Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sent from "Windows 7 and Windows Vista" forum [Solved]

Started by Big_Badman , Apr 30 2010 01:53 AM

  • This topic is locked This topic is locked

#1
Big_Badman
Posted 30 April 2010 - 01:53 AM

Big_Badman

    New Member

  • Member
  • Pip
  • 6 posts
Ok I've been posting in this thread about a blue screen issue I've been having. After some tests I was told to come here, run the preparation tools located here and report here my logs for those. The helper Broni wanted to rule out any problems caused by viruses and the like. Thanks for your help in advance!

I have here the full scan log for MBAM which I did before I saw it said you only needed the quick scan, which I also did after that. I'll attach the full log but only paste the quick scan for brevity. To sum it up, during the full scan two infections were found and removed and the quick scan came up clean.

Full scan: Attached File  mbam_log_2010_04_29__01_58_52_.txt   1.07KB   155 downloads

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

4/29/2010 12:21:11 PM
mbam-log-2010-04-29 (12-21-11).txt

Scan type: Quick scan
Objects scanned: 108964
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






When I tried to run GMER the first time it locked my computer 2 min. into the scan. 2nd try comp locked before the program finished loading. 3rd try lock in the middle of scan. I realized then that if I just open the program and let it sit, my computer still locks. Needless to say I couldn't get that log but it's probably significant it can't even idle without locking my system. (also tried running as administrator) Also, when I say locked I mean the mouse can be moved but nothing responds to clicks or keystrokes, total lock besides mouse movement.

Here are the two logs from OTL:

OTL logfile created on: 4/29/2010 1:04:50 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = G:\Users\Badman\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 74.31 Gb Total Space | 10.93 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 176.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 74.73 Gb Total Space | 10.74 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 7.39 Gb Total Space | 4.03 Gb Free Space | 54.54% Space Free | Partition Type: FAT32
Drive N: | 426.69 Gb Total Space | 11.59 Gb Free Space | 2.72% Space Free | Partition Type: NTFS

Computer Name: BADMANPC
Current User Name: Badman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/29 12:12:04 | 000,563,712 | ---- | M] (OldTimer Tools) -- G:\Users\Badman\Desktop\OTL.exe
PRC - [2010/04/21 08:25:04 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 08:25:03 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- G:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/02 08:12:06 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/14 08:12:29 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 08:12:26 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 08:11:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/14 08:11:56 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- G:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/28 03:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- G:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- G:\Windows\explorer.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- G:\Windows\System32\CtHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/04/29 12:12:04 | 000,563,712 | ---- | M] (OldTimer Tools) -- G:\Users\Badman\Desktop\OTL.exe
MOD - [2008/01/19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- G:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/08/21 17:30:40 | 000,087,488 | ---- | M] (Stardock) -- G:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
MOD - [2007/04/09 12:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- G:\Windows\System32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/14 08:12:26 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 08:11:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- G:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/02/20 19:37:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- G:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/24 16:25:13 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- G:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:33:44 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 08:25:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- G:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 08:12:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- G:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 08:11:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- G:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/20 22:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/28 03:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/04/22 14:28:06 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/22 22:07:14 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- G:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/04/22 22:07:13 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- G:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/01/20 03:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- G:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/01/19 00:41:16 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- G:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 22:49:40 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2007/10/22 17:54:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- G:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/08/07 15:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/25 02:21:18 | 000,018,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ctgame.sys -- (ctgame)
DRV - [2007/06/15 12:28:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/19 13:03:50 | 000,017,920 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\imhidusb.sys -- (imhidusb)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/03/05 03:06:32 | 000,022,144 | ---- | M] () [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\MAC607.sys -- (MAC607)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/11/22 10:58:10 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 10:58:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- G:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2002/08/06 12:51:46 | 000,013,780 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- G:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/09/25 06:28:00 | 000,041,290 | ---- | M] (StreamMachine / MPIX Inc) [Kernel | Auto | Stopped] -- G:\Windows\System32\drivers\USBTuner.sys -- (USBTuner)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\msgame.sys -- (msgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/04/29 02:04:12 | 000,393,089 | R--- | M]) - G:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - G:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] G:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] G:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] G:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] G:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PeerBlock] G:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download All with FlashGet - G:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - G:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - G:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - G:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - G:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - G:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - G:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - G:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/27 22:34:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/31 20:32:54 | 000,331,776 | R--- | M] (Monolith Productions, Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/09/03 00:10:52 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2005/08/24 14:32:00 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/08/27 01:25:56 | 000,002,150 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/18 11:37:12 | 000,000,069 | RH-- | M] () - N:\autorun.inf.bak -- [ NTFS ]
O33 - MountPoints2\{0111b0a1-b6fe-11dc-b4fc-00d0b7d585a1}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{60106281-7929-11de-b5bb-00d0b7d585a1}\Shell - "" = AutoRun
O33 - MountPoints2\{60106281-7929-11de-b5bb-00d0b7d585a1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8fa08a8d-7d4f-11dc-838f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8fa08a8d-7d4f-11dc-838f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/08/31 20:32:54 | 000,331,776 | R--- | M] (Monolith Productions, Inc.)
O33 - MountPoints2\N\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - G:\Windows\System32\ias [2008/11/16 08:03:52 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - G:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/04/29 12:17:09 | 000,000,000 | ---D | C] -- G:\Windows\ERDNT
[2010/04/29 12:15:37 | 000,000,000 | ---D | C] -- G:\Program Files\ERUNT
[2010/04/29 12:15:12 | 000,563,712 | ---- | C] (OldTimer Tools) -- G:\Users\Badman\Desktop\OTL.exe
[2010/04/29 12:15:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- G:\Users\Badman\Desktop\erunt_setup.exe
[2010/04/28 21:23:56 | 000,076,392 | ---- | C] (Khronos Group) -- G:\Windows\System32\OpenCL.dll
[2010/04/28 20:57:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- G:\Users\Badman\Desktop\TFC.exe
[2010/04/28 12:19:13 | 000,000,000 | ---D | C] -- G:\Users\Badman\Desktop\Crysis_Dreamscene
[2010/04/28 11:58:33 | 000,000,000 | ---D | C] -- G:\Champions_Temp
[2010/04/28 04:06:24 | 000,052,224 | ---- | C] (NirSoft) -- G:\Users\Badman\Desktop\BlueScreenView.exe
[2010/04/03 22:11:30 | 000,000,000 | ---D | C] -- G:\Users\Badman\AppData\Local\ApplicationHistory
[2010/04/03 22:11:06 | 000,000,000 | ---D | C] -- G:\Program Files\PS3.ProxyServer
[2010/04/03 22:06:48 | 000,000,000 | ---D | C] -- G:\Windows\System32\URTTEMP
[2010/03/17 13:07:07 | 000,000,000 | ---D | C] -- G:\Prison Break Season 1 - S01E05 - English, Fitz or Percy
[2010/03/14 08:12:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\avgrsstx.dll
[2010/03/05 22:52:16 | 018,076,296 | ---- | C] (VSO-Software ) -- G:\vsoConvertXtoDVD4_setup.exe
[2010/02/14 13:13:54 | 000,000,000 | ---D | C] -- G:\Users\Badman\Documents\TurboTax
[2010/02/13 13:21:38 | 000,000,000 | ---D | C] -- G:\Users\Badman\AppData\Roaming\Intuit
[2010/02/13 13:21:30 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\AnswerWorks 5.0
[2010/02/13 13:13:25 | 000,000,000 | ---D | C] -- G:\ProgramData\Intuit
[2010/02/13 13:13:24 | 000,000,000 | ---D | C] -- G:\Users\Badman\AppData\Local\IsolatedStorage
[2010/02/13 13:13:24 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Intuit
[2010/02/13 13:07:25 | 000,000,000 | ---D | C] -- G:\Program Files\TurboTax
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- G:\Windows\System32\a3d.dll
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/29 13:05:05 | 008,126,464 | -HS- | M] () -- G:\Users\Badman\NTUSER.DAT
[2010/04/29 13:03:21 | 000,740,544 | ---- | M] () -- G:\Windows\System32\PerfStringBackup.INI
[2010/04/29 13:03:21 | 000,632,274 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2010/04/29 13:03:21 | 000,112,532 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2010/04/29 12:57:56 | 000,070,773 | ---- | M] () -- G:\ProgramData\nvModes.dat
[2010/04/29 12:57:56 | 000,070,773 | ---- | M] () -- G:\ProgramData\nvModes.001
[2010/04/29 12:57:29 | 000,003,680 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 12:57:28 | 000,003,680 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 12:57:23 | 000,000,006 | -H-- | M] () -- G:\Windows\tasks\SA.DAT
[2010/04/29 12:57:21 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2010/04/29 12:57:19 | 2146,754,560 | -HS- | M] () -- G:\hiberfil.sys
[2010/04/29 12:47:56 | 260,134,871 | ---- | M] () -- G:\Windows\MEMORY.DMP
[2010/04/29 12:12:04 | 000,563,712 | ---- | M] (OldTimer Tools) -- G:\Users\Badman\Desktop\OTL.exe
[2010/04/29 12:11:16 | 000,284,915 | ---- | M] () -- G:\Users\Badman\Desktop\gmer.zip
[2010/04/29 12:09:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- G:\Users\Badman\Desktop\erunt_setup.exe
[2010/04/29 02:04:12 | 000,393,089 | R--- | M] () -- G:\Windows\System32\drivers\etc\hosts
[2010/04/29 02:02:25 | 000,002,635 | ---- | M] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk.disabled
[2010/04/29 02:00:45 | 000,026,196 | ---- | M] () -- G:\Windows\System32\BMXCtrlState-{00000005-00000000-00000006-00001102-00000002-80401102}.rfx
[2010/04/29 02:00:45 | 000,026,196 | ---- | M] () -- G:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000006-00001102-00000002-80401102}.rfx
[2010/04/29 02:00:45 | 000,016,640 | ---- | M] () -- G:\Windows\System32\BMXStateBkp-{00000005-00000000-00000006-00001102-00000002-80401102}.rfx
[2010/04/29 02:00:45 | 000,016,640 | ---- | M] () -- G:\Windows\System32\BMXState-{00000005-00000000-00000006-00001102-00000002-80401102}.rfx
[2010/04/29 02:00:45 | 000,011,564 | ---- | M] () -- G:\Windows\System32\DVCState-{00000005-00000000-00000006-00001102-00000002-80401102}.rfx
[2010/04/29 02:00:44 | 000,524,288 | -HS- | M] () -- G:\Users\Badman\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 02:00:44 | 000,065,536 | -HS- | M] () -- G:\Users\Badman\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/04/29 02:00:10 | 001,201,868 | -H-- | M] () -- G:\Users\Badman\AppData\Local\IconCache.db
[2010/04/29 02:00:07 | 003,377,466 | ---- | M] () -- G:\Windows\{00000005-00000000-00000006-00001102-00000002-80401102}.CDF
[2010/04/29 02:00:07 | 003,377,466 | ---- | M] () -- G:\Windows\{00000005-00000000-00000006-00001102-00000002-80401102}.BAK
[2010/04/28 20:57:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- G:\Users\Badman\Desktop\TFC.exe
[2010/04/28 18:36:15 | 059,354,843 | ---- | M] () -- G:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/28 12:18:06 | 000,100,908 | ---- | M] () -- G:\Users\Badman\Desktop\SystemLook.exe
[2010/04/28 12:04:50 | 000,000,799 | ---- | M] () -- G:\Users\Badman\Desktop\Champions Online.lnk
[2010/04/28 11:54:47 | 000,000,069 | ---- | M] () -- G:\Windows\NeroDigital.ini
[2010/04/28 11:54:46 | 000,243,200 | ---- | M] () -- G:\Users\Badman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 04:32:15 | 2648,394,313 | ---- | M] () -- G:\ChampionsOnlineDemo.zip
[2010/04/28 04:09:21 | 000,000,820 | ---- | M] () -- G:\Users\Badman\Desktop\BlueScreenView.cfg
[2010/04/28 04:06:05 | 000,057,725 | ---- | M] () -- G:\Users\Badman\Desktop\bluescreenview.zip
[2010/04/28 00:17:23 | 000,026,222 | ---- | M] () -- G:\Users\Badman\Desktop\Mini042710-01.zip
[2010/04/27 23:53:49 | 000,154,016 | ---- | M] () -- G:\Users\Badman\Desktop\Mini042710-01.dmp
[2010/04/27 23:31:21 | 000,002,385 | ---- | M] () -- G:\Users\Public\Desktop\Audiosurf.lnk
[2010/04/22 22:57:02 | 000,052,224 | ---- | M] (NirSoft) -- G:\Users\Badman\Desktop\BlueScreenView.exe
[2010/04/21 08:25:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgtdix.sys
[2010/04/13 23:55:17 | 000,001,887 | ---- | M] () -- G:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/05 19:22:07 | 000,000,908 | ---- | M] () -- G:\Users\Badman\Desktop\PS3_Proxy.lnk
[2010/04/05 18:11:10 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- G:\Users\Badman\Desktop\utorrent.exe
[2010/04/03 22:11:30 | 000,000,094 | ---- | M] () -- G:\Users\Badman\AppData\Local\fusioncache.dat
[2010/04/03 21:53:21 | 001,440,474 | ---- | M] () -- G:\Users\Badman\Desktop\PS3_ProxyServer.rar
[2010/04/03 18:26:56 | 000,276,196 | ---- | M] () -- G:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | M] () -- G:\Windows\System32\NvwsApps.xml
[2010/04/03 13:34:45 | 008,990,366 | ---- | M] () -- G:\Users\Badman\Desktop\lv0lv1lv2_2.zip
[2010/04/03 13:27:29 | 009,467,537 | ---- | M] () -- G:\Users\Badman\Desktop\lv0lv1lv2(reuploaded).rar
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2010/03/27 00:16:14 | 000,380,983 | R--- | M] () -- G:\Windows\System32\drivers\etc\hosts.20100429-020412.backup
[2010/03/24 21:40:39 | 000,000,000 | ---- | M] () -- G:\Windows\System32\peerblock.dmp
[2010/03/14 08:12:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgmfx86.sys
[2010/03/14 08:12:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\avgrsstx.dll
[2010/03/14 08:11:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgldx86.sys
[2010/03/05 22:52:16 | 018,076,296 | ---- | M] (VSO-Software ) -- G:\vsoConvertXtoDVD4_setup.exe
[2010/02/20 12:46:34 | 000,380,176 | R--- | M] () -- G:\Windows\System32\drivers\etc\hosts.20100327-001614.backup
[2010/02/16 19:36:45 | 000,378,474 | R--- | M] () -- G:\Windows\System32\drivers\etc\hosts.20100220-114634.backup
[2010/02/15 17:23:53 | 000,002,589 | ---- | M] () -- G:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/14 14:45:34 | 000,000,668 | ---- | M] () -- G:\Users\Badman\AppData\Roaming\vso_ts_preview.xml
[2010/02/14 13:00:23 | 000,347,472 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2010/02/13 13:53:28 | 000,100,976 | ---- | M] () -- G:\Users\Badman\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/05 04:57:23 | 000,109,480 | ---- | M] () -- G:\Users\Badman\Desktop\ps3_exploit_fixed.zip
[2010/02/03 04:22:46 | 000,022,076 | ---- | M] () -- G:\Users\Badman\Desktop\36072.htm
[1 G:\Windows\System32\*.tmp files -> G:\Windows\System32\*.tmp -> ]
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/29 12:23:03 | 000,293,376 | ---- | C] () -- G:\Users\Badman\Desktop\gmer.exe
[2010/04/29 12:15:14 | 000,284,915 | ---- | C] () -- G:\Users\Badman\Desktop\gmer.zip
[2010/04/28 21:24:05 | 000,007,133 | ---- | C] () -- G:\Windows\System32\nvinfo.pb
[2010/04/28 12:18:06 | 000,100,908 | ---- | C] () -- G:\Users\Badman\Desktop\SystemLook.exe
[2010/04/28 12:04:50 | 000,000,799 | ---- | C] () -- G:\Users\Badman\Desktop\Champions Online.lnk
[2010/04/28 04:32:15 | 2648,394,313 | ---- | C] () -- G:\ChampionsOnlineDemo.zip
[2010/04/28 04:09:21 | 000,000,820 | ---- | C] () -- G:\Users\Badman\Desktop\BlueScreenView.cfg
[2010/04/28 04:06:05 | 000,057,725 | ---- | C] () -- G:\Users\Badman\Desktop\bluescreenview.zip
[2010/04/28 00:17:23 | 000,026,222 | ---- | C] () -- G:\Users\Badman\Desktop\Mini042710-01.zip
[2010/04/28 00:16:24 | 000,154,016 | ---- | C] () -- G:\Users\Badman\Desktop\Mini042710-01.dmp
[2010/04/26 12:27:22 | 2146,754,560 | -HS- | C] () -- G:\hiberfil.sys
[2010/04/05 19:22:07 | 000,000,908 | ---- | C] () -- G:\Users\Badman\Desktop\PS3_Proxy.lnk
[2010/04/03 22:11:30 | 000,000,094 | ---- | C] () -- G:\Users\Badman\AppData\Local\fusioncache.dat
[2010/04/03 21:55:26 | 002,010,624 | ---- | C] () -- G:\Users\Badman\Desktop\PS3.ProxyServer.msi
[2010/04/03 21:53:15 | 001,440,474 | ---- | C] () -- G:\Users\Badman\Desktop\PS3_ProxyServer.rar
[2010/04/03 18:26:56 | 000,276,196 | ---- | C] () -- G:\Windows\System32\NvApps.xml
[2010/04/03 18:26:56 | 000,066,714 | ---- | C] () -- G:\Windows\System32\NvwsApps.xml
[2010/04/03 13:34:45 | 008,990,366 | ---- | C] () -- G:\Users\Badman\Desktop\lv0lv1lv2_2.zip
[2010/04/03 13:27:30 | 009,467,537 | ---- | C] () -- G:\Users\Badman\Desktop\lv0lv1lv2(reuploaded).rar
[2010/03/24 21:40:39 | 000,000,000 | ---- | C] () -- G:\Windows\System32\peerblock.dmp
[2010/02/13 13:18:50 | 000,002,589 | ---- | C] () -- G:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/02/05 04:57:23 | 000,109,480 | ---- | C] () -- G:\Users\Badman\Desktop\ps3_exploit_fixed.zip
[2010/02/03 04:22:46 | 000,022,076 | ---- | C] () -- G:\Users\Badman\Desktop\36072.htm
[2009/12/13 21:24:19 | 000,001,039 | ---- | C] () -- G:\Windows\RefreshLock.ini
[2009/12/01 14:31:29 | 000,162,304 | ---- | C] () -- G:\Windows\System32\ztvunrar36.dll
[2009/12/01 14:31:29 | 000,077,312 | ---- | C] () -- G:\Windows\System32\ztvunace26.dll
[2009/12/01 14:31:28 | 000,153,088 | ---- | C] () -- G:\Windows\System32\UNRAR3.dll
[2009/12/01 14:31:28 | 000,075,264 | ---- | C] () -- G:\Windows\System32\unacev2.dll
[2009/08/08 22:11:50 | 000,014,848 | ---- | C] () -- G:\Windows\System32\EuEpmGdi.dll
[2009/08/08 22:11:50 | 000,009,728 | ---- | C] () -- G:\Windows\System32\epmntdrv.sys
[2009/08/08 22:11:50 | 000,003,072 | ---- | C] () -- G:\Windows\System32\EuGdiDrv.sys
[2009/06/01 13:04:05 | 000,192,512 | ---- | C] () -- G:\Windows\System32\VisionManaged.dll
[2009/06/01 13:04:05 | 000,139,264 | ---- | C] () -- G:\Windows\System32\VBaseUI80.dll
[2009/06/01 13:04:05 | 000,131,072 | ---- | C] () -- G:\Windows\System32\VBaseUI71.dll
[2009/06/01 13:04:04 | 002,768,896 | ---- | C] () -- G:\Windows\System32\PhysXCore.dll
[2009/06/01 13:04:04 | 000,386,600 | ---- | C] () -- G:\Windows\System32\PhysXCooking.dll
[2009/06/01 13:04:04 | 000,356,352 | ---- | C] () -- G:\Windows\System32\NxCooking.dll
[2009/06/01 13:04:04 | 000,126,976 | ---- | C] () -- G:\Windows\System32\NxCharacter.dll
[2009/06/01 13:04:04 | 000,086,016 | ---- | C] () -- G:\Windows\System32\NxExtensions.dll
[2009/06/01 13:04:03 | 000,325,120 | ---- | C] () -- G:\Windows\System32\libsndfile-1.dll
[2009/01/20 21:43:10 | 000,010,752 | ---- | C] () -- G:\Windows\System32\BASSMOD.dll
[2009/01/20 21:25:24 | 000,000,083 | ---- | C] () -- G:\Windows\wwp.INI
[2008/11/18 23:05:39 | 000,000,297 | ---- | C] () -- G:\Windows\IfoEdit.INI
[2008/11/16 07:32:45 | 000,081,158 | ---- | C] () -- G:\Windows\System32\manage-bde.ini.en
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- G:\Windows\System32\xlive.dll.cat
[2008/09/29 16:41:51 | 000,000,109 | ---- | C] () -- G:\Windows\disney.ini
[2008/08/09 16:35:35 | 000,022,528 | ---- | C] () -- G:\Windows\System32\drivers\Xbox.sys
[2008/08/09 16:35:35 | 000,022,144 | ---- | C] () -- G:\Windows\System32\drivers\MAC607.sys
[2008/08/09 16:35:00 | 000,057,344 | ---- | C] () -- G:\Windows\System32\Hidhlp.dll
[2008/08/09 16:35:00 | 000,049,152 | ---- | C] () -- G:\Windows\System32\iFT8D91.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- G:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- G:\Windows\System32\dtu100.dll.manifest
[2008/07/21 14:05:14 | 000,000,487 | ---- | C] () -- G:\Windows\smrpro.INI
[2008/06/02 13:49:20 | 000,000,069 | ---- | C] () -- G:\Windows\NeroDigital.ini
[2008/05/21 15:28:11 | 000,237,568 | ---- | C] () -- G:\Windows\System32\lame_enc.dll
[2008/04/29 00:00:52 | 000,000,023 | ---- | C] () -- G:\Windows\BlendSettings.ini
[2008/04/22 22:07:14 | 000,278,984 | ---- | C] () -- G:\Windows\System32\drivers\atksgt.sys
[2008/04/22 22:07:13 | 000,025,416 | ---- | C] () -- G:\Windows\System32\drivers\lirsgt.sys
[2008/04/21 16:42:37 | 000,000,065 | ---- | C] () -- G:\Windows\wininit.ini
[2008/04/09 02:52:25 | 000,000,285 | ---- | C] () -- G:\Windows\vtmb.ini
[2007/11/26 01:40:38 | 000,138,184 | ---- | C] () -- G:\Windows\System32\drivers\PnkBstrK.sys
[2007/10/27 02:27:07 | 000,000,319 | ---- | C] () -- G:\Windows\game.ini
[2007/10/23 17:40:21 | 000,765,952 | ---- | C] () -- G:\Windows\System32\xvidcore.dll
[2007/10/23 17:40:21 | 000,180,224 | ---- | C] () -- G:\Windows\System32\xvidvfw.dll
[2007/10/22 17:54:41 | 000,685,816 | ---- | C] () -- G:\Windows\System32\drivers\sptd.sys
[2007/10/20 13:19:09 | 000,000,000 | ---- | C] () -- G:\Windows\msicpl.ini
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- G:\Windows\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- G:\Windows\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- G:\Windows\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- G:\Windows\System32\CTBurst.dll
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- G:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- G:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- G:\Windows\System32\pacerprf.ini
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- G:\Windows\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- G:\Windows\System32\ctmmactl.dll
[2003/09/16 11:52:28 | 000,147,456 | ---- | C] () -- G:\Windows\System32\vorbis.dll
[2003/09/16 11:43:31 | 000,884,736 | ---- | C] () -- G:\Windows\System32\vorbisenc.dll
[2003/09/16 11:41:43 | 000,045,056 | ---- | C] () -- G:\Windows\System32\ogg.dll

========== LOP Check ==========

[2007/12/27 14:35:30 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\acccore
[2008/07/21 15:07:21 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Audio Record Edit Toolbox
[2008/04/04 13:56:29 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Bioshock
[2009/05/18 12:00:24 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Braid
[2009/02/22 18:53:29 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Crayon Physics Deluxe
[2008/09/29 20:22:24 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Disney Interactive Studios
[2010/01/27 00:56:24 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Docx2Rtf
[2008/09/02 13:16:25 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\FileZilla
[2008/05/19 13:41:19 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\FlashGet
[2007/11/12 18:11:59 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\ImgBurn
[2008/09/21 01:17:38 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Leadertech
[2008/02/18 16:11:17 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\NewsBin
[2010/01/27 00:54:46 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\NwDocx
[2008/01/15 22:48:53 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Sierra Entertainment
[2008/04/10 15:35:03 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Ubisoft
[2010/04/28 11:39:14 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\uTorrent
[2009/10/30 04:06:08 | 000,000,000 | ---D | M] -- G:\Users\Badman\AppData\Roaming\Vso
[2010/04/29 02:00:25 | 000,032,586 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/28 21:05:41 | 093,869,296 | ---- | M] (NVIDIA Corporation) -- G:\197.45_desktop_win7_winvista_32bit_english_whql.exe
[2009/12/23 18:51:19 | 000,003,254 | ---- | M] () -- G:\addiction.nfo
[2008/07/21 15:02:47 | 003,659,035 | ---- | M] () -- G:\amboy.mp3
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- G:\autoexec.bat
[2010/04/28 04:32:15 | 2648,394,313 | ---- | M] () -- G:\ChampionsOnlineDemo.zip
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- G:\config.sys
[2009/04/06 12:29:20 | 000,552,267 | ---- | M] () -- G:\dethklok-gear.mp3
[2010/04/29 12:57:19 | 2146,754,560 | -HS- | M] () -- G:\hiberfil.sys
[2007/05/02 06:03:15 | 000,267,864 | ---- | M] (Hewlett-Packard) -- G:\hpzids01.dll
[2007/12/27 14:35:07 | 000,000,433 | -H-- | M] () -- G:\IPH.PH
[2008/06/16 00:15:41 | 000,016,384 | ---- | M] () -- G:\KillProcess.exe
[2010/04/28 21:58:26 | 000,000,109 | ---- | M] () -- G:\mbam-error.txt
[2009/12/01 17:41:45 | 000,000,360 | ---- | M] () -- G:\nofoldersniff.reg
[2010/04/29 12:57:18 | 2460,569,600 | -HS- | M] () -- G:\pagefile.sys
[2008/07/21 15:05:46 | 002,808,386 | ---- | M] () -- G:\praise.mp3
[2009/12/23 21:18:20 | 000,029,073 | ---- | M] () -- G:\Reno 911! (Seasons 1-5) - Episode Guide.txt
[2008/07/21 14:57:03 | 001,461,142 | ---- | M] () -- G:\reno911-2.mp3
[2008/07/21 14:54:04 | 001,415,272 | ---- | M] () -- G:\reno911.mp3
[2009/12/01 17:41:40 | 000,000,266 | ---- | M] () -- G:\resetfolderviews_vista.reg
[2010/03/05 22:52:16 | 018,076,296 | ---- | M] (VSO-Software ) -- G:\vsoConvertXtoDVD4_setup.exe
[2008/07/21 15:13:25 | 004,622,634 | ---- | M] () -- G:\whoicansee.mp3
[2009/12/27 04:36:04 | 004,746,864 | ---- | M] () -- G:\~uTorrentPartFile_19B9B1134.dat
[2009/11/30 13:10:46 | 000,170,244 | ---- | M] () -- G:\~uTorrentPartFile_A64067F1.dat

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 00:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\rsaenh.dll
[2008/01/19 00:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\Windows\System32\SLC.dll
[1 G:\Windows\system32\*.tmp files -> G:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- G:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- G:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- G:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- G:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- G:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/14 08:11:56 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgldx86.sys
[2010/03/14 08:12:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 08:25:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- G:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 17:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 840 bytes -> G:\Users\Badman\Documents\Thank you for a great internship experience!.eml:OECustomProperty
@Alternate Data Stream - 129 bytes -> G:\ProgramData\TEMP:1493A0EF
@Alternate Data Stream - 116 bytes -> G:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 105 bytes -> G:\ProgramData\TEMP:CB0AACC9
< End of report >



---------------------------------------------------------------------------------------------------------------------------



OTL Extras logfile created on: 4/29/2010 1:04:50 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = G:\Users\Badman\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 74.31 Gb Total Space | 10.93 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 176.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 74.73 Gb Total Space | 10.74 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 7.39 Gb Total Space | 4.03 Gb Free Space | 54.54% Space Free | Partition Type: FAT32
Drive N: | 426.69 Gb Total Space | 11.59 Gb Free Space | 2.72% Space Free | Partition Type: NTFS

Computer Name: BADMANPC
Current User Name: Badman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- G:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "G:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "G:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "G:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\FlashFXP\FlashFXP.exe" = G:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\FlashFXP\FlashFXP.exe" = G:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FA89CF-4CFC-4CD3-968C-8FF54B027E56}" = rport=80 | protocol=6 | dir=out | app=g:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{16746388-763A-454B-8F3E-07C241CB42B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A16F688-3D33-4C33-BD6E-06B6278D64F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53C508F6-ACCF-4099-8C63-2AC78B820B38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59C1A8F9-E8D4-4BC1-93E3-16A1ACA98CA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69787275-9A2A-4907-8231-77FA8F582B34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A794C7C-D63E-43AE-84AC-3AB42E1E322B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82CF2076-1637-48E5-8293-82179B54EFE3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC660EBF-56E4-4E2E-B8CC-633FE0CD80EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3829848-B28B-429F-AE54-2E28BB3C19EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4973B12-F1C4-4F3C-8DC8-01D69D872637}" = rport=80 | protocol=6 | dir=out | app=g:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8F741-0545-4539-817B-E931FE553243}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{03C71124-C23F-4FCE-A07C-EB7C489FDF56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0584FA4B-850A-483D-B97E-D084714D5137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08BFDA71-4E20-4F1A-8424-7049FC542910}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{0972D5AE-512B-47A2-B5F2-E74D88E8782E}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{103937F6-6C0D-4DA2-8534-51EB8A0AFB64}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{1046C817-A5F7-499B-9182-58C603E247F0}" = protocol=17 | dir=in | app=c:\program files\farcry2\far cry 2\bin\fc2editor.exe |
"{240EED88-3DAF-475F-9509-4744184CD016}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{261F62F7-3223-43B7-9BC1-4BD8CBD0EC41}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{27DEECF8-DA88-4418-A1AB-D644B814BF7A}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{286876C0-66C8-4135-B540-EA6C2C4C9CBF}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{2D71F774-2F61-425E-A33D-423F2FA2217E}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{300E0A43-73E9-46CD-B938-24103C3F323D}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{30808725-7D4C-4D1F-9F90-DB68E1600117}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{43292C79-611F-4242-BB3B-E1745853AEF0}" = dir=in | app=g:\program files\avg\avg9\avgemc.exe |
"{46B34009-E503-49A7-AC93-DC9C798C565E}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{50E9C7A8-2884-467F-95A8-C65C131FAB0E}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{515881F5-4D67-472A-977F-2FF2E9EED1B1}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{53BB48FD-3126-4774-A8DA-DC0E8F347735}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{5829B974-C339-4340-84B9-7032971C7A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BECE089-2AD1-4ACE-B379-79D58A77283A}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{644E1FD4-07E6-4A92-993A-6749455A165B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65F13C1F-2D20-487E-A664-72CDB073791D}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{6EBA7732-D1FD-48DE-883E-BC718233C05A}" = protocol=6 | dir=in | app=c:\program files\burnout paradise\burnoutconfigtool.exe |
"{7EA5ECD5-1B2B-4763-94EB-5209C550C0C2}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{7EF1808C-8231-4BC3-A6C5-BD863A5D523C}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{882BA017-DA2B-4D45-ABFC-50C99A7014B0}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{88CB19ED-BC83-4792-A3CF-078D3538115A}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{8D33CFFD-9A0B-48A0-B747-D3F8F6531586}" = dir=in | app=g:\program files\avg\avg9\avgnsx.exe |
"{8EF3A28C-7232-4CF0-8CF4-87911EBCDAA6}" = dir=in | app=g:\program files\avg\avg9\avgupd.exe |
"{92C5F135-6383-4B6B-B085-411BED9D654F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{949E6C77-124A-49AA-950C-4B577A5B2DEC}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{967DCE4A-77E3-43DB-B061-DCDE86A5EF14}" = protocol=6 | dir=in | app=c:\program files\burnout paradise\burnoutlauncher.exe |
"{96D59093-978F-4379-BD2B-ED1489175ABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{978D5FB0-39EA-4720-8CE0-8CA8A6EE5F19}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{97B397DE-F4D6-4F3F-93DF-A4AFB8E1EF7B}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{9A5C36CE-3275-4AEB-B3BB-82F321C044A3}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{9B1A7E46-E06B-42B8-A8C6-8ED02A30170E}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{A06B62C7-C08E-4036-983E-763EFFC98C2C}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{A279C270-E62C-4C76-9E1B-E83B6F85AD86}" = protocol=17 | dir=in | app=c:\program files\burnout paradise\burnoutlauncher.exe |
"{A3F1028F-4625-42EA-B059-74C56651795A}" = protocol=6 | dir=in | app=c:\program files\farcry2\far cry 2\bin\fc2launcher.exe |
"{A40E4308-6675-49B9-9742-8A48330ABB60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4E4A216-4860-4588-BE34-CB2953B401FF}" = protocol=17 | dir=in | app=c:\program files\farcry2\far cry 2\bin\farcry2.exe |
"{AA76CE38-CE28-43F9-BD7C-ECCD924C17EE}" = protocol=17 | dir=in | app=c:\program files\burnout paradise\burnoutconfigtool.exe |
"{AECFF7D9-0672-454A-8F22-C92ACFE90A7E}" = protocol=17 | dir=in | app=c:\program files\farcry2\far cry 2\bin\fc2launcher.exe |
"{B348E313-91CF-4B9F-A6F8-CFC7807E1E15}" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{B8F44917-07BA-4CC9-9BC8-4D7F813D9E92}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{C022B302-5CD9-486F-9167-C57D72F39DDA}" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"{C101E577-3D97-488B-AEE1-38D3BCA0E363}" = protocol=6 | dir=in | app=c:\program files\burnout paradise\burnoutparadise.exe |
"{D14876BB-8E22-4026-9F50-9144F52607E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8E7A1F3-66C3-4C0A-B9DB-EDEBAEA06ECD}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{DBABA944-498A-4F6C-B00C-880E4033216C}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{DE2EC39F-10CC-494F-9607-45F801C0F8D6}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{E089AB95-4620-4023-9952-01DE4C17079C}" = protocol=6 | dir=in | app=c:\program files\farcry2\far cry 2\bin\fc2editor.exe |
"{E15ACE0D-AC90-4D0E-8483-AA568EA853E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E296C87F-A9B0-428F-B445-D5C04F6C50DC}" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{EB6130BC-B4DC-4A88-B74F-4029712C0C26}" = protocol=6 | dir=out | app=system |
"{EF6B563B-450E-4082-8327-3BCB466B4527}" = protocol=6 | dir=in | app=c:\program files\farcry2\far cry 2\bin\farcry2.exe |
"{EF760B9F-1B58-4796-9C2B-ABAC7ADA4210}" = protocol=6 | dir=in | app=c:\program files\velvet assasin\launcher.exe |
"{EFAB2E79-95FD-466A-9DB6-65D146634156}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F251B5CC-4912-4BE0-BEDC-00ACBA428B9C}" = protocol=17 | dir=in | app=c:\program files\burnout paradise\burnoutparadise.exe |
"{F2B17AC8-4B71-47F2-B814-D3C6F48B7886}" = protocol=6 | dir=in | app=c:\program files\velvet assasin\replay.exe |
"{F443A7C0-C45F-49DD-ABE5-19EB72BDCD4C}" = protocol=17 | dir=in | app=c:\program files\velvet assasin\launcher.exe |
"{F878CFB2-277E-4D0D-9AC8-5CAEA545E9A4}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{FA172AE0-23B7-4309-89CE-D1BF4C2E31B3}" = protocol=17 | dir=in | app=c:\program files\velvet assasin\replay.exe |
"{FA369412-20CA-47BE-81FF-CF256BF90E5B}" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"{FB61FA4F-9D58-433C-B25C-083D2B197A99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{07CFA655-1B9F-4221-B933-DE9F23209052}G:\program files\simplecenter\simplecenter.exe" = protocol=6 | dir=in | app=g:\program files\simplecenter\simplecenter.exe |
"TCP Query User{0919B7D5-62F6-476A-97AD-9482B099C3AE}G:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=g:\program files\flashget\flashget.exe |
"TCP Query User{1851EABE-E186-48CD-80A4-18F56DAA501D}G:\program files\bgii - soa\bgmain.exe" = protocol=6 | dir=in | app=g:\program files\bgii - soa\bgmain.exe |
"TCP Query User{1B027058-7EF9-448E-8F55-5D43910E6068}G:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=g:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{282BC871-D914-425A-A45E-965450E6CFB4}G:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=g:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{2ECBC030-E022-485B-B87A-7AF963239CC3}G:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=g:\windows\system32\dplaysvr.exe |
"TCP Query User{340EF99B-3612-4D5A-A377-1BB9A9B1556C}G:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=g:\program files\diablo ii\game.exe |
"TCP Query User{433CF0CE-417E-4F6D-9919-B967ADC9173C}G:\users\badman\desktop\utorrent.exe" = protocol=6 | dir=in | app=g:\users\badman\desktop\utorrent.exe |
"TCP Query User{53C1AE2B-1930-48EF-AC30-91DB253DFB6C}G:\windows\sa23sl.exe" = protocol=6 | dir=in | app=g:\windows\sa23sl.exe |
"TCP Query User{55FEE1C5-3F35-4331-AFC9-602CAC016B62}C:\program files\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{654A1443-0560-494F-BCA1-B639E4DB0F7A}G:\program files\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=g:\program files\emote\launcher\launcher.exe |
"TCP Query User{69AD9492-B74A-4140-9920-110820925E46}G:\program files\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=g:\program files\monte cristo\silverfall\silverfall.exe |
"TCP Query User{8673D9B6-7969-4053-82F8-8B3EFF780B88}G:\program files\ps3.proxyserver\ps3.proxyserver.gui.exe" = protocol=6 | dir=in | app=g:\program files\ps3.proxyserver\ps3.proxyserver.gui.exe |
"TCP Query User{8D1A0E9B-B124-45E8-A6A0-CD0D8FC72C43}G:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=g:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A122ED51-4510-46D6-8052-4EAD4A9868C4}G:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=g:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{CCD0B2F4-BD03-4E54-BBCE-99339320566A}G:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=g:\program files\internet explorer\iexplore.exe |
"TCP Query User{CEDE7589-1CBD-4BDD-98AC-E15A176B1F2E}G:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"TCP Query User{CFA20F7C-20F6-4542-A1EB-6C63F47084C3}G:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=g:\program files\mirc\mirc.exe |
"TCP Query User{EDF573EE-B5F9-4085-8748-E8D3F87745A8}G:\program files\dap\dap.exe" = protocol=6 | dir=in | app=g:\program files\dap\dap.exe |
"TCP Query User{FBF8444D-5F46-4493-98A6-861819A007FB}G:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=g:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{05641F45-E065-4E45-ACB5-867B1AA22BF9}G:\program files\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=g:\program files\emote\launcher\launcher.exe |
"UDP Query User{0AB67D44-DD5F-40BD-AB5A-5266795CCA31}G:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=g:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{21E351D2-14A3-42C0-AB56-A42A490D51AA}G:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=g:\program files\flashget\flashget.exe |
"UDP Query User{230031FF-EFAF-40E3-8F83-EF7CF0AB93CA}G:\program files\bgii - soa\bgmain.exe" = protocol=17 | dir=in | app=g:\program files\bgii - soa\bgmain.exe |
"UDP Query User{2C78A5F0-6AB5-4802-B51E-14F4DF5D5D44}G:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=g:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{378A5469-9835-4081-AD47-318CEF0CE29B}G:\program files\ps3.proxyserver\ps3.proxyserver.gui.exe" = protocol=17 | dir=in | app=g:\program files\ps3.proxyserver\ps3.proxyserver.gui.exe |
"UDP Query User{4806F4A3-A9D5-43D5-B54B-076B9350D730}G:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=g:\program files\mirc\mirc.exe |
"UDP Query User{4C642D79-E628-4864-9C45-4796B78CEB3B}G:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=g:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{606CFC49-68F2-4AFC-ACB3-040BD9E89FC4}G:\program files\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=g:\program files\monte cristo\silverfall\silverfall.exe |
"UDP Query User{635A9CDC-E571-406F-A8A0-C280A100C5D4}G:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=g:\program files\utorrent\utorrent.exe |
"UDP Query User{7554947F-91EC-4B02-A24A-63ECE3CA4031}C:\program files\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{773022EF-C8D6-46FB-B572-A7FF1677E6C5}G:\program files\simplecenter\simplecenter.exe" = protocol=17 | dir=in | app=g:\program files\simplecenter\simplecenter.exe |
"UDP Query User{7AA63963-AF8E-483E-8398-31D15F1CF0FC}G:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=g:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E40D064-AAB3-482C-812C-D3C7665C1A2B}G:\windows\sa23sl.exe" = protocol=17 | dir=in | app=g:\windows\sa23sl.exe |
"UDP Query User{B40CC08C-9525-4D2F-8EBF-49C50168EF5C}G:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=g:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{C5D46570-8A3C-4999-AF13-E4BB6F32F853}G:\program files\dap\dap.exe" = protocol=17 | dir=in | app=g:\program files\dap\dap.exe |
"UDP Query User{C5D57383-1367-47D0-81DB-78C4662D66A5}G:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=g:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D521F9AC-B0EB-4D79-A1E5-EDE6048FDB8A}G:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=g:\program files\diablo ii\game.exe |
"UDP Query User{D96B5CC7-7746-4D07-94F9-10CC9DFC66DD}G:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=g:\windows\system32\dplaysvr.exe |
"UDP Query User{FA7A81C0-1ED6-41ED-9DEF-2C6669A64D97}G:\users\badman\desktop\utorrent.exe" = protocol=17 | dir=in | app=g:\users\badman\desktop\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F9C8E9-A9B8-4E19-9AC2-F21EC5094B84}" = Thrustmaster FFB Wheel driver
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.3.40c
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}" = PS3.ProxyServer
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"Audio Recorder for FREE_is1" = Audio Recorder for FREE v11.0.1
"AVG9Uninstall" = AVG Free 9.0
"AVIcodec" = AVIcodec (remove only)
"Aztaka" = Aztaka
"Champions Online" = Champions Online
"CloneCD" = CloneCD
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DeskScapes" = DeskScapes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"Emote-Launcher" = Emote-Launcher (remove only)
"ERUNT_is1" = ERUNT 1.1j
"FlashGet" = FlashGet 1.9.0.1012
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.2
"FT8D91" = PS/GC/BOX To PC CONVERTOR
"Heavy Weapon_is1" = Heavy Weapon
"I-Fluid_is1" = I-Fluid 1.22
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Machinarium" = Machinarium
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"NewsBin5" = NewsBin Pro
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PROSet" = Intel® Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest Galactrix1.00" = Puzzle Quest Galactrix
"Radio Decoder" = Radio Decoder
"Safecracker" = Safecracker
"SIM editor" = SIM editor 4.0
"ST6UNST #1" = Hero Editor V0.95
"SyncBack_is1" = SyncBack
"TurboTax 2009" = TurboTax 2009
"UltSounds" = Windows Sound Schemes
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Zombie Driver" = Zombie Driver 1.0.3
"Zombie Shooter 2_is1" = Zombie Shooter 2 v 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2010 9:55:53 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:53 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:53 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:53 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/28/2010 9:55:54 PM | Computer Name = BadmanPC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 5/31/2008 6:28:26 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:26 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:26 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

Error - 5/31/2008 6:28:27 PM | Computer Name = BadmanPC | Source = MCX2Filter | ID = 602
Description =

[ System Events ]
Error - 4/29/2010 12:49:10 PM | Computer Name = BadmanPC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/29/2010 12:51:16 PM | Computer Name = BadmanPC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 4/29/2010 12:57:22 PM | Computer Name = BadmanPC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:56:10 PM on 4/29/2010 was unexpected.

Error - 4/29/2010 12:56:56 PM | Computer Name = BadmanPC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 4/29/2010 12:56:56 PM | Computer Name = BadmanPC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 4/29/2010 12:57:23 PM | Computer Name = BadmanPC | Source = HTTP | ID = 15016
Description =

Error - 4/29/2010 12:57:29 PM | Computer Name = BadmanPC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/29/2010 12:57:29 PM | Computer Name = BadmanPC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/29/2010 12:57:33 PM | Computer Name = BadmanPC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/29/2010 12:59:43 PM | Computer Name = BadmanPC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

Hi, I don't mean to rude but I've waited over a day and no response has been posted to this thread. I need my computer working again so I can't wait any longer. I'm just going to reformat and be done with it. Thanks anyway.

Edited by ldtate, 01 May 2010 - 01:10 PM.

  • 0

Advertisements

#2
SweetTech
Posted 15 May 2010 - 10:12 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP