Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rookit


  • This topic is locked This topic is locked
6 replies to this topic

#1 richeym

richeym

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 14 July 2009 - 01:11 PM

hi, i have a rootkit and was told to post a log here.
here is the link to the other thread that i posted http://www.bleepingcomputer.com/forums/t/240728/trojan-virus/



DDS (Ver_09-06-26.01) - NTFSx86
Run by Richard at 14:06:45.43 on Tue 07/14/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.895 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AdwareBot *disabled* (Updated) {82C00465-15A6-4950-B7E2-8206FC3DC178}
SP: AntispywareBot *disabled* (Updated) {6C0563CE-4784-4CA8-BADE-7262372769A2}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SpywareBot *disabled* (Updated) {039833F7-F768-4C1F-A38A-9F3A650EDFFB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Richard\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: CJava Object: {43f7497c-7687-4dea-a057-f21bd81bc896} - c:\windows\system32\msjava32.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BTBFirstRun] c:\program files\hewlett-packard\sdp\hprun.exe
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; ub2; ubt; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; eMusic DLM/4)
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\users\richard\appdata\roaming\micros~1\windows\startm~1\programs\startup\fifa09~1.lnk - c:\program files\ea sports\fifa 09\support\EAregister.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\richard\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\k391bjk8.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 108552]

=============== Created Last 30 ================

2009-07-13 00:04 --d----- c:\users\richard\appdata\roaming\Malwarebytes
2009-07-12 23:13 --d--r-- c:\program files\Skype
2009-07-12 23:13 --d----- c:\programdata\Skype
2009-07-11 23:42 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 23:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 23:42 --d----- c:\programdata\Malwarebytes
2009-07-11 23:42 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 23:42 --d----- c:\progra~2\Malwarebytes
2009-07-11 16:48 362,030,130 a------- c:\windows\MEMORY.DMP
2009-07-09 01:48 --d----- c:\program files\Crawler
2009-06-30 17:48 --d----- c:\users\richard\appdata\roaming\TeamViewer
2009-06-30 17:47 --d----- c:\program files\TeamViewer
2009-06-30 17:47 --d----- c:\users\richard\temp
2009-06-30 17:14 225,280 a------- c:\windows\system32\rewire.dll
2009-06-30 17:14 --d----- c:\program files\VstPlugins
2009-06-30 17:14 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-06-30 17:13 --d----- c:\program files\Outsim
2009-06-30 17:11 --d----- c:\program files\Image-Line
2009-06-24 08:31 --d----- c:\programdata\AVG Security Toolbar
2009-06-24 08:31 --d----- c:\progra~2\AVG Security Toolbar
2009-06-21 13:44 --dsh--- C:\found.001

==================== Find3M ====================

2009-06-24 08:30 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 08:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-05 16:08 36,104 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-06-05 16:08 131,072 a------- c:\windows\system32\SpoonUninstall.exe
2009-06-02 17:46 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-02 17:46 86,016 a------- c:\windows\inf\infstor.dat
2009-06-02 17:46 51,200 a------- c:\windows\inf\infpub.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-11 19:00 262,144 a------- C:\ntuser.dat
2009-04-30 08:52 292,352 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:44 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-04-30 08:42 428,032 a------- c:\windows\system32\EncDec.dll
2009-04-24 12:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 12:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 12:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 12:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 12:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 09:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 08:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 09:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 08:04 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-10 17:18 174 a--sh--- c:\program files\desktop.ini
2008-06-11 03:13 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-22 21:59 1,148 a------- c:\users\richard\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-20 09:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008032020080321\index.dat

============= FINISH: 14:10:24.31 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:27 PM

Posted 25 July 2009 - 07:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 richeym

richeym
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 25 July 2009 - 02:02 PM

hi, thanks for responding.
i was getting alerts about trojan viruses being on my computer, and avg could no delete them. i brought the topic here and the guy in the last thread told me i had a rootkit and to bring the question to this forum, so thats where im at.


OTL logfile created on: 7/25/2009 2:14:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Richard\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16851)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.78% Memory free
4.00 Gb Paging File | 2.52 Gb Available in Paging File | 62.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.30 Gb Total Space | 12.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 9.27 Gb Free Space | 94.89% Space Free | Partition Type: NTFS
Drive E: | 3.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMATRIX
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/05/16 14:01:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/09/25 10:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/04/12 03:01:36 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/09/28 09:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/02/02 11:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2000/08/14 16:48:06 | 00,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
PRC - [2007/10/25 05:52:08 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/06/24 08:30:46 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/01/09 17:02:41 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/06/10 16:09:15 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2007/10/14 14:38:03 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2006/11/02 08:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/04/23 09:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/06/24 08:30:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/11/28 20:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/06/24 08:30:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/02 09:29:43 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/25 03:22:22 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/07/17 19:49:21 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/06/24 08:30:56 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2006/11/02 05:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/09 17:02:41 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 08:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2009/07/05 01:25:02 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2009/07/01 12:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/05/16 23:15:10 | 00,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2008/12/16 16:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2006/10/10 12:44:10 | 00,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PRC - [2009/06/24 08:30:42 | 00,760,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/06/24 08:30:56 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/22 20:00:46 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/30 23:50:12 | 02,426,832 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2009/07/25 06:49:52 | 00,192,512 | ---- | M] (2K Sports) -- C:\Users\Richard\Documents\Downloads\MLB 2K9\setup.exe
PRC - [2009/07/25 14:11:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/25 10:00:46 | 00,574,808 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/07/17 19:49:21 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/24 08:30:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/02 02:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/11/02 08:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2006/11/02 08:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/24 18:57:25 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/11/02 08:36:02 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2007/11/28 20:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2006/11/02 08:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/16 14:01:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/07/05 01:25:02 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
SRV - File not found -- -- (stllssvr [On_Demand | Stopped])
SRV - [2009/06/25 03:22:22 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4 [Auto | Running])
SRV - [2007/04/12 03:01:36 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/07/17 19:49:24 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/24 08:30:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/02 09:29:59 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/09/03 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/04/12 21:04:39 | 00,049,664 | ---- | M] (HP) -- C:\Windows\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2006/04/12 21:04:39 | 00,016,496 | ---- | M] (HP) -- C:\Windows\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2006/04/12 21:04:39 | 00,021,568 | ---- | M] (HP) -- C:\Windows\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2008/05/08 05:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2008/05/08 05:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/10/25 06:26:10 | 02,015,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/05/04 02:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/05/16 14:01:00 | 07,465,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2007/07/02 17:37:08 | 00,110,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2005/12/12 12:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2006/07/24 06:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/05/14 19:05:43 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/05/26 11:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2005/05/26 11:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2005/06/24 17:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008/05/08 05:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2007/10/18 07:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341


IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\S-1-5-21-2917928027-884967084-2778667727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\S-1-5-21-2917928027-884967084-2778667727-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.026.001
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {78E9BEEB-D403-4a98-B0D1-54607EF5E5BA}:0.39
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw="
FF - prefs.js..oldKeyword: "data:text/plain,keyword.URL=http://search.yahoo.com/search?fr=yff3u&p="


FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2009/03/15 00:16:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2009/07/24 22:00:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt [2007/11/04 16:14:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/24 08:32:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/22 16:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2009/07/09 01:48:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/22 20:00:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/24 22:00:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/18 11:56:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/24 22:00:06 | 00,000,000 | ---D | M]

[2008/09/07 12:30:44 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions
[2008/09/07 12:30:44 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/24 19:54:01 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\k391bjk8.default\extensions
[2008/07/04 22:25:11 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\k391bjk8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/07/04 22:25:06 | 00,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\mozilla\Firefox\Profiles\k391bjk8.default\extensions\{78E9BEEB-D403-4a98-B0D1-54607EF5E5BA}
[2009/07/25 14:06:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/09/07 18:59:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/22 20:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/12 23:13:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2007/05/08 17:55:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/12/24 03:36:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/07/22 20:00:46 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/22 20:00:46 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/11/18 15:36:00 | 00,077,824 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\mozilla firefox\plugins\npCID.dll
[2007/07/26 19:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/22 20:00:46 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/24 22:00:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/24 22:00:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/06/15 18:27:26 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/15 18:27:26 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 11:26:54 | 00,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/06/15 18:27:26 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/15 18:27:26 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/15 18:27:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/15 18:27:26 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/15 18:27:26 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CJava Object) - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\Windows\System32\msjava32.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [BTBFirstRun] C:\Program Files\Hewlett-Packard\SDP\hprun.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09 Registration.lnk = C:\Program Files\EA Sports\FIFA 09\Support\EAregister.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Crawler Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM ® - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/13 17:58:39 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/15 04:20:36 | 00,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{153b02f5-40dc-11de-a79e-001a922f2edc}\Shell - "" = AutoRun
O33 - MountPoints2\{153b02f5-40dc-11de-a79e-001a922f2edc}\Shell\AutoRun\command - "" = K:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{168df26b-d1b0-11db-8ffb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{168df26b-d1b0-11db-8ffb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2007/02/28 01:36:31 | 00,558,983 | R--- | M] (THQ )
O33 - MountPoints2\{60f3bdff-8c6f-11dc-bc3f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60f3bdff-8c6f-11dc-bc3f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2007/02/28 01:36:31 | 00,558,983 | R--- | M] (THQ )
O33 - MountPoints2\{a9ea5ce7-50f2-11de-b61d-001a922f2edc}\Shell - "" = AutoRun
O33 - MountPoints2\{a9ea5ce7-50f2-11de-b61d-001a922f2edc}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{a9ea5ce7-50f2-11de-b61d-001a922f2edc}\Shell\directx\command - "" = K:\DirectX9\dxsetup.exe -- File not found
O33 - MountPoints2\{a9ea5ce7-50f2-11de-b61d-001a922f2edc}\Shell\setup\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\K:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/07/24 23:36:07 | 00,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2009/07/24 23:35:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/07/24 23:35:46 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Winamp
[2009/07/24 23:17:34 | 00,000,000 | ---D | C] -- C:\Users\Richard\Desktop\music
[2009/07/24 21:46:29 | 00,061,440 | ---- | C] () -- C:\Windows\System32\drivers\gkmv.sys
[2009/07/24 21:27:17 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/21 00:03:55 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 00:41:20 | 04,660,178 | ---- | C] () -- C:\Users\Richard\Desktop\matisyahu - one day(2).wav
[2009/07/20 00:40:56 | 05,072,960 | ---- | C] () -- C:\Users\Richard\Desktop\matisyahu - one day(2).mp3
[2009/07/17 20:29:06 | 00,001,690 | ---- | C] () -- C:\Users\Richard\Desktop\Source SDK Base.lnk
[2009/07/17 00:52:28 | 88,471,9732 | ---- | C] () -- C:\Users\Richard\Desktop\NeotokyoInstaller_07032009.exe
[2009/07/16 01:13:50 | 00,128,962 | ---- | C] () -- C:\Users\Richard\Desktop\5936_1098018930456_1226100012_30255782_568899_n.jpg
[2009/07/16 01:13:39 | 00,076,696 | ---- | C] () -- C:\Users\Richard\Desktop\5936_1098018890455_1226100012_30255781_4154457_n.jpg
[2009/07/15 13:48:31 | 00,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009/07/15 02:24:38 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 02:24:37 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 02:24:37 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 02:24:37 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 02:24:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/15 02:24:37 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/14 15:32:38 | 00,073,728 | ---- | C] () -- C:\Users\Richard\Desktop\volunteer-coord-packet.doc
[2009/07/13 00:04:34 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2009/07/12 23:13:35 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Skype
[2009/07/12 23:13:10 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/12 23:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/07/12 23:13:08 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/07/12 23:13:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/07/11 23:42:11 | 00,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 23:42:05 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/11 23:42:04 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/11 23:42:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/11 23:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 19:11:55 | 21,459,68128 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/11 16:48:22 | 21,597,5098 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/11 16:12:02 | 03,441,037 | -H-- | C] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2009/07/09 01:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Crawler
[2009/07/09 01:34:21 | 00,000,374 | ---- | C] () -- C:\Windows\tasks\AdwareBot System Startup.job
[2009/07/06 22:12:17 | 00,001,706 | ---- | C] () -- C:\Users\Richard\Desktop\Half-Life 2 Episode Two.lnk
[2009/06/30 20:04:43 | 00,001,706 | ---- | C] () -- C:\Users\Richard\Desktop\Half-Life 2 Episode One.lnk
[2009/06/30 17:48:01 | 00,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\TeamViewer
[2009/06/30 17:48:00 | 00,000,957 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/06/30 17:47:56 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/06/30 17:14:32 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2009/06/30 17:14:32 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/06/30 17:14:09 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2009/06/30 17:13:40 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/06/30 17:11:57 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/06/02 17:13:07 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/05/14 19:05:42 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/07/15 19:09:06 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/05/08 18:07:25 | 00,000,632 | ---- | C] () -- C:\Windows\Edofma.INI
[2008/04/07 16:40:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/01 21:36:21 | 00,002,790 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2007/09/14 14:39:32 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2007/07/07 23:23:21 | 00,186,880 | ---- | C] () -- C:\Windows\System32\MovieCTL.dll
[2007/06/13 16:28:58 | 01,277,952 | ---- | C] () -- C:\Windows\System32\libfishsound.dll
[2007/03/26 20:28:43 | 00,036,864 | ---- | C] () -- C:\Windows\System32\hpcoinst.dll
[2007/03/26 16:20:51 | 00,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2007/03/13 17:48:50 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/13 17:48:50 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,189 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/15 18:40:22 | 00,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/07/25 14:28:49 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 14:28:48 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 14:00:16 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/07/25 09:24:23 | 00,041,281 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/25 09:24:22 | 39,249,378 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/25 00:42:08 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F485EB87-B526-4BD4-BF89-D0146E5357D2}.job
[2009/07/24 23:39:11 | 00,063,488 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/24 23:36:07 | 00,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2009/07/24 21:46:29 | 00,061,440 | ---- | M] () -- C:\Windows\System32\drivers\gkmv.sys
[2009/07/24 21:30:21 | 00,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 21:28:55 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\AdwareBot System Startup.job
[2009/07/24 21:28:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/24 21:28:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/24 21:28:16 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 21:27:17 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 00:50:32 | 04,035,500 | ---- | M] () -- C:\Users\Richard\Desktop\Matt and Kim_Self Titled_05_No More Long Years.wav
[2009/07/20 00:50:00 | 05,605,330 | ---- | M] () -- C:\Users\Richard\Desktop\atb - what about us(4).wav
[2009/07/20 00:49:26 | 05,758,888 | ---- | M] () -- C:\Users\Richard\Desktop\atb - ecstasy.wav
[2009/07/20 00:49:06 | 08,659,050 | ---- | M] () -- C:\Users\Richard\Desktop\a-pendulum-slam-sour.wav
[2009/07/20 00:48:25 | 04,113,836 | ---- | M] () -- C:\Users\Richard\Desktop\05 ass up (banana inc remix) - tro454243.wav
[2009/07/20 00:48:02 | 03,042,474 | ---- | M] () -- C:\Users\Richard\Desktop\03-breakdown-prod-by-hitterquitter-boyz.wav
[2009/07/20 00:47:41 | 06,749,032 | ---- | M] () -- C:\Users\Richard\Desktop\01-prodigy-voodoo_people_(pendulum_remix).wav
[2009/07/20 00:46:51 | 04,660,178 | ---- | M] () -- C:\Users\Richard\Desktop\matisyahu - one day(2).wav
[2009/07/20 00:40:32 | 05,072,960 | ---- | M] () -- C:\Users\Richard\Desktop\matisyahu - one day(2).mp3
[2009/07/19 13:24:44 | 21,597,5098 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/17 20:29:06 | 00,001,690 | ---- | M] () -- C:\Users\Richard\Desktop\Source SDK Base.lnk
[2009/07/17 19:49:24 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/17 01:17:09 | 88,471,9732 | ---- | M] () -- C:\Users\Richard\Desktop\NeotokyoInstaller_07032009.exe
[2009/07/16 03:05:22 | 03,441,037 | -H-- | M] () -- C:\Users\Richard\AppData\Local\IconCache.db
[2009/07/16 01:13:56 | 00,128,962 | ---- | M] () -- C:\Users\Richard\Desktop\5936_1098018930456_1226100012_30255782_568899_n.jpg
[2009/07/16 01:13:54 | 00,076,696 | ---- | M] () -- C:\Users\Richard\Desktop\5936_1098018890455_1226100012_30255781_4154457_n.jpg
[2009/07/15 13:48:31 | 00,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009/07/15 07:12:00 | 00,304,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 15:32:41 | 00,073,728 | ---- | M] () -- C:\Users\Richard\Desktop\volunteer-coord-packet.doc
[2009/07/12 23:13:10 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/11 16:25:12 | 00,000,680 | ---- | M] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/06 22:12:17 | 00,001,706 | ---- | M] () -- C:\Users\Richard\Desktop\Half-Life 2 Episode Two.lnk
[2009/06/30 20:04:43 | 00,001,706 | ---- | M] () -- C:\Users\Richard\Desktop\Half-Life 2 Episode One.lnk
[2009/06/30 17:48:00 | 00,000,957 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/06/29 17:39:27 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
< End of report >







OTL Extras logfile created on: 7/25/2009 2:14:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Richard\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16851)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.78% Memory free
4.00 Gb Paging File | 2.52 Gb Available in Paging File | 62.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.30 Gb Total Space | 12.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 9.27 Gb Free Space | 94.89% Space Free | Partition Type: NTFS
Drive E: | 3.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THEMATRIX
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAB6B51-19B3-43EE-9727-0753B5C74E88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{120CA2F5-4595-4F81-8206-36489065311D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{122DA674-7C27-4253-B3B0-3FEC4AAE4F21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{18195C71-1C84-4084-B1B7-DDB5835DACB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{1AB16B97-88A0-4380-9F7C-61356EC746A4}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{1AD1F486-25E0-413C-867E-C91543BADF04}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{2216C55E-912A-488A-9311-17CCF12F69A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{226CFD11-6752-46FA-BFD3-66A61BCB1B2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{241F68E5-9EE9-4BE3-A8D3-1C4160BCA8EB}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{26F8B6BB-65A5-42DC-8DDA-44C86C12D8B2}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{288268EF-15AE-443E-BDF1-C56731E943FF}" = rport=5358 | protocol=6 | dir=out | app=system |
"{2CFB7DBA-A811-44BB-AB70-DD06E7174770}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{320C8CB7-3AD7-4B7C-B77F-19D12AFBAB6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{36D4BB1A-30E8-491B-8D80-4B226D3D86C5}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{3A1CD3CF-9C1A-4717-88EC-A6A1BEF4BB66}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3ABE844C-3D14-4ACE-A726-3B670B3B17D4}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3D22EB66-8EBA-401F-9D29-A9E154DC6F9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3E2ED99B-C1AF-40AC-860C-D7DAE8CAA0AE}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{40686D09-5E6C-4D2E-A167-8F50B7C8789F}" = rport=138 | protocol=17 | dir=out | app=system |
"{443CF32A-8391-404A-BBF6-D79D9A1F391A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4A8C8569-E438-449B-A11F-02D26D058D46}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{4DE08D83-7DEF-4DAE-99AB-1361DC50A4B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4E0A2E08-65A7-4B41-8808-37E61480007B}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E76EC49-F9CA-46D1-B48D-D8BD53B40589}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4EC3461F-C285-407D-975B-C6C3232C5AB0}" = lport=1701 | protocol=17 | dir=in | app=system |
"{4F0749A9-5BFD-45C8-B950-887D71497040}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{4F2D91BA-BC92-4D2D-BEEB-D8A9D97E6A5D}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{56DD36CE-42CB-4843-9EB2-73DD2786B63F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{56FDB394-E7A3-4A3E-BACB-0525945718D3}" = rport=1723 | protocol=6 | dir=out | app=system |
"{573CE33A-F10E-4143-8DA8-C9761B468281}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{5820C131-F954-401D-B79C-485DA004ECB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{58CC70AC-3B45-4635-9523-95A060B1A49C}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{5DC649D5-6764-442F-887F-EB023225D221}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{64A150BD-A62D-40AE-AA48-C90164B54F43}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6A45FED4-414B-40E1-9C48-345B9C25599C}" = rport=1701 | protocol=17 | dir=out | app=system |
"{6C7092AF-77C1-4018-A1FC-1DC513211CF7}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{6CF4236F-0469-4F95-980C-3F069BBAF363}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7750A5E1-D488-4971-B826-2071BB03387B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7789D753-5812-46B9-B175-083974A0930A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{7AD16C90-A6EF-410A-9047-B1483B72F8AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AFA4267-7E50-4ED2-AED8-868C87BBEE51}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{7C635810-BD04-46A2-9E5E-E6993FA74A82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7FE98F49-1BC3-4C61-8660-9A71EC557B01}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A24052F-6B92-451D-8302-3300421976FD}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{8BD90FFD-8670-4D01-82E2-57F1223458DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{91246F56-B365-406B-A762-92866B0BAAE5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{936187C9-5492-4F96-9CEF-0F44FE065CCA}" = lport=137 | protocol=17 | dir=in | app=system |
"{93F5A05F-3BA0-42B2-A483-D7ACDD823494}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{978113B9-245F-4F6A-9977-24EA6DADCD64}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{990C5E6A-58F2-4CEA-B325-9D732A4376DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9CE3FBC8-DA98-44C5-B36C-5E82CFBA7979}" = lport=80 | protocol=6 | dir=in | app=system |
"{A0104649-952D-4C5B-8635-CCEA633D4B77}" = lport=445 | protocol=6 | dir=in | app=system |
"{A81A3ED1-E1F9-4C26-9DEB-023D6428E7BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ACD9E3CD-B19B-4B7B-997D-ED8A865DC596}" = lport=1723 | protocol=6 | dir=in | app=system |
"{B138918E-42EF-451A-9A36-CFAD6244C283}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB35F6D0-DD52-4990-B9BD-EB1C38B10830}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB422318-A117-4CF7-880C-3410A832D4F3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{BD206EB8-E9BA-445A-900A-6DDF2C4232FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3FA9AAB-2FEB-4931-81A0-18A3B9366C8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C671230F-8E3D-4482-8AB8-0571C92CC2A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CFC2CF10-ACF7-45B4-A7EB-E4393617555F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D0A5280F-9157-4FA4-A464-EAE9F287F99D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D3523570-E901-461D-BCE1-2E6B5D131998}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D447E6F4-1E98-4B9B-9595-A6B8779A642D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D68E68C6-8D8B-4507-8F3C-47C154A9698B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{D8E483E4-2D0E-466E-9496-1AF99E714334}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA16850A-F554-41A1-A923-E3CEA607EF4F}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{DA5E879D-FE76-4D11-B0E6-83A481B86559}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{DB991853-AF50-437A-B3B3-8E897EE88C24}" = rport=2178 | protocol=6 | dir=out | app=system |
"{DC5C4EAD-186B-4B9E-BE52-FEE31205FF92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DF892B67-B241-4A7E-9EE7-271593A528DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{E05BFDB2-3906-46EA-8BC0-D90E9188BEBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E2D23C2A-3452-4B67-B68F-2D1A548305C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E56FB03E-1B85-4287-BB92-6EF1FAA79C4F}" = lport=445 | protocol=6 | dir=in | app=system |
"{E746BCD5-87EC-41F0-925D-8C557020FF09}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E75F8C95-E3BF-4370-873E-7DB21B65232E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E78769D0-F6AF-417E-B3EA-5A76DC8B0B61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{EBE5F116-A19B-40A8-8F85-548098B45D2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EBEA5D94-BFA1-43C5-AA66-57D5609C4875}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EC87C9D6-DCAF-4AAC-81DA-4808E7C579FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ED38572D-6D68-47CB-BF68-3769558FD141}" = lport=5357 | protocol=6 | dir=in | app=system |
"{ED7905E6-62AF-482F-B857-5C4D0AB93C5B}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{ED86AE18-CB2F-4013-A8F3-8218B7116E5C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{EDF76D91-9A8B-492A-A5A7-2F8DA7DCC67F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{EF601594-652A-495B-8F19-CFE804AC47EE}" = lport=2178 | protocol=6 | dir=in | app=system |
"{F09C072B-ECDF-46D9-9502-666AD031960D}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F36900A3-59A3-4EA3-A135-093849CEF72F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F71AB37B-0D1F-4E79-8E8B-E4B30EF15DF8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{FC1F2B5D-6D21-47FD-ABE3-9780363A5C72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FF5461EF-88B9-4A0B-8655-BDDFBA48C8A8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{FFBCF3E3-1837-4AC5-B5F3-5AA4FFD96472}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F814C6-B800-4AB6-B1B4-3C29CDCC85CE}" = protocol=6 | dir=out | app=system |
"{047A9A1D-DF28-45F0-9582-7FA68568225A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{095DABC6-06E4-499C-BEF8-F7BF8B9DFB3F}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe |
"{09C4741E-5BBC-4064-B79B-0826B2009303}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{0B0C9A6A-7910-4884-9990-5740CE9DF54D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B98ED91-4A17-4B76-BC4D-E98B5439A47A}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{1050D237-65FA-4FAE-98FF-5F048FC910EA}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe |
"{10D7920B-58B0-4252-9733-4600A264C565}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{16FD1E48-5BD7-4A83-849D-964040180A93}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{171B6362-A6DB-4BE6-B8FF-B013EFE6BDB5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{173C5B1A-F312-4FCB-AAE1-E8B01C254FBB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{17F320B2-FA7D-4FD9-B92D-450626D1F123}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1BAA947C-42A9-4D09-85F5-425973F3A01B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{1E600C01-11EE-44CE-925A-019E3EB7D8A3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{21BA7D3A-65F5-486B-BDFA-A383845B08FC}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{23559FCB-779D-4487-83E3-651F1180E592}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{24668A49-5ABA-48F7-A87C-9F6EA8E062E5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2497CFC1-1C15-4ED8-9365-1F2AC7A0A0C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2A498C48-2230-4C38-BC02-4E65579C79FF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2F83DCC7-994F-46E2-A52B-65E8C4778F47}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{30F7C31C-79D6-4D9D-9FFB-8A9EFBE0B59A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{3356B0A9-8921-41D6-86BF-1F71F58AA820}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{36C33337-35CA-4F40-94AB-6D060EE44D74}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{37264A71-9C8E-47E5-9891-9F057D958DDF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3A315BFC-6825-49D7-81B3-006001ABB227}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3B0ADD40-F313-4003-A6F8-0BE4325B3EA1}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{3E47724E-E98D-4FCD-8128-BB23F9DC1693}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3EA8304A-BDB9-4347-A3FC-14AFB3DC5E55}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{3FE3C0A9-2EE1-4086-8764-DD52F5649709}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{46574109-F31A-4376-861D-D4DC0EF56303}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{49B4B093-A501-40BE-8A45-A5950E2C506A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{4BD2D582-5D8F-463A-83D5-50947D76992A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4CFAEC16-3351-4822-ACB7-FED8D2DF7AFC}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{4D2E0B1E-7BD9-464C-807B-811833364470}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{4FD0BF39-8542-44FA-8954-711934F04AC6}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{500BD46A-7B54-460E-868D-8588730578DB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{50464E0B-D455-437B-B7A1-EDEE540BDC4D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6263567D-D23D-4296-9402-46A07F8DFF08}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6408A3A5-D1E8-457A-89BD-2791EEF9C506}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{648933D4-17EE-47AB-926B-84090DDCC551}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{65A55EEA-3767-4AF9-9348-970E41EDAE02}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6A0BCC1B-44F9-4C0A-A981-A5F1F38EEA06}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6BDE209B-AD7F-47AC-894C-BBD00DBC2140}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6D4D9B71-CED6-4534-981C-5F978E54A28D}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{6FFD228A-2F84-4C2C-A135-6466AF609A30}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{700B297F-44FC-4A5F-800C-26165D0B7B74}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{75CE6254-CC39-4BD3-8673-737C7DE7E467}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{7A657FA6-3093-4066-9548-BFD7F6C1872A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7F37EB11-4C15-4F08-8837-354EA34A5C02}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{7F387626-8DC5-45A7-867E-333CAC904753}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{81D0301F-507B-43C2-8254-A4C53415A539}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{82576633-F155-4DED-BE07-F6EFD3CD6589}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{84DEF753-178E-40A6-911E-252BB3C3F61F}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{851EEC0F-9501-4708-84A8-52E84807EEFF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{87E5C730-DC3A-4BB2-84B2-A5BDD7AB6CC5}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{98706119-0F38-44B9-8DF5-ECF371D9A225}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{987BE0A3-2234-4DBE-A5F3-12F09D51D6D4}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{98E7323F-7D12-4E59-9B0B-AFFC6373D193}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9AD3D200-B2F8-4E3F-B9AE-85E631C46C8C}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{9B793AE3-2596-4455-9C16-CFCCA5DB05DB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9BDA8524-C80C-44B9-BA75-3FC3788E580D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F26F36E-99E0-427E-B0AA-56302E742132}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{A5AFC5FC-5227-4BA7-9ADE-B6A4A64B6AA6}" = protocol=6 | dir=out | app=system |
"{A63DEBA8-A84A-4AF5-982E-A018BCA883D6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA74DB0C-A858-4DA4-ADE7-0A869BF8CE2A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AE2C6C26-0D2F-4767-9935-F183AE9905C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFDA5A84-A5A6-43D0-86A0-C3A282EFBCB2}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{B2235BCF-DC1F-497F-BE3B-56520AE4221E}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{B4D4BB26-EDE0-41D2-BB91-24B6427FBAF0}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{BBA6B3F8-557F-4046-983D-4B351A54756F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{BD99996A-4E52-4522-984E-51B1B79AFB0B}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{C014B238-A63B-4496-91EF-0DA85AAC1107}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C3E3C1D3-F0EB-415B-BEBF-4ABDC927A8B0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C77E77E6-F56C-44C9-B982-5280CE2833DF}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{CC9BCCC5-EACB-4E61-8FAC-292C58E1DE72}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CD70C477-228A-4DC0-91BF-9A846CF4FB3C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CF5714CC-43E0-4A81-8E62-BE24B786F1C2}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D0CC6432-EAF0-4171-B223-C0B76368B1AC}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{D965A519-131B-4EF7-88C1-278E4A479F60}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{D9A677AE-CED6-4B48-AC7E-44C37FEDC8F3}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{DB024064-811C-4BB6-B1F9-B2F376250D61}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{DDF7753D-25E4-465D-B3F1-35360B859600}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E3A261CB-1D77-4383-8235-B15852A0552E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E3F7B82F-2CD6-4E7B-A6B0-CF733E428736}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{E57919F8-7EA6-4756-BC9B-C1F56B240107}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E5F1E932-8970-442D-9091-10D3EDF90D93}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{E6ABD81A-8E54-48FD-8763-9B300A6D0C38}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{E89CD786-1430-43CB-BE1B-C54A7760E001}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{E940BEE6-103B-456C-895A-23726A99AFC9}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{EC302BF2-1EF4-4EFD-9276-144CE42E62C6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F29652DB-8595-44A0-BA85-FA2847CFF9A4}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{F4417184-9067-4B7A-BA7C-81689574F99A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{F4709B04-27BD-49B8-A03E-F978CAD3A904}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F6F2A753-7C8D-430A-A247-3573F4B3E210}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{FB5019E0-D4E1-414A-AAE5-E20F4D0BEFD8}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{FB9103AF-6302-4EF5-BD75-2B1A18CEF872}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{FCB804EB-7E3A-43F4-B850-EFF75519E8BF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{01039BCA-8D1E-4BDD-969F-3396133EA9EA}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{060654AA-789E-4010-9674-BEAB09D0BA14}C:\program files\steam\steamapps\richeyyy\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\day of defeat\hl.exe |
"TCP Query User{12BD372D-1129-4249-AE5C-D001C2844D1B}C:\program files\steam\steamapps\richeyyy\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\garrysmod\hl2.exe |
"TCP Query User{23FDDBDA-0CE2-4DCE-B150-07F0941C5F15}C:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe |
"TCP Query User{3EDB5942-1EBE-43CB-917D-187F7908872F}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{4F57CB1E-AFA5-4C52-A2A2-E1B3FA483336}C:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe |
"TCP Query User{535BA532-C0B5-4B3B-96F8-E654FB5FF619}C:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe |
"TCP Query User{5F73A167-5DFA-4A63-B457-8C7B2494C892}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{63CA10F0-400D-4BAE-A5D7-A1D50D426DFA}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{7187F267-1BE2-4E37-BE16-36BBBEC05149}C:\program files\steam\steamapps\richeyyy\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\condition zero\hl.exe |
"TCP Query User{7845A112-C1C8-4615-B617-0EB83EF80CB0}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{8525866A-46BC-4525-8557-53C6ED2D195E}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{8C97AE82-4265-48F8-86EE-BF6DD44251B0}C:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe |
"TCP Query User{ACA0CF26-4E1C-4CEC-A5E6-39A59ADA6839}C:\program files\ares ultra\ares ultra.exe" = protocol=6 | dir=in | app=c:\program files\ares ultra\ares ultra.exe |
"TCP Query User{B567F5DE-C45E-4D2E-B6CC-A9C47C1F17DC}C:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe |
"TCP Query User{B8E7125A-4C34-4774-A587-5BC5554660D9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BD080BDB-E3A5-45E6-8797-D70E579605F5}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{BEB007B9-8392-4B68-A670-1D89C45BD318}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{DE3A174B-394B-4AAA-85EF-6B2872A02C03}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{FDE90DED-97A2-4663-83D6-1C55D2651B50}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0700EF3C-554F-44AC-96DC-828DC17FE7E0}C:\program files\steam\steamapps\richeyyy\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\day of defeat\hl.exe |
"UDP Query User{0C51585A-D456-4FEE-ABC7-029DA0D74A9B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{18697407-757F-49B6-8246-4CB35CD700B4}C:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe |
"UDP Query User{2709E36F-7AC9-44CB-AB2E-84B61DA1E41A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2F642BC8-F1E5-431D-87E6-CA0684D19495}C:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe |
"UDP Query User{3FAF04BA-6E0C-4C25-8113-183F6BC37651}C:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe |
"UDP Query User{50E39EF2-3F64-4332-974A-F741281FF117}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{5AB1B8BD-F5B7-4C6B-8912-AFDC61A57F11}C:\program files\ares ultra\ares ultra.exe" = protocol=17 | dir=in | app=c:\program files\ares ultra\ares ultra.exe |
"UDP Query User{606DEB4F-340B-4A9F-B1FB-C4C1DF808BD1}C:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe |
"UDP Query User{65620B8D-9B15-4071-8FAE-C11F015A649D}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{6DBBB8C4-D67F-4859-AB01-C92446F171D7}C:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe |
"UDP Query User{98E1C295-20ED-4DE6-BB44-7DC2201A438A}C:\program files\steam\steamapps\richeyyy\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\garrysmod\hl2.exe |
"UDP Query User{A11E9E90-6777-4D49-A037-4D4ADE1A2AF8}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{A1F0432C-BAE0-44CA-94B1-31364456A824}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{B9566663-AFFE-4924-BAB9-6407239CDDC4}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{BB28A2EC-DED1-4F09-9AF8-2800605452ED}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BB748150-E930-4541-9CEB-8CCD55B419A1}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{C25F827D-DED4-4A46-873A-E9B994C7B048}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{CED047AC-D65B-44D3-90B7-8E409C72D1AD}C:\program files\steam\steamapps\richeyyy\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\richeyyy\condition zero\hl.exe |
"UDP Query User{FD340D05-1485-41DD-947D-CC77E6C9D456}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{552A777B-57E1-4DD2-9A28-4C35DBDF0196}" = GSC
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C30A62AA-22D2-4AFF-B88C-6511BAA01A4B}" = SpywareBot
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"ACDSee" = ACDSee
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"Ares" = Ares 2.0.9
"AVG8Uninstall" = AVG 8.5
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"eMusic Remote" = eMusic Remote 1.0.0.2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GoldWave v5.20" = GoldWave v5.20
"Google Updater" = Google Updater
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PokerStars.net" = PokerStars.net
"Q-Xpress Installer" = Q-Xpress Installer 1.1.9
"Soulseek" = SoulSeek Client 156c
"Steam" = Steam
"Steam App 13210" = Unreal Tournament 3
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 4400" = City Life
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 4" = TeamViewer 4
"Toxic Biohazard" = Toxic Biohazard
"Trivia Machine" = Trivia Machine (remove only)
"ubroadcast player" = ubroadcast player 1060
"ubroadcast Station Manager" = ubroadcast Station Manager 10056
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Videora iPod Converter" = Videora iPod Converter 4.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTFEdit_is1" = VTFEdit 1.2.5
"WAVSPLIT210_is1" = Wave Splitter 2.10
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Extras" = Yahoo! Browser Services
"YouTube Downloader App" = YouTube Downloader App 1.01
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2917928027-884967084-2778667727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 30" = Day of Defeat
"Steam App 4000" = Garry's Mod
"Steam App 4560" = Company of Heroes

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2009 11:10:16 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x15f0,
application start time 0x01ca0cd471fbf83b.

Error - 7/24/2009 11:11:45 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x1434,
application start time 0x01ca0cd58ed4596b.

Error - 7/24/2009 11:12:06 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x1338,
application start time 0x01ca0cd5aa2dd83b.

Error - 7/24/2009 11:12:22 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x1044,
application start time 0x01ca0cd5b2e7460b.

Error - 7/24/2009 11:13:35 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x172c,
application start time 0x01ca0cd5bda388bb.

Error - 7/24/2009 11:16:53 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x11d4,
application start time 0x01ca0cd5e738acfb.

Error - 7/24/2009 11:20:41 PM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module QuickTimeAudioSupport.qtx, version 7.6.6.0, time stamp
0x4a1c7066, exception code 0xc0000005, fault offset 0x001a2072, process id 0x4bc,
application start time 0x01ca0cd65fe5509b.

Error - 7/25/2009 2:53:49 AM | Computer Name = Thematrix | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x0232553e, process id 0x6a4, application
start time 0x01ca0cee2c8e79cb.

Error - 7/25/2009 3:40:14 AM | Computer Name = Thematrix | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3474 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10d0 Start Time: 01ca0cf74f57441b Termination Time: 34

Error - 7/25/2009 7:30:16 AM | Computer Name = Thematrix | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 5/23/2008 11:40:17 PM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/28/2008 8:14:56 AM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 10:20:23 PM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 9:07:41 AM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 9:41:44 PM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/4/2008 8:47:02 AM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/12/2008 7:38:16 PM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 7:51:28 AM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/6/2008 7:42:18 PM | Computer Name = Thematrix | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/29/2008 9:29:02 PM | Computer Name = Thematrix | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 7/23/2009 2:44:41 PM | Computer Name = Thematrix | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 7/23/2009 2:46:16 PM | Computer Name = Thematrix | Source = Service Control Manager | ID = 7000
Description =

Error - 7/24/2009 5:52:00 PM | Computer Name = Thematrix | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:50:24 PM on 7/24/2009 was unexpected.

Error - 7/24/2009 5:51:20 PM | Computer Name = Thematrix | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2009 5:51:20 PM | Computer Name = Thematrix | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2009 5:58:15 PM | Computer Name = Thematrix | Source = DCOM | ID = 10010
Description =

Error - 7/24/2009 9:28:38 PM | Computer Name = Thematrix | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:36 PM on 7/24/2009 was unexpected.

Error - 7/24/2009 9:28:01 PM | Computer Name = Thematrix | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2009 9:28:01 PM | Computer Name = Thematrix | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2009 9:29:20 PM | Computer Name = Thematrix | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:27 PM

Posted 25 July 2009 - 03:25 PM

Hi,

could you please tell me if you have any symptoms right now, popups, redirects, that kind of thing?

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • rename it to fun.exe
  • Double click on fun.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 richeym

richeym
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 25 July 2009 - 04:30 PM

the only thing ive been noticing lately is the internet is sometimes slow, no popups recently.


ComboFix 09-07-24.01 - Richard 07/25/2009 16:59.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.880 [GMT -4:00]
Running from: c:\users\Richard\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AdwareBot *disabled* (Updated) {82C00465-15A6-4950-B7E2-8206FC3DC178}
SP: AntispywareBot *disabled* (Updated) {6C0563CE-4784-4CA8-BADE-7262372769A2}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SpywareBot *disabled* (Updated) {039833F7-F768-4C1F-A38A-9F3A650EDFFB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2917928027-884967084-2778667727-500
c:\windows\Installer\127170.msi
c:\windows\Installer\12da48.msi
c:\windows\Installer\14e33.msi
c:\windows\Installer\14e86.msi
c:\windows\Installer\14e8e.msi
c:\windows\Installer\14e94.msi
c:\windows\Installer\14e9a.msi
c:\windows\Installer\15390c45.msi
c:\windows\Installer\19f7f9e3.msi
c:\windows\Installer\19f7f9ef.msi
c:\windows\Installer\19f7f9f5.msi
c:\windows\Installer\1cc66325.msi
c:\windows\Installer\1d89f63.msi
c:\windows\Installer\1f955ad.msi
c:\windows\Installer\2590e3b.msi
c:\windows\Installer\27064e1.msi
c:\windows\Installer\28c94e9.msi
c:\windows\Installer\28c94ef.msi
c:\windows\Installer\28c94f5.msi
c:\windows\Installer\28c9501.msi
c:\windows\Installer\28c9514.msi
c:\windows\Installer\28c9531.msi
c:\windows\Installer\28c9567.msi
c:\windows\Installer\28c956d.msi
c:\windows\Installer\28c9573.msi
c:\windows\Installer\28c9636.msi
c:\windows\Installer\2f6805b.msi
c:\windows\Installer\44f76d5.msi
c:\windows\Installer\467c5d.msi
c:\windows\Installer\499a15.msi
c:\windows\Installer\4a2a10.msi
c:\windows\Installer\66cdc.msi
c:\windows\Installer\6c9b5a0.msi
c:\windows\Installer\871088.msi
c:\windows\Installer\9b787f.msi
c:\windows\Installer\a19095.msi
c:\windows\Installer\ab01605.msi
c:\windows\Installer\ac3cf8b.msi
c:\windows\Installer\d18d0.msi
c:\windows\Installer\d9958c7.msi
c:\windows\Installer\e3099a8.msi
c:\windows\run.log
c:\windows\system32\drivers\UACnmaegihrbiaurlwpp.sys
c:\windows\system32\UACecsixtkhckocxbhcw.db
c:\windows\system32\UAChggdjnkctnrxnfoxu.dll
c:\windows\system32\UAClglbficeruvqiqpti.dat
c:\windows\system32\UACllsnpfspchvfebgye.dll
c:\windows\system32\UAClnvyncnqekhimsqls.dll
c:\windows\system32\UACnlovjvblpjkebqjwm.dll
c:\windows\system32\UACsdacrwpydxlseijyt.dll
c:\windows\system32\uactmp.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 21:21 . 2009-07-25 21:22 -------- d-----w- c:\users\Richard\AppData\Local\temp
2009-07-25 21:21 . 2009-07-25 21:21 -------- d-----w- c:\users\poppet\AppData\Local\temp
2009-07-25 21:21 . 2009-07-25 21:21 -------- d-----w- c:\users\Lynn\AppData\Local\temp
2009-07-25 20:14 . 2007-06-21 00:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-07-25 19:13 . 2009-07-25 19:13 -------- d-----w- c:\program files\2K Sports
2009-07-25 11:30 . 2009-07-25 11:30 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-25 03:35 . 2009-07-25 03:35 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-25 03:35 . 2009-07-25 04:52 -------- d-----w- c:\users\Richard\AppData\Roaming\Winamp
2009-07-21 04:03 . 2009-07-21 04:03 -------- d-----w- c:\program files\iPod
2009-07-21 04:00 . 2009-07-21 04:00 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 06:24 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:24 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 06:24 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:24 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:24 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 06:24 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 04:04 . 2009-07-13 04:04 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes
2009-07-13 03:13 . 2009-07-25 01:30 -------- d-----w- c:\users\Richard\AppData\Roaming\Skype
2009-07-13 03:13 . 2009-07-13 03:13 -------- d-----w- c:\program files\Common Files\Skype
2009-07-13 03:13 . 2009-07-13 03:13 -------- d-----r- c:\program files\Skype
2009-07-13 03:13 . 2009-07-13 03:13 -------- d-----w- c:\programdata\Skype
2009-07-12 03:42 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 03:42 . 2009-07-13 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 03:42 . 2009-07-12 03:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-12 03:42 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 05:48 . 2009-07-09 05:48 -------- d-----w- c:\program files\Crawler
2009-07-03 07:26 . 2009-07-03 07:26 -------- d-----w- c:\users\poppet\AppData\Local\AVG Security Toolbar
2009-06-30 21:48 . 2009-06-30 21:48 -------- d-----w- c:\users\Richard\AppData\Roaming\TeamViewer
2009-06-30 21:47 . 2009-06-30 21:47 -------- d-----w- c:\program files\TeamViewer
2009-06-30 21:47 . 2009-06-30 21:47 -------- d-----w- c:\users\Richard\temp
2009-06-30 21:14 . 2009-07-09 05:31 -------- d-----w- c:\program files\VstPlugins
2009-06-30 21:14 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-06-30 21:13 . 2009-06-30 21:13 -------- d-----w- c:\program files\Outsim
2009-06-30 21:11 . 2009-07-12 03:45 -------- d-----w- c:\program files\Image-Line
2009-06-29 16:57 . 2009-06-29 16:57 -------- d-----w- c:\users\Lynn\AppData\Local\AVG Security Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 19:17 . 2007-03-31 03:01 -------- d-----w- c:\users\Richard\AppData\Roaming\BitTorrent
2009-07-25 19:11 . 2007-03-14 02:14 -------- d-----w- c:\program files\Steam
2009-07-25 06:52 . 2007-10-14 18:38 -------- d-----w- c:\programdata\Google Updater
2009-07-25 06:07 . 2007-11-22 15:32 -------- d-----w- c:\users\Richard\AppData\Roaming\mIRC
2009-07-25 05:46 . 2007-11-19 05:03 -------- d-----w- c:\program files\mIRC
2009-07-25 03:36 . 2007-04-06 19:14 -------- d-----w- c:\program files\Winamp
2009-07-25 01:59 . 2009-03-15 04:15 -------- d-----w- c:\program files\QuickTime
2009-07-21 04:04 . 2007-07-02 22:18 -------- d-----w- c:\program files\iTunes
2009-07-21 04:03 . 2007-07-02 22:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 15:56 . 2007-03-15 00:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-17 23:49 . 2009-03-31 16:19 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 17:49 . 2007-03-13 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-07-15 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-12 03:36 . 2009-03-31 16:18 -------- d-----w- c:\programdata\avg8
2009-07-11 20:25 . 2008-10-30 02:55 680 ----a-w- c:\users\Richard\AppData\Local\d3d9caps.dat
2009-07-06 18:28 . 2007-09-14 21:30 -------- d-----w- c:\program files\Common Files\Steam
2009-07-04 07:56 . 2007-03-28 02:40 -------- d-----w- c:\program files\Soulseek
2009-06-25 02:12 . 2009-06-24 12:31 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 12:30 . 2009-03-31 16:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 12:30 . 2007-03-20 18:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 18:59 . 2007-05-06 13:25 -------- d-----w- c:\program files\AIM6
2009-06-22 18:59 . 2007-03-13 23:08 -------- d-----w- c:\program files\Viewpoint
2009-06-22 18:59 . 2007-05-06 13:26 -------- d-----w- c:\programdata\Viewpoint
2009-06-22 18:57 . 2007-05-06 13:22 -------- d-----w- c:\programdata\AOL Downloads
2009-06-15 01:14 . 2007-03-13 22:05 -------- d-----w- c:\program files\Yahoo!
2009-06-14 20:07 . 2009-06-25 02:12 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-08 20:47 . 2009-06-08 20:47 -------- d-----w- c:\users\Richard\AppData\Roaming\Leadertech
2009-06-05 21:12 . 2007-07-02 22:15 -------- d-----w- c:\programdata\Apple
2009-06-05 20:09 . 2007-10-28 22:04 -------- d-----w- c:\program files\GoldWave
2009-06-05 20:08 . 2009-06-05 20:08 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-06-05 20:08 . 2007-05-21 01:55 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-04 21:28 . 2009-06-04 21:25 -------- d-----w- c:\users\Richard\AppData\Roaming\DAEMON Tools Lite
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-04 21:25 . 2009-06-04 21:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-04 21:25 . 2009-06-04 21:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-01 03:42 . 2009-06-01 03:42 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 01:10 . 2009-05-29 01:10 -------- d-----w- c:\users\Richard\AppData\Roaming\AVGTOOLBAR
2009-05-28 03:02 . 2007-05-06 23:33 -------- d-----w- c:\programdata\NVIDIA
2009-05-27 00:04 . 2007-03-13 21:56 -------- d-----w- c:\programdata\WildTangent
2009-05-27 00:03 . 2007-04-09 03:10 -------- d-----w- c:\program files\Google
2009-05-19 05:36 . 2009-06-22 18:57 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-22 18:57 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-22 18:57 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-22 18:57 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-22 18:57 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-22 18:57 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-22 18:57 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-22 18:57 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 03:13 . 2009-05-15 20:26 528 ----a-w- c:\windows\eReg.dat
2009-05-15 22:21 . 2009-05-15 22:21 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 23:05 . 2009-05-14 23:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-11 23:00 . 2009-05-11 23:00 262144 ----a-w- C:\ntuser.dat
2009-05-02 13:29 . 2009-03-31 16:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 12:52 . 2009-06-14 11:32 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-14 11:32 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-14 11:32 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-28 20:20 . 2006-08-16 18:57 129520 ------w- c:\windows\system32\PxAFS.DLL
2009-07-23 00:00 . 2008-09-07 16:30 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 68856]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BTBFirstRun"="c:\program files\Hewlett-Packard\SDP\hprun.exe" [2006-11-14 20480]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-16 1480296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-12 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-14 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 68856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-3-13 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\k:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{21BA7D3A-65F5-486B-BDFA-A383845B08FC}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{84DEF753-178E-40A6-911E-252BB3C3F61F}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{3A315BFC-6825-49D7-81B3-006001ABB227}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{23559FCB-779D-4487-83E3-651F1180E592}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E3F7B82F-2CD6-4E7B-A6B0-CF733E428736}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{75CE6254-CC39-4BD3-8673-737C7DE7E467}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{500BD46A-7B54-460E-868D-8588730578DB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CC9BCCC5-EACB-4E61-8FAC-292C58E1DE72}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{98706119-0F38-44B9-8DF5-ECF371D9A225}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F83DCC7-994F-46E2-A52B-65E8C4778F47}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2497CFC1-1C15-4ED8-9365-1F2AC7A0A0C1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A63DEBA8-A84A-4AF5-982E-A018BCA883D6}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{7187F267-1BE2-4E37-BE16-36BBBEC05149}c:\\program files\\steam\\steamapps\\richeyyy\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\richeyyy\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{CED047AC-D65B-44D3-90B7-8E409C72D1AD}c:\\program files\\steam\\steamapps\\richeyyy\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\richeyyy\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{8525866A-46BC-4525-8557-53C6ED2D195E}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{B9566663-AFFE-4924-BAB9-6407239CDDC4}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{10D7920B-58B0-4252-9733-4600A264C565}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{E89CD786-1430-43CB-BE1B-C54A7760E001}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{E940BEE6-103B-456C-895A-23726A99AFC9}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{FB5019E0-D4E1-414A-AAE5-E20F4D0BEFD8}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{3EA8304A-BDB9-4347-A3FC-14AFB3DC5E55}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{0B98ED91-4A17-4B76-BC4D-E98B5439A47A}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{095DABC6-06E4-499C-BEF8-F7BF8B9DFB3F}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{1050D237-65FA-4FAE-98FF-5F048FC910EA}"= TCP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{EC302BF2-1EF4-4EFD-9276-144CE42E62C6}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6408A3A5-D1E8-457A-89BD-2791EEF9C506}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E3A261CB-1D77-4383-8235-B15852A0552E}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{3E47724E-E98D-4FCD-8128-BB23F9DC1693}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{CD70C477-228A-4DC0-91BF-9A846CF4FB3C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{46574109-F31A-4376-861D-D4DC0EF56303}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E57919F8-7EA6-4756-BC9B-C1F56B240107}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6BDE209B-AD7F-47AC-894C-BBD00DBC2140}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{3EDB5942-1EBE-43CB-917D-187F7908872F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{A11E9E90-6777-4D49-A037-4D4ADE1A2AF8}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{B8E7125A-4C34-4774-A587-5BC5554660D9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0C51585A-D456-4FEE-ABC7-029DA0D74A9B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DE3A174B-394B-4AAA-85EF-6B2872A02C03}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{C25F827D-DED4-4A46-873A-E9B994C7B048}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{ACA0CF26-4E1C-4CEC-A5E6-39A59ADA6839}c:\\program files\\ares ultra\\ares ultra.exe"= UDP:c:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"UDP Query User{5AB1B8BD-F5B7-4C6B-8912-AFDC61A57F11}c:\\program files\\ares ultra\\ares ultra.exe"= TCP:c:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"TCP Query User{63CA10F0-400D-4BAE-A5D7-A1D50D426DFA}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65620B8D-9B15-4071-8FAE-C11F015A649D}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{FDE90DED-97A2-4663-83D6-1C55D2651B50}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BB28A2EC-DED1-4F09-9AF8-2800605452ED}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{7845A112-C1C8-4615-B617-0EB83EF80CB0}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{BB748150-E930-4541-9CEB-8CCD55B419A1}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{5F73A167-5DFA-4A63-B457-8C7B2494C892}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{A1F0432C-BAE0-44CA-94B1-31364456A824}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"TCP Query User{8C97AE82-4265-48F8-86EE-BF6DD44251B0}c:\\program files\\steam\\steamapps\\richeyyy\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe:hl2
"UDP Query User{2F642BC8-F1E5-431D-87E6-CA0684D19495}c:\\program files\\steam\\steamapps\\richeyyy\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\richeyyy\counter-strike source\hl2.exe:hl2
"TCP Query User{4F57CB1E-AFA5-4C52-A2A2-E1B3FA483336}c:\\program files\\steam\\steamapps\\richeyyy\\deathmatch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{18697407-757F-49B6-8246-4CB35CD700B4}c:\\program files\\steam\\steamapps\\richeyyy\\deathmatch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\richeyyy\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{BEB007B9-8392-4B68-A670-1D89C45BD318}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{2709E36F-7AC9-44CB-AB2E-84B61DA1E41A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{23FDDBDA-0CE2-4DCE-B150-07F0941C5F15}c:\\program files\\steam\\steamapps\\richeyyy\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{6DBBB8C4-D67F-4859-AB01-C92446F171D7}c:\\program files\\steam\\steamapps\\richeyyy\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\richeyyy\counter-strike\hl.exe:Half-Life Launcher
"{65A55EEA-3767-4AF9-9348-970E41EDAE02}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{6263567D-D23D-4296-9402-46A07F8DFF08}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{FCB804EB-7E3A-43F4-B850-EFF75519E8BF}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AA74DB0C-A858-4DA4-ADE7-0A869BF8CE2A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{01039BCA-8D1E-4BDD-969F-3396133EA9EA}c:\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{FD340D05-1485-41DD-947D-CC77E6C9D456}c:\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.exe:UnrealTournament
"{DDA05B03-5CF9-4432-9AED-EF1D962AB923}"= Disabled:UDP:c:\program files\NETAMIN\Real Baseball\game\RealBaseball.exe:RealBaseball
"{828AE10E-2BA0-45A0-A3FE-1390F627379C}"= Disabled:TCP:c:\program files\NETAMIN\Real Baseball\game\RealBaseball.exe:RealBaseball
"{1E600C01-11EE-44CE-925A-019E3EB7D8A3}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{173C5B1A-F312-4FCB-AAE1-E8B01C254FBB}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{3FE3C0A9-2EE1-4086-8764-DD52F5649709}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{6D4D9B71-CED6-4534-981C-5F978E54A28D}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{CF5714CC-43E0-4A81-8E62-BE24B786F1C2}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{98E7323F-7D12-4E59-9B0B-AFFC6373D193}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{24668A49-5ABA-48F7-A87C-9F6EA8E062E5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4BD2D582-5D8F-463A-83D5-50947D76992A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{0B0C9A6A-7910-4884-9990-5740CE9DF54D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE2C6C26-0D2F-4767-9935-F183AE9905C3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB024064-811C-4BB6-B1F9-B2F376250D61}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6FFD228A-2F84-4C2C-A135-6466AF609A30}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{3356B0A9-8921-41D6-86BF-1F71F58AA820}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{7F37EB11-4C15-4F08-8837-354EA34A5C02}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{9F26F36E-99E0-427E-B0AA-56302E742132}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{6A0BCC1B-44F9-4C0A-A981-A5F1F38EEA06}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{B567F5DE-C45E-4D2E-B6CC-A9C47C1F17DC}c:\\program files\\steam\\steamapps\\richeyyy\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe:hl2
"UDP Query User{3FAF04BA-6E0C-4C25-8113-183F6BC37651}c:\\program files\\steam\\steamapps\\richeyyy\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\richeyyy\team fortress 2\hl2.exe:hl2
"TCP Query User{BD080BDB-E3A5-45E6-8797-D70E579605F5}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{50E39EF2-3F64-4332-974A-F741281FF117}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"{9BDA8524-C80C-44B9-BA75-3FC3788E580D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4CFAEC16-3351-4822-ACB7-FED8D2DF7AFC}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{7F387626-8DC5-45A7-867E-333CAC904753}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{535BA532-C0B5-4B3B-96F8-E654FB5FF619}c:\\program files\\steam\\steamapps\\richeyyy\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe:hl2
"UDP Query User{606DEB4F-340B-4A9F-B1FB-C4C1DF808BD1}c:\\program files\\steam\\steamapps\\richeyyy\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\richeyyy\source sdk base\hl2.exe:hl2
"{50464E0B-D455-437B-B7A1-EDEE540BDC4D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9B793AE3-2596-4455-9C16-CFCCA5DB05DB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/31/2009 12:19 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/31/2009 12:19 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/31/2009 12:18 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 12:18 PM 298776]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [6/25/2009 3:22 AM 185640]
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-14 22:57]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{F485EB87-B526-4BD4-BF89-D0146E5357D2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\k391bjk8.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 17:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-25 17:25
ComboFix-quarantined-files.txt 2009-07-25 21:24

Pre-Run: 5,009,965,056 bytes free
Post-Run: 10,253,930,496 bytes free

415 --- E O F --- 2009-07-21 03:47

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:27 PM

Posted 25 July 2009 - 05:39 PM

Hi,

seems as if we got rid of the rootkit. :thumbup2:

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case ares and bittorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Your logs also show that Viewpoint is present on your PC, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

and your logs show, that your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please also run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (CJava Object) - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\Windows\System32\msjava32.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2917928027-884967084-2778667727-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
And finally, I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
please post back the new otl log and the results from Eset in your next reply. Please tell me if you notice any difference in your internet connection speed.

regads _temp_

Edited by _temp_, 25 July 2009 - 05:40 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:27 PM

Posted 31 July 2009 - 09:04 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users