011/12/14 08:23:30 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\DAEMON Tools Lite
[2009/06/20 21:46:34 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\DAEMON Tools Pro
[2009/09/26 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Farm Mania
[2011/04/04 18:41:21 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Guitar Pro 6
[2011/07/05 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Hardcore
[2009/06/22 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\KALiNKOsoft
[2010/10/25 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\LimeWire
[2010/10/27 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\OpenOffice.org
[2010/04/28 16:28:55 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Red Kawa
[2010/04/28 07:40:31 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Regensoft
[2011/07/05 20:40:05 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Sakura
[2011/11/24 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\SecondLife
[2011/04/30 23:00:35 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\SoftGrid Client
[2009/04/30 16:52:27 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Template
[2011/04/28 13:12:16 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\TP
[2011/12/15 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\uTorrent
[2011/12/15 01:25:50 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/14 18:24:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/04/17 00:16:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/17 00:16:02 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/17 00:16:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
Extra:
OTL Extras logfile created on: 12/15/2011 9:50:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emilio\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
3.13 Gb Paging File | 2.66 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 96.99 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.67 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive F: | 3.95 Gb Total Space | 3.95 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Computer Name: EMILIO-PC | User Name: Emilio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = P1n] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD22B6F-2E94-4951-A1F4-7C0BC86A5DB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F15BBC0-88BF-43DE-ADA4-4313E4DD20D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{103D658A-0394-47A0-B4D4-7FAE50EA8A4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{107E68C9-6983-4679-8849-446B5D5604D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{135E0424-6008-475F-9B8D-37A564289A96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E916C26-E68B-477F-BD60-EE411E75A8AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23D8884D-593F-4CC4-8689-1CC9594D6DCB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{258D802C-C543-43C5-B3BB-E1DDFF8046C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2595C49B-4265-4DF6-9E7F-EF21F4350A65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2660DB2B-5E12-4CBB-8A19-0E49BED9C18F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{334BCC69-A246-44B8-B41E-516FED2A5295}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{354513D9-8597-4EEE-B05C-525FACBF094C}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{371D2310-2AA3-4B05-966B-2BD59BA62B88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38473FF4-26AB-40FD-8D27-575D654CB833}" = rport=10243 | protocol=6 | dir=out | app=system |
"{399B344F-2EFA-41B5-8487-5773CC417F3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A16819D-2A20-42F1-BB00-62B91A3B36B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BF948AB-CFDA-425E-9633-DDEC87BEAC28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40840BDB-6EF5-4A04-8236-6D2E769930F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44FC1B5B-92D7-40E9-86E2-F3D9B2566FF5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{479533A5-A552-4994-87ED-E129B264E492}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{489105CC-E613-4E0F-A5FA-105974EC1848}" = lport=3390 | protocol=6 | dir=in | app=system |
"{499B410A-5E13-45D1-BCF8-8228E940AC92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AD1ED7D-ED76-42F0-9076-7DC03B5C957D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4D7A048E-03DB-40AA-8C3B-DF7D8F252F9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4DFBB47D-CA2F-40EB-9146-BA6AD8389C13}" = rport=445 | protocol=6 | dir=out | app=system |
"{51D3E7A5-BAC3-4254-B012-11D13FD9A505}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{536EF8E7-3564-4EE1-B899-CCBBE000575E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{59627E93-623F-47A5-9651-3EBCAAFECC12}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{605154EB-B82D-48FB-9E10-AAC9FF865614}" = lport=10244 | protocol=6 | dir=in | app=system |
"{68367462-C659-4DAE-9772-CEF33A729CAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EB13063-C501-4C09-93B9-7FFA7008B308}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7380004A-6EFD-41C4-9247-D227ADDC7826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8028FB87-30A8-43C5-B82F-BD71170DC56C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{85655507-5B6A-4642-AD21-B641AFA725FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A039EEB-A543-4FCD-961D-E62010471E29}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{98D2D48D-A077-4EC5-861D-F47A72942CDC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D45AFDB-5DDD-4EF3-BD26-1E77F6E223CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4AFC706-32C1-4B34-AD66-C90EBC677876}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8797871-7D22-447A-AD6B-7662DBFB6516}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE1B9177-8205-4934-AF0B-3D3BE42D3B65}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B3824429-D005-4291-82FC-32227D94AA1C}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{B7D451BB-CAA6-40BF-83D9-77DD26441150}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C36E2CDC-D789-4A8E-9A6D-D982DB4CCB60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C78DF19D-12F0-4E0B-BA8D-681809B5EABB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBFE9446-818E-4C81-BF67-039E34190FFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8A6CA45-191C-475B-8256-E39EAD446CCE}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{DAD95132-5A22-4969-B08A-DD81F5F45526}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1BA580D-BAE3-4F11-BC1A-72A6E5ED83FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2DD3193-1686-4ED7-AF3E-DEEF01A93C4B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E8B7A834-2074-4D37-8D16-52BA7B989E25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E901A219-E1AD-4611-A5E2-DFBD34EF877A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9CE89B6-B6FE-496E-A1BF-1781F44DA753}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBCA3AE0-8CCB-4FC7-BB9A-AD6FFE7DAB53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECD79D74-9DC0-401F-80A9-DAD4F448CEB5}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{EDFBB41E-1046-47F2-B6AF-63B1154A1E97}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EFA3E3DF-FD1F-426F-AC63-6E265AD0857D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F175BAF1-48D9-47F3-9940-F8A7E1FCCFA2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F982FF80-BA44-46BC-BA40-B286D59562B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F0D53-6DBA-4A92-9950-2E1DE82A21D2}" = protocol=6 | dir=out | app=system |
"{04758826-351B-439A-A520-238AB7307CD8}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{04E82F89-A2C2-4E0F-8863-B8993C6B21BB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{08ED77DC-3186-464B-8C8F-55CF7E879FC5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{08F11B95-7B05-4E08-A902-4DD82518EF8A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0FD7AF30-C431-4DB5-8186-0DB99B760225}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{10B63F13-0CBD-457E-92CB-AB6479AAD6E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1195CEBB-D153-49F2-B135-E17F24892102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11FB4B52-4CEA-427C-93E9-8B6FB0A95F34}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{12CB4112-7F47-4EB9-838C-A8C4C7AC4389}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13873CC3-FBA0-480C-9AAC-D1F51CB8C6E3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1564D924-3865-4E9C-91AD-150AA6234220}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{16A43817-9A48-4B11-81D6-95E4E63A7A32}" = protocol=1 | dir=out | [email protected],-28544 |
"{16D25800-CE38-4261-96D3-351366498110}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{17DBD9F8-227B-4F3A-8E70-72DD1F01337E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{1B9963E6-F7C1-407D-9CD5-02A8525411C6}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{2530E464-3D2B-4136-8D88-9A1CDE354D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ABA1124-2AEB-4CD0-8D35-69A9294CF3C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31C60FB7-B011-484B-A5A8-71FDD89A477D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{320F5888-EF8C-4CCB-A763-474298C0EAE8}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{331AAD49-D3A0-483C-9383-75CB6B8D3BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34B70028-1820-4375-A208-E4151FABDC66}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{34B7B64D-9E57-4D15-9F18-210ED6446D02}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{3D611DEE-C7F3-4838-BED6-351E143812FF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{406ED2E8-D4BA-4CC6-8B14-2290A8EFFD0D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4248E5CD-01E7-4FF7-BF40-78FADBDF9A7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{429935A9-1B6F-454C-A3B5-975335E8BB48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{441C7721-2869-4C68-B413-2CF37CA958E4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{49F5F390-7E57-4346-8757-D23629C08469}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4C5D8855-3C3B-4EAA-8B73-6F10F5B64E25}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{4F461A33-BFC3-476C-AED9-FCDB8F26A715}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{520C3BA8-3E68-4BFB-A4C6-B74BD06520F6}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{5486BDEF-0FB4-4D4F-BA4E-247B7F13BC75}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{596C1FD8-0763-4F2A-90DC-29D9DD4B1B0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B56B175-12A5-486E-A407-78792BCDFB7A}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{5BB75003-6B3A-4AB9-9C45-BD7A9D2C6DC5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{635924FF-40BE-449A-B71F-365F7B0C2DC9}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{67885D1E-C6A1-4775-A8DF-7CFD20FBAC49}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{67F2038F-D51E-47DF-B8D6-F8DB18E9F220}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{680CD9C3-0FA5-4EDD-81F9-E439934B287A}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{6A9E1FC0-5EFA-4D79-807B-56D464C384CE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6BB64E88-034C-4D19-B320-0A2A0203BF72}" = protocol=58 | dir=out | [email protected],-28546 |
"{6C780524-62D1-47BE-A6BF-ABBBC0EE3013}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7149C423-DB44-4601-B54A-09C7D0420BC9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{716ACF3D-FA3F-482E-9B6B-07CD8552E0FC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{753EDE14-998A-46B3-B21C-C1E580C0F5A8}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{767A426E-831B-439B-8034-D36D5FB58F91}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{76FB75CE-4E6B-460F-B687-579D48D470BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7733D5D2-4CD6-40F1-9EB3-93978429F12D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{779F0145-0E78-40EA-BDB3-CF49E3FC6411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A420D47-C8BB-4BD1-A398-E6B20E0369B2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8228FC4B-DD41-49E2-B276-6092684FBBBF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{850CD972-94A0-4D20-A95C-2315F533ACC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85327995-0E17-4D8C-980F-439B2F2FB597}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{87F00A89-A21B-4211-8CA1-ED5640C9CD7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{887A1AFB-09CA-4329-A0CE-B9CBA5C17C23}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8FD2CBC5-95AB-4FDD-BDC2-E0D50D24585D}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{95B0D490-4989-4A69-98FF-B302B2222928}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{9CE5C2B3-2608-430C-826A-7302B5C9A7EF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A32378D1-764E-46A4-AB57-D224E5A3687C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A5005EE6-FF3C-4AB3-87EE-3F8F67D773F4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A94956A2-392E-42F4-88B0-298569AAC6AA}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{ABA89BD6-C07E-49C2-B145-DB2658240FEB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AC7C0B77-30AD-4573-B370-335CC38164F6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AD74DA04-9FDB-41B4-B2F3-C4443309EE96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFB58D97-4358-4119-B90B-4B4922000815}" = protocol=58 | dir=in | [email protected],-28545 |
"{D187FB95-0B42-4A07-A7CA-7F8B9D9B174B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E427B9BF-F990-4B65-A9C4-C86A6F8A1012}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E620A16A-A9A8-46D8-A0E6-F22D02F6DFED}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EB4A63A7-6F22-4C6B-869E-4D84B5F91B8F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ECDB9873-CC06-4953-8FBA-04E365B7D035}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F1B6A61F-5167-4241-AF03-DFA5E45A5606}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F56E6A27-EA98-4D05-AD2F-B62DBE903573}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F5B2BF61-0C6C-4898-903C-86B12961DD5F}" = protocol=1 | dir=in | [email protected],-28543 |
"{F7662768-3FB8-4571-A175-C7B405058A3B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FE94187C-FB66-4BD1-BC12-DF2501FB51C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{8D36F842-0605-429C-9134-3471A6B199B3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{97BD2AA3-E7CF-4F3C-899D-7F845D75E0BC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9C557FD1-8FD2-467F-BC6D-2E8039B38154}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B5ADFCF5-9876-47A8-A5FA-3EF829773B9E}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D11EC185-9FC0-4019-9F02-B35AAF40ADC1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2C555A42-8F54-46B7-9831-D33561A94783}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{6A5B92E7-D44E-42BC-81A4-026D19984554}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7908301F-FCD9-4604-8099-98713ADEF5A6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8803509D-FC5A-4009-BAE6-1E572071D988}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A4F3052F-E72C-44EA-95ED-5A50F3AC8E6D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = RustyHearts PWE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM Toolbar" = AIM Toolbar
"ASIO4ALL" = ASIO4ALL
"AviSynth" = AviSynth 2.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Merck_ManualCe_10.0.7" = Merck_Manual (PocketPC and Smartphone) v 10.0.7 by Skyscape
"Metroid Other M Screensaver" = Metroid Other M Screensaver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PoiZone" = PoiZone
"RegistrarHome_is1" = Registrar Registry Manager 7.00
"Sakura" = Sakura
"Sawer" = Sawer
"smARTupdate" = smARTupdate
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"The KMPlayer" = The KMPlayer (remove only)
"Toxic Biohazard" = Toxic Biohazard
"ULTIMATER" = Microsoft Office Ultimate 2007 Subscription
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Videora iPod Converter" = Videora iPod Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL logfile created on: 12/15/2011 9:50:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emilio\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
3.13 Gb Paging File | 2.66 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 96.99 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.67 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive F: | 3.95 Gb Total Space | 3.95 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Computer Name: EMILIO-PC | User Name: Emilio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/15 21:48:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Emilio\Downloads\OTL.exe
PRC - [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/30 13:25:33 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 10:31:02 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/06/19 21:43:17 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/12/14 16:23:13 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 16:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/09 17:40:16 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 17:40:16 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 22:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 22:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/21 12:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 12:35:04 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2010/09/14 04:46:26 | 000,019,304 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/26 17:21:02 | 001,956,096 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/12/18 03:55:10 | 000,018,424 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 17:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/23 06:45:44 | 000,008,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/17 10:01:06 | 000,022,016 | -H-- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 20:23:25 | 000,220,672 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 20:23:21 | 000,016,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/01 22:37:18 | 000,330,240 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/25 02:40:58 | 007,617,600 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 03:27:26 | 000,155,136 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/27 01:48:46 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 01:36:43 | 002,028,032 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 06:47:48 | 000,073,696 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | -H-- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA6}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Emilio\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/02 04:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 02:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 10:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/06 11:12:12 | 000,000,000 | ---D | M]
[2010/11/08 18:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions
[2010/11/08 18:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/05/01 14:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/14 15:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions
[2011/03/27 10:39:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/04 22:31:40 | 000,000,000 | ---D | M] (ArchiveFacebook) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA6}
[2011/11/18 23:53:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/22 17:19:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(567)
[2011/11/12 11:46:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/03 23:31:31 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/04/02 08:17:59 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2011/07/03 13:47:54 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2011/07/03 13:47:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\extensions\[email protected]
[2009/12/12 23:02:47 | 000,004,554 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\aim-search.xml
[2009/05/03 23:33:13 | 000,000,681 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\ask.xml
[2010/06/05 12:28:39 | 000,001,840 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\bing.xml
[2011/03/24 12:22:02 | 000,000,919 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\conduit.xml
[2009/06/20 22:07:03 | 000,002,399 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\searchplugins\daemon-search.xml
[2011/11/30 22:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/30 22:30:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 10:31:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/30 22:29:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 07:15:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 10:31:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Emilio\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O4 - Startup: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1717032D-3B4E-4E2D-A2C7-9BADF16B5362}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB459EAD-289D-4EDA-A05B-E072B462A3F6}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emilio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fe30d46-c399-11de-96e3-0023aeb3f426}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{5b4b442f-5e16-11de-980d-0023aeb3f426}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4b442f-5e16-11de-980d-0023aeb3f426}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = P1n] -- Reg Error: Key error. File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/12/15 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\WindowsForUs
[2011/12/15 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\RegistryBackups
[2011/12/15 19:17:26 | 000,025,272 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspRegMon32.sys
[2011/12/15 19:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager
[2011/12/15 19:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2011/12/15 09:53:09 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\75648066.sys
[2011/12/15 09:48:46 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91174987.sys
[2011/12/15 09:47:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/15 09:47:01 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Emilio\Documents\TDSSKiller.exe
[2011/12/14 08:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/24 12:32:12 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Roaming\SecondLife
[2011/11/24 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Emilio\AppData\Local\SecondLife
[2011/11/18 10:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/18 10:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 10:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/18 10:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/18 10:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/24 19:37:37 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Emilio\AppData\Roaming\DataSafeDotNet.exe
[2009/07/09 17:48:22 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2009/07/09 17:48:20 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2009/07/09 17:48:18 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[2008/01/30 15:02:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/01/30 14:59:24 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/01/30 14:57:42 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/01/30 14:56:56 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/01/30 14:55:14 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/01/30 14:54:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/01/30 14:54:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/01/30 14:53:32 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/01/30 14:53:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/01/30 14:52:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/15 21:43:25 | 000,603,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 21:43:25 | 000,103,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 21:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 21:38:47 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/12/15 21:33:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 21:27:58 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/12/15 21:06:08 | 000,001,356 | ---- | M] () -- C:\Users\Emilio\AppData\Local\d3d9caps.dat
[2011/12/15 19:35:35 | 000,403,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 09:53:09 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\75648066.sys
[2011/12/15 09:48:46 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\91174987.sys
[2011/12/14 22:24:42 | 000,041,861 | ---- | M] () -- C:\MGlogs.zip
[2011/12/14 22:23:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/14 22:23:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/14 22:18:56 | 000,006,162 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_221852.reg
[2011/12/14 21:11:06 | 000,006,918 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_211101.reg
[2011/12/14 19:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 19:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 19:25:48 | 000,002,268 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/12/14 18:43:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 18:26:00 | 001,077,076 | ---- | M] () -- C:\Users\Emilio\Documents\cc_20111214_182549.reg
[2011/12/14 18:24:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\Users\Emilio\AppData\Local\l3af80q8jt7abr
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\ProgramData\l3af80q8jt7abr
[2011/12/14 16:22:08 | 000,116,230 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\nvModes.001
[2011/12/14 15:51:04 | 000,116,230 | ---- | M] () -- C:\Users\Emilio\AppData\Roaming\nvModes.dat
[2011/12/14 08:18:29 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/14 08:10:25 | 000,000,868 | ---- | M] () -- C:\Users\Emilio\Desktop\mbam.exe - Shortcut.lnk
[2011/12/13 11:22:31 | 000,090,112 | ---- | M] () -- C:\Users\Emilio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 10:41:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Emilio\Documents\TDSSKiller.exe
[2011/12/12 18:38:10 | 000,025,272 | ---- | M] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspRegMon32.sys
[2011/11/19 00:45:05 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/18 10:38:33 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/15 17:36:51 | 000,000,985 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyscape.lnk
[2011/12/14 22:23:27 | 000,041,861 | ---- | C] () -- C:\MGlogs.zip
[2011/12/14 22:23:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/14 22:23:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/14 22:18:54 | 000,006,162 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_221852.reg
[2011/12/14 21:11:04 | 000,006,918 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_211101.reg
[2011/12/14 19:27:33 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/12/14 19:25:48 | 000,002,268 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/12/14 18:25:51 | 001,077,076 | ---- | C] () -- C:\Users\Emilio\Documents\cc_20111214_182549.reg
[2011/12/14 12:06:57 | 000,009,732 | -HS- | C] () -- C:\Users\Emilio\AppData\Local\l3af80q8jt7abr
[2011/12/14 12:06:57 | 000,009,732 | -HS- | C] () -- C:\ProgramData\l3af80q8jt7abr
[2011/12/14 08:18:29 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/14 08:10:25 | 000,000,868 | ---- | C] () -- C:\Users\Emilio\Desktop\mbam.exe - Shortcut.lnk
[2011/11/18 10:38:33 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/21 17:02:55 | 000,000,112 | ---- | C] () -- C:\ProgramData\nva744w.dat
[2011/07/06 19:21:32 | 000,017,089 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\UserTile.png
[2011/04/02 08:37:53 | 000,138,056 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/04/02 08:37:53 | 000,138,056 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\PnkBstrK.sys
[2011/04/02 08:37:38 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/04/02 08:37:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/20 21:36:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/22 16:49:25 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/06/22 16:49:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2009/06/22 16:49:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2009/06/14 16:27:43 | 000,001,356 | ---- | C] () -- C:\Users\Emilio\AppData\Local\d3d9caps.dat
[2009/05/03 11:54:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/03 11:54:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/03 11:42:32 | 000,090,112 | ---- | C] () -- C:\Users\Emilio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 16:52:26 | 000,003,628 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\wklnhst.dat
[2009/04/22 18:31:17 | 000,116,230 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\nvModes.001
[2009/04/22 18:31:04 | 000,116,230 | ---- | C] () -- C:\Users\Emilio\AppData\Roaming\nvModes.dat
[2009/04/17 00:21:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/04/17 00:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/17 00:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/16 21:44:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/16 21:44:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/16 21:44:19 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/03/25 14:53:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/03/25 14:53:10 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/03/25 14:52:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/03/25 14:50:36 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/03/25 14:50:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/03/25 14:50:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/03/25 14:49:58 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/03/25 14:48:56 | 000,532,480 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/03/25 14:48:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/06/09 16:52:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2008/06/02 15:02:18 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2008/02/03 17:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,403,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,603,960 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 03:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
========== LOP Check ==========
[2009/04/30 10:52:29 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\acccore
[2011/12/14 08:23:28 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Azureus
[2011/12/14 08:23:30 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\DAEMON Tools Lite
[2009/06/20 21:46:34 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\DAEMON Tools Pro
[2009/09/26 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Farm Mania
[2011/04/04 18:41:21 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Guitar Pro 6
[2011/07/05 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Hardcore
[2009/06/22 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\KALiNKOsoft
[2010/10/25 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\LimeWire
[2010/10/27 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\OpenOffice.org
[2010/04/28 16:28:55 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Red Kawa
[2010/04/28 07:40:31 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Regensoft
[2011/07/05 20:40:05 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Sakura
[2011/11/24 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\SecondLife
[2011/04/30 23:00:35 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\SoftGrid Client
[2009/04/30 16:52:27 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\Template
[2011/04/28 13:12:16 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\TP
[2011/12/15 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Emilio\AppData\Roaming\uTorrent
[2011/12/15 01:25:50 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/14 18:24:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/04/17 00:16:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009/04/17 00:16:02 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/17 00:16:02 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/17 00:16:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 20:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 20:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 10:31:02 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode [2011/11/09 10:31:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 20:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
Extra:
OTL Extras logfile created on: 12/15/2011 9:50:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emilio\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
3.13 Gb Paging File | 2.66 Gb Available in Paging File | 84.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 96.99 Gb Free Space | 33.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.67 Gb Free Space | 26.67% Space Free | Partition Type: NTFS
Drive F: | 3.95 Gb Total Space | 3.95 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Computer Name: EMILIO-PC | User Name: Emilio | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = P1n] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD22B6F-2E94-4951-A1F4-7C0BC86A5DB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F15BBC0-88BF-43DE-ADA4-4313E4DD20D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{103D658A-0394-47A0-B4D4-7FAE50EA8A4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{107E68C9-6983-4679-8849-446B5D5604D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{135E0424-6008-475F-9B8D-37A564289A96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E916C26-E68B-477F-BD60-EE411E75A8AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23D8884D-593F-4CC4-8689-1CC9594D6DCB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{258D802C-C543-43C5-B3BB-E1DDFF8046C3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2595C49B-4265-4DF6-9E7F-EF21F4350A65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2660DB2B-5E12-4CBB-8A19-0E49BED9C18F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{334BCC69-A246-44B8-B41E-516FED2A5295}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{354513D9-8597-4EEE-B05C-525FACBF094C}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{371D2310-2AA3-4B05-966B-2BD59BA62B88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38473FF4-26AB-40FD-8D27-575D654CB833}" = rport=10243 | protocol=6 | dir=out | app=system |
"{399B344F-2EFA-41B5-8487-5773CC417F3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A16819D-2A20-42F1-BB00-62B91A3B36B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BF948AB-CFDA-425E-9633-DDEC87BEAC28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40840BDB-6EF5-4A04-8236-6D2E769930F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44FC1B5B-92D7-40E9-86E2-F3D9B2566FF5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{479533A5-A552-4994-87ED-E129B264E492}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{489105CC-E613-4E0F-A5FA-105974EC1848}" = lport=3390 | protocol=6 | dir=in | app=system |
"{499B410A-5E13-45D1-BCF8-8228E940AC92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AD1ED7D-ED76-42F0-9076-7DC03B5C957D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4D7A048E-03DB-40AA-8C3B-DF7D8F252F9A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4DFBB47D-CA2F-40EB-9146-BA6AD8389C13}" = rport=445 | protocol=6 | dir=out | app=system |
"{51D3E7A5-BAC3-4254-B012-11D13FD9A505}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{536EF8E7-3564-4EE1-B899-CCBBE000575E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{59627E93-623F-47A5-9651-3EBCAAFECC12}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{605154EB-B82D-48FB-9E10-AAC9FF865614}" = lport=10244 | protocol=6 | dir=in | app=system |
"{68367462-C659-4DAE-9772-CEF33A729CAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EB13063-C501-4C09-93B9-7FFA7008B308}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7380004A-6EFD-41C4-9247-D227ADDC7826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8028FB87-30A8-43C5-B82F-BD71170DC56C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{85655507-5B6A-4642-AD21-B641AFA725FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A039EEB-A543-4FCD-961D-E62010471E29}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{98D2D48D-A077-4EC5-861D-F47A72942CDC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D45AFDB-5DDD-4EF3-BD26-1E77F6E223CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4AFC706-32C1-4B34-AD66-C90EBC677876}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8797871-7D22-447A-AD6B-7662DBFB6516}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE1B9177-8205-4934-AF0B-3D3BE42D3B65}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B3824429-D005-4291-82FC-32227D94AA1C}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{B7D451BB-CAA6-40BF-83D9-77DD26441150}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C36E2CDC-D789-4A8E-9A6D-D982DB4CCB60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C78DF19D-12F0-4E0B-BA8D-681809B5EABB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBFE9446-818E-4C81-BF67-039E34190FFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8A6CA45-191C-475B-8256-E39EAD446CCE}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{DAD95132-5A22-4969-B08A-DD81F5F45526}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1BA580D-BAE3-4F11-BC1A-72A6E5ED83FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2DD3193-1686-4ED7-AF3E-DEEF01A93C4B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E8B7A834-2074-4D37-8D16-52BA7B989E25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E901A219-E1AD-4611-A5E2-DFBD34EF877A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9CE89B6-B6FE-496E-A1BF-1781F44DA753}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBCA3AE0-8CCB-4FC7-BB9A-AD6FFE7DAB53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECD79D74-9DC0-401F-80A9-DAD4F448CEB5}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{EDFBB41E-1046-47F2-B6AF-63B1154A1E97}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EFA3E3DF-FD1F-426F-AC63-6E265AD0857D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F175BAF1-48D9-47F3-9940-F8A7E1FCCFA2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F982FF80-BA44-46BC-BA40-B286D59562B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F0D53-6DBA-4A92-9950-2E1DE82A21D2}" = protocol=6 | dir=out | app=system |
"{04758826-351B-439A-A520-238AB7307CD8}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{04E82F89-A2C2-4E0F-8863-B8993C6B21BB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{08ED77DC-3186-464B-8C8F-55CF7E879FC5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{08F11B95-7B05-4E08-A902-4DD82518EF8A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0FD7AF30-C431-4DB5-8186-0DB99B760225}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{10B63F13-0CBD-457E-92CB-AB6479AAD6E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1195CEBB-D153-49F2-B135-E17F24892102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11FB4B52-4CEA-427C-93E9-8B6FB0A95F34}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{12CB4112-7F47-4EB9-838C-A8C4C7AC4389}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13873CC3-FBA0-480C-9AAC-D1F51CB8C6E3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1564D924-3865-4E9C-91AD-150AA6234220}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{16A43817-9A48-4B11-81D6-95E4E63A7A32}" = protocol=1 | dir=out | [email protected],-28544 |
"{16D25800-CE38-4261-96D3-351366498110}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{17DBD9F8-227B-4F3A-8E70-72DD1F01337E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{1B9963E6-F7C1-407D-9CD5-02A8525411C6}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{2530E464-3D2B-4136-8D88-9A1CDE354D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ABA1124-2AEB-4CD0-8D35-69A9294CF3C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31C60FB7-B011-484B-A5A8-71FDD89A477D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{320F5888-EF8C-4CCB-A763-474298C0EAE8}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{331AAD49-D3A0-483C-9383-75CB6B8D3BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34B70028-1820-4375-A208-E4151FABDC66}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{34B7B64D-9E57-4D15-9F18-210ED6446D02}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{3D611DEE-C7F3-4838-BED6-351E143812FF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{406ED2E8-D4BA-4CC6-8B14-2290A8EFFD0D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4248E5CD-01E7-4FF7-BF40-78FADBDF9A7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{429935A9-1B6F-454C-A3B5-975335E8BB48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{441C7721-2869-4C68-B413-2CF37CA958E4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{49F5F390-7E57-4346-8757-D23629C08469}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4C5D8855-3C3B-4EAA-8B73-6F10F5B64E25}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{4F461A33-BFC3-476C-AED9-FCDB8F26A715}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{520C3BA8-3E68-4BFB-A4C6-B74BD06520F6}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{5486BDEF-0FB4-4D4F-BA4E-247B7F13BC75}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{596C1FD8-0763-4F2A-90DC-29D9DD4B1B0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B56B175-12A5-486E-A407-78792BCDFB7A}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{5BB75003-6B3A-4AB9-9C45-BD7A9D2C6DC5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{635924FF-40BE-449A-B71F-365F7B0C2DC9}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{67885D1E-C6A1-4775-A8DF-7CFD20FBAC49}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{67F2038F-D51E-47DF-B8D6-F8DB18E9F220}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{680CD9C3-0FA5-4EDD-81F9-E439934B287A}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{6A9E1FC0-5EFA-4D79-807B-56D464C384CE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6BB64E88-034C-4D19-B320-0A2A0203BF72}" = protocol=58 | dir=out | [email protected],-28546 |
"{6C780524-62D1-47BE-A6BF-ABBBC0EE3013}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7149C423-DB44-4601-B54A-09C7D0420BC9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{716ACF3D-FA3F-482E-9B6B-07CD8552E0FC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{753EDE14-998A-46B3-B21C-C1E580C0F5A8}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{767A426E-831B-439B-8034-D36D5FB58F91}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{76FB75CE-4E6B-460F-B687-579D48D470BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7733D5D2-4CD6-40F1-9EB3-93978429F12D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{779F0145-0E78-40EA-BDB3-CF49E3FC6411}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A420D47-C8BB-4BD1-A398-E6B20E0369B2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8228FC4B-DD41-49E2-B276-6092684FBBBF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{850CD972-94A0-4D20-A95C-2315F533ACC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85327995-0E17-4D8C-980F-439B2F2FB597}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{87F00A89-A21B-4211-8CA1-ED5640C9CD7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{887A1AFB-09CA-4329-A0CE-B9CBA5C17C23}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8FD2CBC5-95AB-4FDD-BDC2-E0D50D24585D}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{95B0D490-4989-4A69-98FF-B302B2222928}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{9CE5C2B3-2608-430C-826A-7302B5C9A7EF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A32378D1-764E-46A4-AB57-D224E5A3687C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A5005EE6-FF3C-4AB3-87EE-3F8F67D773F4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A94956A2-392E-42F4-88B0-298569AAC6AA}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{ABA89BD6-C07E-49C2-B145-DB2658240FEB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AC7C0B77-30AD-4573-B370-335CC38164F6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AD74DA04-9FDB-41B4-B2F3-C4443309EE96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFB58D97-4358-4119-B90B-4B4922000815}" = protocol=58 | dir=in | [email protected],-28545 |
"{D187FB95-0B42-4A07-A7CA-7F8B9D9B174B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E427B9BF-F990-4B65-A9C4-C86A6F8A1012}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E620A16A-A9A8-46D8-A0E6-F22D02F6DFED}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EB4A63A7-6F22-4C6B-869E-4D84B5F91B8F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ECDB9873-CC06-4953-8FBA-04E365B7D035}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F1B6A61F-5167-4241-AF03-DFA5E45A5606}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F56E6A27-EA98-4D05-AD2F-B62DBE903573}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F5B2BF61-0C6C-4898-903C-86B12961DD5F}" = protocol=1 | dir=in | [email protected],-28543 |
"{F7662768-3FB8-4571-A175-C7B405058A3B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FE94187C-FB66-4BD1-BC12-DF2501FB51C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{8D36F842-0605-429C-9134-3471A6B199B3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{97BD2AA3-E7CF-4F3C-899D-7F845D75E0BC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9C557FD1-8FD2-467F-BC6D-2E8039B38154}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B5ADFCF5-9876-47A8-A5FA-3EF829773B9E}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{D11EC185-9FC0-4019-9F02-B35AAF40ADC1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2C555A42-8F54-46B7-9831-D33561A94783}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{6A5B92E7-D44E-42BC-81A4-026D19984554}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{7908301F-FCD9-4604-8099-98713ADEF5A6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8803509D-FC5A-4009-BAE6-1E572071D988}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A4F3052F-E72C-44EA-95ED-5A50F3AC8E6D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = RustyHearts PWE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM Toolbar" = AIM Toolbar
"ASIO4ALL" = ASIO4ALL
"AviSynth" = AviSynth 2.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Merck_ManualCe_10.0.7" = Merck_Manual (PocketPC and Smartphone) v 10.0.7 by Skyscape
"Metroid Other M Screensaver" = Metroid Other M Screensaver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PoiZone" = PoiZone
"RegistrarHome_is1" = Registrar Registry Manager 7.00
"Sakura" = Sakura
"Sawer" = Sawer
"smARTupdate" = smARTupdate
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"The KMPlayer" = The KMPlayer (remove only)
"Toxic Biohazard" = Toxic Biohazard
"ULTIMATER" = Microsoft Office Ultimate 2007 Subscription
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Videora iPod Converter" = Videora iPod Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 2.03
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#4
Posted 17 December 2011 - 12:56 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the text in the code box by highlighting and Ctrl + c
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
:processes
killallprocesses
:Services
Boot
HitmanPro35CrusaderBoot
:OTL
SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\Users\Emilio\AppData\Local\l3af80q8jt7abr
[2011/12/14 17:26:27 | 000,009,732 | -HS- | M] () -- C:\ProgramData\l3af80q8jt7abr
[2011/12/15 19:17:26 | 000,025,272 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspRegMon32.sys
:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config boot start= disabled /c
sc config HitmanPro35CrusaderBoot start= disabled /c
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
#5
Posted 17 December 2011 - 01:10 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
ComboFix 11-12-16.03 - Emilio 12/17/2011 0:54.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2518 [GMT -6:00]
Running from: c:\users\Emilio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emilio\metroid_otherm_screensaver.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 07:02 . 2011-12-17 07:03 -------- d-----w- c:\users\Emilio\AppData\Local\temp
2011-12-17 07:02 . 2011-12-17 07:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-12-17 07:02 . 2011-12-17 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 06:38 . 2011-12-17 06:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCF6630F-CFA4-4E03-9857-AB005FA3B878}\offreg.dll
2011-12-16 17:14 . 2011-12-16 17:14 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-16 17:14 . 2011-12-16 17:14 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-16 02:01 . 2011-12-16 02:01 -------- d-----w- c:\users\Emilio\AppData\Local\WindowsForUs
2011-12-16 02:00 . 2010-03-23 10:16 51712 ----a-w- c:\program files\Common Files\System\uninstall.exe
2011-12-16 01:26 . 2011-12-16 01:26 -------- d-----w- c:\users\Emilio\AppData\Local\RegistryBackups
2011-12-16 01:17 . 2011-12-16 01:52 -------- d-----w- c:\program files\Registrar Registry Manager
2011-12-16 01:17 . 2011-12-13 00:38 25272 ----a-w- c:\windows\system32\drivers\rspRegMon32.sys
2011-12-15 15:53 . 2011-12-15 15:53 94896 ---ha-w- c:\windows\system32\drivers\75648066.sys
2011-12-15 15:48 . 2011-12-15 15:48 94896 ---ha-w- c:\windows\system32\drivers\91174987.sys
2011-12-15 15:47 . 2011-12-15 15:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-14 17:08 . 2011-12-14 17:08 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 14:18 . 2011-12-14 14:18 -------- d-----w- c:\program files\CCleaner
2011-12-13 12:32 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCF6630F-CFA4-4E03-9857-AB005FA3B878}\mpengine.dll
2011-11-24 18:32 . 2011-11-24 18:32 -------- d-----w- c:\users\Emilio\AppData\Roaming\SecondLife
2011-11-24 18:32 . 2011-11-24 18:34 -------- d-----w- c:\users\Emilio\AppData\Local\SecondLife
2011-11-18 16:37 . 2011-11-18 16:37 -------- d-----w- c:\program files\iPod
2011-11-18 16:37 . 2011-11-18 16:38 -------- d-----w- c:\program files\iTunes
2011-11-18 16:33 . 2011-11-18 16:33 -------- d-----w- c:\program files\Bonjour
2011-11-18 16:30 . 2011-11-18 16:30 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:24 . 2011-12-15 04:23 41861 ----a-w- C:\MGlogs.zip
2011-12-01 04:29 . 2010-10-27 21:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-30 19:25 . 2011-05-19 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 16:25 . 2011-10-03 16:25 679936 ----a-w- c:\windows\system32\Metr6857.scr
2011-11-09 16:31 . 2011-07-25 20:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 23:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-13 399736]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-16 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-19 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
IMVU.lnk - c:\users\Emilio\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-4-16 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-16 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-09 594600]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 gupdate1c9cc176b0128d0;Google Update Service (gupdate1c9cc176b0128d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\Emilio\Downloads\HitmanPro35.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 17:48]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 17:48]
.
2011-12-15 c:\windows\Tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-smARTupdate - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 01:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Emilio\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\Emilio\Downloads\HitmanPro35.exe\" /crusader:boot"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hitmanpro35]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro35.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-17 01:05:42
ComboFix-quarantined-files.txt 2011-12-17 07:05
.
Pre-Run: 104,308,535,296 bytes free
Post-Run: 104,544,235,520 bytes free
.
- - End Of File - - A9EC050EDC47FB3B5648358CB9634374
When in the beginning it said, "Could not perform, check under administrator", when I ran under administrator and did this after scan number 32.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2518 [GMT -6:00]
Running from: c:\users\Emilio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Emilio\metroid_otherm_screensaver.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 07:02 . 2011-12-17 07:03 -------- d-----w- c:\users\Emilio\AppData\Local\temp
2011-12-17 07:02 . 2011-12-17 07:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-12-17 07:02 . 2011-12-17 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 06:38 . 2011-12-17 06:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCF6630F-CFA4-4E03-9857-AB005FA3B878}\offreg.dll
2011-12-16 17:14 . 2011-12-16 17:14 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-16 17:14 . 2011-12-16 17:14 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-16 02:01 . 2011-12-16 02:01 -------- d-----w- c:\users\Emilio\AppData\Local\WindowsForUs
2011-12-16 02:00 . 2010-03-23 10:16 51712 ----a-w- c:\program files\Common Files\System\uninstall.exe
2011-12-16 01:26 . 2011-12-16 01:26 -------- d-----w- c:\users\Emilio\AppData\Local\RegistryBackups
2011-12-16 01:17 . 2011-12-16 01:52 -------- d-----w- c:\program files\Registrar Registry Manager
2011-12-16 01:17 . 2011-12-13 00:38 25272 ----a-w- c:\windows\system32\drivers\rspRegMon32.sys
2011-12-15 15:53 . 2011-12-15 15:53 94896 ---ha-w- c:\windows\system32\drivers\75648066.sys
2011-12-15 15:48 . 2011-12-15 15:48 94896 ---ha-w- c:\windows\system32\drivers\91174987.sys
2011-12-15 15:47 . 2011-12-15 15:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-14 17:08 . 2011-12-14 17:08 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 14:18 . 2011-12-14 14:18 -------- d-----w- c:\program files\CCleaner
2011-12-13 12:32 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCF6630F-CFA4-4E03-9857-AB005FA3B878}\mpengine.dll
2011-11-24 18:32 . 2011-11-24 18:32 -------- d-----w- c:\users\Emilio\AppData\Roaming\SecondLife
2011-11-24 18:32 . 2011-11-24 18:34 -------- d-----w- c:\users\Emilio\AppData\Local\SecondLife
2011-11-18 16:37 . 2011-11-18 16:37 -------- d-----w- c:\program files\iPod
2011-11-18 16:37 . 2011-11-18 16:38 -------- d-----w- c:\program files\iTunes
2011-11-18 16:33 . 2011-11-18 16:33 -------- d-----w- c:\program files\Bonjour
2011-11-18 16:30 . 2011-11-18 16:30 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:24 . 2011-12-15 04:23 41861 ----a-w- C:\MGlogs.zip
2011-12-01 04:29 . 2010-10-27 21:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-30 19:25 . 2011-05-19 13:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 16:25 . 2011-10-03 16:25 679936 ----a-w- c:\windows\system32\Metr6857.scr
2011-11-09 16:31 . 2011-07-25 20:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 23:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-13 399736]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-16 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-19 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
IMVU.lnk - c:\users\Emilio\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-4-16 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-16 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-09 594600]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 gupdate1c9cc176b0128d0;Google Update Service (gupdate1c9cc176b0128d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\Emilio\Downloads\HitmanPro35.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 17:48]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 17:48]
.
2011-12-15 c:\windows\Tasks\User_Feed_Synchronization-{3478CF13-2C9D-437B-B37B-809FD4B3FDFA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Emilio\AppData\Roaming\Mozilla\Firefox\Profiles\9nuzp5vr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-smARTupdate - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 01:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Emilio\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\Emilio\Downloads\HitmanPro35.exe\" /crusader:boot"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hitmanpro35]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro35.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-17 01:05:42
ComboFix-quarantined-files.txt 2011-12-17 07:05
.
Pre-Run: 104,308,535,296 bytes free
Post-Run: 104,544,235,520 bytes free
.
- - End Of File - - A9EC050EDC47FB3B5648358CB9634374
When in the beginning it said, "Could not perform, check under administrator", when I ran under administrator and did this after scan number 32.
#6
Posted 17 December 2011 - 01:17 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall::
DirLook::
C:\Program Files\Common
%user%\library
File::
c:\users\Emilio\Downloads\HitmanPro35.exe
c:\windows\System32\Drivers\sptd.sys
c:\windows\system32\XDva389.sys
c:\windows\system32\XDva390.sys
Driver::
HitmanPro35CrusaderBoot
sptd
XDva389
XDva390
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus.
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
Post the new log.
Ron
******************************************
Killall::
DirLook::
C:\Program Files\Common
%user%\library
File::
c:\users\Emilio\Downloads\HitmanPro35.exe
c:\windows\System32\Drivers\sptd.sys
c:\windows\system32\XDva389.sys
c:\windows\system32\XDva390.sys
Driver::
HitmanPro35CrusaderBoot
sptd
XDva389
XDva390
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus.
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
Post the new log.
Ron
#7
Posted 17 December 2011 - 01:18 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
Tried the OTL reboot code you gave me. I'm back in safe mode for it did not work. I copied all of it precisely. It's like every time Hitman starts back up or something. I'd suggest downloading on a computer you don't use to better help me, but I'd rather you not get in a limbo like I.
#8
Posted 17 December 2011 - 01:42 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
Okay, I dragged it into Combofix.exe because it will only let me run it. I dragged the file into it, it executed, then rebooted with no log file.
#9
Posted 17 December 2011 - 01:52 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Look in C:\Combofix.txt or C:\Combofix\Combofix.txt for the log file. Have you tried going into regular mode since running Combofix?
#10
Posted 17 December 2011 - 08:57 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
ComboFix 11-12-16.03 - Emilio 12/17/2011 1:28:22.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2434 [GMT -6:00]
Running from: C:\Users\Emilio\Desktop\ComboFix.exe
Command switches used :: C:\Users\Emilio\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\users\Emilio\Downloads\HitmanPro35.exe"
"c:\windows\System32\Drivers\sptd.sys"
"c:\windows\system32\XDva389.sys"
"c:\windows\system32\XDva390.sys"
Overlay aborted ... Please run ComboFix once more
I can't go into normal mode without it going into BSOD.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2434 [GMT -6:00]
Running from: C:\Users\Emilio\Desktop\ComboFix.exe
Command switches used :: C:\Users\Emilio\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\users\Emilio\Downloads\HitmanPro35.exe"
"c:\windows\System32\Drivers\sptd.sys"
"c:\windows\system32\XDva389.sys"
"c:\windows\system32\XDva390.sys"
Overlay aborted ... Please run ComboFix once more
I can't go into normal mode without it going into BSOD.
#11
Posted 17 December 2011 - 09:52 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Please run ComboFix once more like the log says.
#12
Posted 18 December 2011 - 09:39 AM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
ComboFix 11-12-17.05 - Emilio 12/18/2011 9:25:19.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2511 [GMT -6:00]
Running from: C:\Users\Emilio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
Overlay aborted ... Please run ComboFix once more
I'm pretty sure it's going to keep doing this now.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2511 [GMT -6:00]
Running from: C:\Users\Emilio\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
Overlay aborted ... Please run ComboFix once more
I'm pretty sure it's going to keep doing this now.
#13
Posted 18 December 2011 - 10:47 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
OK. Let's try RegSeeker.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.
Select Find in Registry then have it look for HitmanPro35. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it.
RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.
Select Find in Registry then have it look for HitmanPro35. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it.
RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.
#14
Posted 18 December 2011 - 12:24 PM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
Did regseeker, restarting to see the outcome. Thank you for your help so far and sorry that this is such a hastle. I aslo don't trust them myself and I feel stupid for not reviewing Hitman first.
#15
Posted 18 December 2011 - 12:34 PM
Krisiune
- Topic Starter
-
- Member
-
- 18 posts
Member
See attached files. I did the deletion, restarted and did a second scan in safe mode: BSOD occurred again. This is the second scan.
Attached Thumbnails
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
