Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox google links redirecting


  • This topic is locked This topic is locked
12 replies to this topic

#1 b_charlez

b_charlez

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 December 2009 - 06:56 PM

Hi I noticed that recently, sometimes when I click a link in google search results, google prevents me from being redirected to hxxp://c.ppcxml.net a site which google says is a reported attack site. I ran a full scan in Malwarebytes Anti-Malware and it reported that I had 0 infections. I also ran DDS and Hijackthis. I will post all the logs if needed. Any help is greatly appreciated.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Brandon at 18:33:35.20 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.914 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brandon\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=aim&c=c9361f2ef4b100ee9&browserVersion=6.0
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\drvadm87.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref

(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-28 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-28 56816]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-12-10 240232]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2009-4-17 34304]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IPN2120;Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2003-8-26 96256]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S2 gupdate1c9863d70ebe103;Google Update Service (gupdate1c9863d70ebe103);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2008-11-27 21504]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2008-7-10 30208]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-27 21504]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-1-5 36928]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-7-11 5036]

=============== Created Last 30 ================

2009-12-26 23:17:33 0 d-----w- c:\program files\TrendMicro
2009-12-26 05:00:41 0 d-----w- c:\program files\Bethesda Softworks
2009-12-26 04:42:39 0 d-----w- c:\program files\DAEMON Tools Lite
2009-12-26 03:25:11 0 d-----w- c:\programdata\AIM
2009-12-26 03:25:09 0 d-----w- c:\program files\common files\Software Update Utility
2009-12-26 03:25:09 0 d-----w- c:\program files\AIM
2009-12-25 17:12:24 0 d-----w- c:\program files\Celestia
2009-12-25 16:40:15 0 d-----w- c:\windows\LastGood.Tmp
2009-12-25 15:28:30 327168 ----a-w- c:\windows\system32\cutil32.dll
2009-12-25 15:28:30 285696 ----a-w- c:\windows\system32\cudart.dll
2009-12-25 15:28:30 27136 ----a-w- c:\windows\system32\PCWizard.cpl
2009-12-25 15:28:30 0 d-----w- c:\windows\Java
2009-12-25 14:13:48 0 d-----w- c:\program files\VirtualMoon
2009-12-25 14:13:08 608448 ----a-w- c:\windows\system32\Comctl32.ocx
2009-12-25 14:13:08 103744 ----a-w- c:\windows\system32\MSComm32.ocx
2009-12-25 14:13:08 0 d-----w- c:\program files\Meade
2009-12-25 02:56:00 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-12-25 02:56:00 0 d-----w- c:\program files\CPUID
2009-12-24 23:11:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-24 23:11:33 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-24 23:11:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-20 00:44:23 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-11 05:11:02 64882 ----a-w- c:\windows\system32\NvwsApps.xml
2009-12-11 05:11:02 275132 ----a-w- c:\windows\system32\NvApps.xml
2009-12-11 05:11:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-12-11 05:11:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-12-11 05:11:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-12-11 05:11:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-30 01:50:13 176004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-28 05:48:30 0 d-----w- c:\programdata\FLEXnet
2009-11-28 05:35:56 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-28 05:25:11 0 d-----w- c:\program files\NavNet
2009-11-28 05:17:01 0 d-----w- c:\program files\Windows Portable Devices
2009-11-28 05:16:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-28 05:11:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 05:11:21 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-28 05:11:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-28 05:11:20 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-28 05:09:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-28 05:09:09 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-28 05:09:07 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-28 05:09:07 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-28 05:09:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-11-28 05:09:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-28 05:09:00 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-11-28 05:09:00 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-11-28 05:09:00 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-11-28 05:09:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-11-28 05:07:53 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-28 05:04:29 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-28 05:04:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-28 05:04:29 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-28 05:04:15 0 d-----w- c:\program files\MSXML 4.0
2009-11-28 04:52:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 04:52:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 04:52:14 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-26 23:07:31 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-26 23:07:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-26 16:07:31 35085 ----a-w- c:\programdata\nvModes.dat
2009-12-26 04:42:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-25 16:40:12 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-20 00:43:11 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 19:57:02 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 05:16:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 20:13:41 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 04:41:36 170600 ----a-w- c:\windows\system32\nvcod171.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-27 08:59:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-12 01:23:51 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-12-15 04:12:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008121420081215\index.dat
2008-12-26 20:37:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008122620081227\index.dat
2009-03-12 19:55:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030220090309\index.dat
2009-03-12 21:13:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031220090313\index.dat
2009-03-28 21:13:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032820090329\index.dat
2009-03-06 22:23:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat
2009-07-19 19:30:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-19 19:30:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-19 19:30:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-05-03 20:29:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:34:57.33 ===============

Edited by Orange Blossom, 26 December 2009 - 08:14 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 PM

Posted 26 December 2009 - 08:36 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 December 2009 - 09:28 PM

hey, thanks for the response. here's the log from OTL

OTL logfile created on: 12/26/2009 9:22:05 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Brandon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 352.27 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VMT1000
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 21:21:15 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe
PRC - [2009/12/24 18:01:53 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 11:04:18 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/11 00:11:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/12/10 23:03:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/01 12:38:47 | 03,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/07 01:47:34 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/08/17 22:59:28 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/08/06 01:19:56 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/11 09:57:09 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 11:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/27 16:04:38 | 00,850,432 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/02/27 16:04:34 | 00,278,016 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009/02/27 15:42:20 | 00,098,407 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/02/27 15:40:48 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009/02/15 13:50:55 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/07 15:20:18 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009/01/06 14:52:02 | 00,174,624 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/19 02:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/06/20 03:56:16 | 04,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 21:21:15 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 11:04:18 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/11 00:11:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/12/10 23:03:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/28 00:35:56 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/07 01:47:34 | 00,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 01:19:56 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/11 09:57:09 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/27 16:04:38 | 00,850,432 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/02/27 15:42:20 | 00,098,407 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/02/27 15:40:48 | 00,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2009/02/03 15:24:38 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9863d70ebe103) Google Update Service (gupdate1c9863d70ebe103)
SRV - [2009/01/07 15:20:18 | 00,121,376 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/01/06 14:52:02 | 00,174,624 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/10 14:44:18 | 00,411,136 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2008/01/19 02:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\S-1-5-21-3820787255-212179727-3025591179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\S-1-5-21-3820787255-212179727-3025591179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/15 13:51:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/24 18:01:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/24 18:01:54 | 00,000,000 | ---D | M]

[2009/07/28 21:54:41 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2009/02/15 19:31:02 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2009/12/26 14:49:44 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions
[2009/12/24 18:54:16 | 00,000,000 | ---D | M] (Tinseltown) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2009/11/14 23:12:13 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/12/26 14:49:38 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/14 23:12:13 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/24 18:54:43 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/14 22:28:52 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\nosquint@urandom.ca
[2009/12/24 18:54:20 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/24 18:54:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\drvadm87.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/03/05 16:02:35 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e}
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/05 16:02:35 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\autofillForms@blueimp.net
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\elemhidehelper@adblockplus.org
[2009/03/05 16:02:34 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\xb6dr6yd.default\extensions\secureLogin@blueimp.net
[2009/12/26 14:49:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/27 16:42:25 | 00,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27}
[2009/02/14 19:52:00 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [CmUsbSound] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3820787255-212179727-3025591179-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon.php?pl...wserVersion=6.0 (SeeTooControl Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/28 12:26:34 | 01,229,452 | R--- | M] () - D:\autorun.bmp -- [ UDF ]
O32 - AutoRun File - [2003/10/22 17:57:26 | 00,023,040 | R--- | M] (Stardust Software) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2003/10/22 17:57:26 | 00,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/05/26 18:11:06 | 00,001,173 | R--- | M] () - D:\AUTORUN.INI -- [ UDF ]
O32 - AutoRun File - [2003/10/22 17:57:28 | 00,137,066 | R--- | M] () - D:\AUTORUN.WAV -- [ UDF ]
O33 - MountPoints2\{aa1e5f05-bcbd-11dd-9e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa1e5f05-bcbd-11dd-9e97-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2003/10/22 17:57:26 | 00,023,040 | R--- | M] (Stardust Software)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/11/27 03:54:41 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 18:17:33 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/26 00:40:38 | 00,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Fallout3
[2009/12/26 00:01:39 | 00,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\InstallShield Installation Information
[2009/12/26 00:00:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2009/12/25 23:42:39 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/12/25 22:25:11 | 00,000,000 | ---D | C] -- C:\ProgramData\AIM
[2009/12/25 22:25:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/12/25 22:25:09 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/12/25 12:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Celestia
[2009/12/25 11:40:15 | 00,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2009/12/25 11:39:15 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2009/12/25 10:28:30 | 00,027,136 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl
[2009/12/25 10:28:30 | 00,000,000 | ---D | C] -- C:\Windows\Java
[2009/12/25 09:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualMoon
[2009/12/25 09:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Meade
[2009/12/24 21:56:00 | 00,012,672 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\cpuz132_x32.sys
[2009/12/24 21:56:00 | 00,000,000 | ---D | C] -- C:\Program Files\CPUID
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/26 21:22:25 | 04,718,592 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2009/12/26 21:20:46 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{428B19BD-2503-40F4-8DF6-AAB71A084822}.job
[2009/12/26 21:07:11 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 21:07:11 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 21:01:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/26 18:41:13 | 00,002,521 | ---- | M] () -- C:\Users\Brandon\Desktop\HiJackThis.lnk
[2009/12/26 17:52:39 | 00,001,057 | ---- | M] () -- C:\Users\Brandon\Desktop\Revo Uninstaller.lnk
[2009/12/26 13:58:43 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/26 12:49:14 | 00,000,162 | -H-- | M] () -- C:\Users\Brandon\Documents\~$rnell Engineer Essay.docx
[2009/12/26 11:07:31 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/26 11:07:31 | 00,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/26 11:07:16 | 00,001,082 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2009/12/26 11:07:08 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 11:07:08 | 00,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2009/12/26 11:07:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/26 11:07:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/26 03:00:33 | 04,139,327 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\IconCache.db
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At4.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At3.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At2.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At1.job
[2009/12/26 00:40:31 | 00,001,008 | ---- | M] () -- C:\Users\Brandon\Desktop\Fallout3.lnk
[2009/12/25 23:42:57 | 00,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/25 23:42:57 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/12/25 23:23:43 | 00,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2009/12/25 23:16:54 | 00,000,624 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2009/12/25 23:03:16 | 00,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2009/12/25 22:28:07 | 00,001,100 | -H-- | M] () -- C:\IPH.PH
[2009/12/25 22:25:11 | 00,001,696 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/12/25 17:31:36 | 00,010,879 | ---- | M] () -- C:\Users\Brandon\Documents\Cornell Engineer Essay.docx
[2009/12/25 12:12:35 | 00,000,804 | ---- | M] () -- C:\Users\Brandon\Desktop\Celestia.lnk
[2009/12/25 10:28:30 | 00,000,877 | ---- | M] () -- C:\Users\Brandon\Desktop\PC Wizard 2010.lnk
[2009/12/25 09:13:51 | 00,000,840 | ---- | M] () -- C:\Users\Brandon\Desktop\Virtual Moon Atlas.lnk
[2009/12/25 09:13:28 | 00,001,927 | ---- | M] () -- C:\Users\Brandon\Desktop\Autostar Suite.lnk
[2009/12/24 22:08:19 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/24 22:08:19 | 00,636,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/24 22:08:19 | 00,117,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/24 21:56:01 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2009/12/19 19:43:11 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 18:17:33 | 00,002,521 | ---- | C] () -- C:\Users\Brandon\Desktop\HiJackThis.lnk
[2009/12/26 12:49:14 | 00,000,162 | -H-- | C] () -- C:\Users\Brandon\Documents\~$rnell Engineer Essay.docx
[2009/12/26 01:59:49 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At9.job
[2009/12/26 01:59:49 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At8.job
[2009/12/26 01:59:48 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At7.job
[2009/12/26 01:59:48 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At6.job
[2009/12/26 01:59:48 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At5.job
[2009/12/26 01:59:48 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At4.job
[2009/12/26 01:59:47 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At3.job
[2009/12/26 01:59:47 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At2.job
[2009/12/26 01:59:46 | 00,000,356 | ---- | C] () -- C:\Windows\tasks\At1.job
[2009/12/26 00:40:31 | 00,001,008 | ---- | C] () -- C:\Users\Brandon\Desktop\Fallout3.lnk
[2009/12/25 23:42:57 | 00,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/12/25 23:03:16 | 00,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2009/12/25 22:25:11 | 00,001,696 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2009/12/25 16:02:39 | 00,010,879 | ---- | C] () -- C:\Users\Brandon\Documents\Cornell Engineer Essay.docx
[2009/12/25 12:12:35 | 00,000,804 | ---- | C] () -- C:\Users\Brandon\Desktop\Celestia.lnk
[2009/12/25 11:39:15 | 00,007,436 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2009/12/25 10:28:30 | 00,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2009/12/25 10:28:30 | 00,000,877 | ---- | C] () -- C:\Users\Brandon\Desktop\PC Wizard 2010.lnk
[2009/12/25 09:13:51 | 00,000,840 | ---- | C] () -- C:\Users\Brandon\Desktop\Virtual Moon Atlas.lnk
[2009/12/25 09:13:28 | 00,001,927 | ---- | C] () -- C:\Users\Brandon\Desktop\Autostar Suite.lnk
[2009/12/24 21:56:01 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2009/11/14 22:52:07 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 01:46:36 | 00,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 00,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/28 00:48:25 | 00,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/08/13 14:53:54 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/07/11 13:27:07 | 00,143,360 | ---- | C] () -- C:\Windows\System32\Ffpage.dll
[2009/07/11 13:27:07 | 00,005,036 | ---- | C] () -- C:\Windows\System32\drivers\Samhid.sys
[2009/07/07 14:24:11 | 00,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/06/13 00:07:42 | 00,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/06/12 16:38:40 | 00,032,768 | ---- | C] () -- C:\Windows\System32\cmdrvrmu.dll
[2009/06/12 14:28:52 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/12 14:28:22 | 00,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/29 20:56:33 | 00,002,307 | R--- | C] () -- C:\Windows\Cmudau.ini
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/03 17:05:39 | 00,000,608 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/04/03 16:59:27 | 00,000,239 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/04/03 16:59:18 | 00,005,982 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/04/03 16:59:12 | 00,000,098 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/04/03 16:56:32 | 00,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/03/06 19:18:07 | 00,004,126 | ---- | C] () -- C:\Windows\System32\fretsonfire.ini
[2009/03/06 19:17:46 | 01,867,776 | ---- | C] () -- C:\Windows\System32\python24.dll
[2009/03/01 16:20:59 | 00,026,361 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\UserTile.png
[2009/03/01 02:15:35 | 00,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/02/28 10:11:00 | 00,000,076 | ---- | C] () -- C:\Windows\System32\xcchit32.ini
[2009/02/28 10:10:23 | 00,000,561 | ---- | C] () -- C:\Windows\xccwinsys.ini
[2009/02/27 16:04:46 | 00,001,082 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2009/02/27 15:45:16 | 00,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2009/02/27 15:44:50 | 00,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2009/02/27 15:44:28 | 00,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2009/02/27 15:44:10 | 00,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2009/02/27 15:41:38 | 00,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2009/02/27 15:41:02 | 00,122,976 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2009/02/27 15:40:50 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2009/02/18 01:58:15 | 00,001,356 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat
[2009/02/16 14:03:48 | 00,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2009/02/16 14:03:48 | 00,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2009/01/10 18:26:57 | 00,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2009/01/04 02:34:21 | 00,028,672 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 15:59:22 | 00,022,328 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\PnkBstrK.sys
[2008/12/25 14:26:11 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/14 20:48:47 | 00,000,095 | ---- | C] () -- C:\Users\Brandon\AppData\Local\fusioncache.dat
[2008/12/07 11:44:54 | 00,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/10/28 17:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/22 14:30:30 | 00,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/03/07 12:54:22 | 17,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/03/04 21:52:34 | 00,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/10/31 12:39:54 | 00,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 16:58:10 | 00,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/10 08:08:50 | 00,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/05/13 20:24:34 | 00,000,000 | -HSD | M] -- C:\Users\Brandon\AppData\Roaming\.#
[2008/12/13 22:02:46 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\acccore
[2009/04/11 14:08:35 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Acreon
[2009/08/31 18:16:29 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Audacity
[2009/02/16 11:57:59 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\COWON
[2008/12/25 15:01:40 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\DAEMON Tools
[2009/07/15 11:59:02 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\DAEMON Tools Lite
[2008/12/25 15:01:40 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\DAEMON Tools Pro
[2009/08/22 00:49:00 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Deusty
[2009/08/17 20:01:27 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Deusty(100)
[2009/02/21 17:12:05 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\dyyno-vlc
[2009/03/13 19:17:24 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FOG Downloader
[2008/12/12 21:44:48 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Foxit
[2009/03/14 00:12:41 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\fretsonfire
[2009/05/30 20:20:53 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FuskerClient
[2009/03/14 21:54:20 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\GameTracker
[2009/03/29 16:11:50 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Highresolution Enterprises
[2009/07/07 14:24:11 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\HotSync
[2009/03/01 02:15:38 | 00,000,000 | -H-D | M] -- C:\Users\Brandon\AppData\Roaming\ijjigame
[2009/05/24 20:12:16 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\IObit
[2009/11/15 11:48:59 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Leadertech
[2009/11/15 10:26:58 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\MP3Rocket
[2009/06/01 14:54:01 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\NavNet Solutions
[2009/08/21 13:27:19 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\ooVoo Details
[2009/01/04 18:08:24 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\OpenOffice.org
[2009/02/20 14:12:41 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Orca Profiles
[2009/06/13 00:21:13 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\PACE Anti-Piracy
[2009/03/01 16:20:59 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\PeerNetworking
[2009/02/15 19:30:55 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Songbird2
[2009/02/02 15:27:53 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Stellarium
[2009/11/29 19:53:52 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\SystemRequirementsLab
[2009/11/29 19:23:44 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\TeamViewer
[2009/12/26 18:02:51 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\uTorrent
[2009/08/28 00:50:37 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Webcammax
[2008/12/26 01:04:44 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\WinBatch
[2009/01/06 00:43:32 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\X-Chat 2
[2009/01/05 18:16:17 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\XLink Kai
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2009/12/26 11:07:08 | 00,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2009/12/26 03:00:45 | 00,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/29 22:16:44 | 00,000,388 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2009/12/26 21:20:46 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{428B19BD-2503-40F4-8DF6-AAB71A084822}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C980DA7D
@Alternate Data Stream - 1280 bytes -> C:\ProgramData\Microsoft:rtAWr9Mcibdx4lFrdfgIrdN
@Alternate Data Stream - 1273 bytes -> C:\ProgramData\Microsoft:KDGjq9fFJiU5pX8yMQmNaS
@Alternate Data Stream - 1253 bytes -> C:\Program Files\Common Files\System:bPAXUCNKRlDHOw96G4yc3a8n
@Alternate Data Stream - 1233 bytes -> C:\ProgramData\Microsoft:Keioiyewasy11oQ2Bi9d
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >

#4 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 December 2009 - 09:30 PM

And here is the log from extras.txt

OTL Extras logfile created on: 12/26/2009 9:22:05 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Brandon\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 352.27 Gb Free Space | 75.63% Space Free | Partition Type: NTFS
Drive D: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VMT1000
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3820787255-212179727-3025591179-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3820787255-212179727-3025591179-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03117C21-77CD-411E-B5BE-8DF21B61AAAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{049879EA-C44D-4EF0-8CD6-83032C089696}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0734145A-56CA-47B2-B3E4-5B1CAE3634C9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0806EE17-DE2D-4FD6-A910-0F07A5F4EFFE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{08EB6662-1AA4-4BED-9E27-35273CC7C860}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0B7C22C8-C213-49D0-B8C6-63A780890FFE}" = lport=1900 | protocol=17 | dir=in | name=xbox 2 |
"{0D8397EE-426B-478D-80E1-25CE4C86F3E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13794335-0412-4125-A742-D4610C0BD476}" = rport=10244 | protocol=6 | dir=out | app=system |
"{14AA488E-4E54-494A-87E9-D62370012945}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A838E91-0E8E-47CD-9C48-906158B4C9DA}" = lport=31310 | protocol=17 | dir=in | name=31310 |
"{25670F94-9096-45B3-B16B-A9F10BC9D77C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BAD3E52-F673-40F1-9912-3341AEBED6D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C700C36-162C-4CC4-B7FF-14DF60B02DE7}" = lport=3724 | protocol=6 | dir=in | name=3724 |
"{2C9670B0-4D53-43D0-8E36-DE0CBEB784AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B6A916E-71F2-4372-9467-F4FC82B2E493}" = lport=2869 | protocol=6 | dir=in | name=xbox |
"{3B9DD7F9-226F-4459-AF2A-A48AC02EB3DA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{44F756A6-4B7E-4F79-A813-5C5640003282}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{469293B6-81A9-49EA-877E-3BDFABB59D42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4772E562-1C4D-4436-A4CC-5FA693BAAE6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4C52D981-403C-40D2-8761-371BB6DF72D5}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{54230E25-3B7D-4A9D-8535-E02D90DC28BC}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{65A9A8B2-397A-43D8-9285-EB5FA1B1E779}" = lport=3000 | protocol=17 | dir=in | name=xlink |
"{71A42B2F-F3F9-4003-9905-A1DCB0B8F60B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75168263-84DF-401A-BDEB-F9A0CCF3F155}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FB3E1E7-AC18-45BF-A055-C479E42C2ADE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88D03E51-35FC-4772-823D-E81B2D933FCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A2448BD-5BD3-4898-8631-69A775531DE5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8CE5667A-D297-4A4C-AD74-81C99A2B9C79}" = lport=6881 | protocol=6 | dir=in | name=6881 |
"{9198E7CF-EDCC-4AE1-B0F4-D867C3433465}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98D2BEC6-D001-4239-B76B-347E5AB13A45}" = lport=31310 | protocol=6 | dir=in | name=31310 |
"{9B914C9F-4855-47FA-9BF9-C5F5F28BEEE2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A3A947AF-0470-4A63-BCEA-2F622277686D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3B16229-6F3E-44CC-B6FB-AC84CE0D3D01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A484B489-53C8-44D4-B703-900C2EBDB0BB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A48B0FFA-E3E5-4F94-BB3C-4E3D3B8C7341}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5E3DE0A-DFAF-48C0-BB82-942CF87354F2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AC588570-66B6-456D-B5A5-31C302E72838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF0E959D-0FB7-4D5C-A584-73FEEE5C04B4}" = lport=31310 | protocol=6 | dir=in | name=31310 |
"{B0CDC068-E81B-4750-8C10-2FB5DC48677A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B158D3DE-8869-4B0E-AD29-03B4378AC789}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1959C42-2382-46D1-BC2F-57B0ECFCDB39}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B28F9B7F-7AC5-4A9E-AC62-7077013C5711}" = lport=443 | protocol=6 | dir=in | name=aim |
"{B6AE468A-28C5-48EB-9F7C-A27BF38E5AFC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{B9206725-4027-45BE-84BE-C69FAB5DE300}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B97D94FC-2A54-4843-BF07-6EBED4C1DE59}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA23728A-7F9C-40DA-A5FD-1D905BFFCE54}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC56AC84-92D2-4789-B910-547B4D7A1E47}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{BFA2BF4B-C986-49B2-9CD0-9412DD7646EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C79733EC-9B7C-4C85-9F78-68E2269C94AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8656E9E-DD2A-48CF-8D3E-DAE75E7496B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB198A0F-2F4A-4A8A-BCCB-C9B56851C32D}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{CCEAA732-7360-403E-B977-134DDEC6AE04}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CF0D316E-ABDF-461B-91FD-2AFD8DFD9FEA}" = lport=1513 | protocol=17 | dir=in | name=1513 |
"{D8CBD947-BD2B-453C-B81D-B762DA304CB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEBC9D50-05F2-40CF-BADD-90CFB9FEA4D6}" = lport=6999 | protocol=6 | dir=in | name=6999 |
"{E9C3D267-4178-46E9-92F8-217CB6050F9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA6B00F3-A585-4862-849F-7712FD7805F5}" = lport=6881 | protocol=6 | dir=in | name=6881 |
"{F60A512C-AD0D-4DDB-B117-8E88A14B8D42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD1EEC02-1E57-4B71-8131-D4F3C43B11AB}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A6D98F-88BD-4E7E-BF3D-87BCE30310D6}" = protocol=17 | dir=in | app=c:\program files\ccfile\ccfile.exe |
"{05A948E0-36F6-4286-875B-9008E6D9F43B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{05B7C971-56BD-4516-A041-90303B91B487}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{06D5A0B3-1111-4453-BAE2-E49B2CA1ADBA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0B01CA49-A4A1-4239-986F-03CAFF6423A6}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0C2217B3-C714-4A0F-B6F8-758E3E710082}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
"{0C5A986B-3F91-4B15-B41B-DE09EB9F31C8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"{0DF7E39C-872B-4612-B051-26DB26D2E5E9}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{10585E02-C54D-4FA2-A7A7-3C46DCCDB7AF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{108EE499-663E-4476-8307-3569D3B8623F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{11C2DD0C-B279-4F03-86D7-04B5EE9FFD98}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{11D49CB5-A9E0-4FF1-847C-EEE0B3249812}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{11EC38A7-B4E6-4B5B-BBB2-2CE9A3317815}" = protocol=6 | dir=in | app=c:\users\brandon\appdata\local\temp\7zs8130.tmp\symnrt.exe |
"{13E51DD8-2DF4-4866-8460-A83D4052F25D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{17418635-4C66-4851-8404-8B244990CDAC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19639A3C-A2E8-4980-BAF0-502C73D40DEC}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
"{1D434614-0174-4FB2-A36C-D60F481F7072}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{2504807B-37B5-4A43-8B58-D5C4E45EE87F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{255856E6-96FD-43AC-B5B4-E36969F22F66}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{266BF027-9744-42D9-B7AF-BE700AA1A978}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{2812CC49-2D67-431C-A558-733FE5C36E16}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-enus-win-update-downloader.exe |
"{298BC48C-D6DF-451A-A0A2-2FCF20C9D7BE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2D712D4E-80BB-4303-B6BC-6CF1FED855E1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2F888C24-3152-496C-9B77-6A8A89D1A85A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FFD2123-9825-406C-820C-A3D35CEF5ECC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3178ED97-5800-453F-96D7-19F76982A323}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3ADD93BD-8A5E-4B50-9CCD-EFA6EEFFD1E0}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{3CA263CB-BC88-4B44-8F32-2F51A7515EC2}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{3F5D0657-63F0-473D-BF2A-BB06DA88596B}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{40797A7D-03F0-4179-B38A-020077196B01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4311F3C5-59EC-4A7B-A5ED-28A79EC2EA41}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{43C7FB3B-EB75-4E01-97E5-5B737B7184AB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{47A45765-E9CD-473C-9B46-104A9F3AA41D}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{48F7E76E-2B7D-4B9A-87B2-D4913440D33B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{496A8785-0B10-4507-9837-CC201634B7DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B61FFD8-8C69-4729-BE8B-DECE2B02DC55}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4D735EBC-80E0-49F7-82D1-630529ECAFD9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{529E9F43-685F-4236-BD42-509DE46B2BD0}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{53620089-0AD4-43B6-AA39-75DB6A3D0E1C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{56CB56E1-C623-434C-B799-7CCC73C4871B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C5CAD2C-AF98-46DF-A702-B49ED07ADC4B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5D5FBA08-3D49-425A-B14E-9DED11A5C10B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5DA6D3DB-CAE3-49F6-86A9-4F172CA7D7EA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{62FD1150-2ED9-4EB5-80DA-BE57D19FB1AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{674EB817-63D1-4F09-92EF-BA3B6E522053}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{67D6A356-1C6C-4BB2-B513-D4E9803C149E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71F86A3B-C943-4AB1-AE38-7B8E8D403693}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{78301384-329C-40CC-948D-647EF381B62C}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{798BAFB5-92E4-42C6-940C-5A063717B704}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7A22608D-5FCB-4610-94B8-E6DB43FD4D10}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{7D1CA9C0-264C-4141-87D7-1924FB951820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DEA28AF-D915-4B00-A37E-1FF2E4C2679D}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{83B6F0E5-996B-4A0C-8D3F-742DA1F28C11}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{8950AAC2-F7F9-4BB3-8E5A-BC5D1E7A5848}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{8A1339F2-7852-47E9-9F26-FC29E02123BF}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{8B80F427-1D28-470B-9876-7AFF4A9357E7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8BAAE6FC-4911-471F-9D12-D4DA5D643076}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8CC6132A-1EC8-45C3-97CE-9B0799AD73FB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8DCEE0FA-D0FA-41DA-91F7-A3ABBB9198A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8ED37654-9ADA-4DAC-91E4-C99B016F95AD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{91C40402-466A-4BF5-B9B9-D23AD833CA43}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9355D1EA-C5E8-450F-9FCF-3B37B4C8FE29}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{94162C21-5368-49CA-A68C-2011B273C8DC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{95B7D23B-2538-49EC-BCA6-2E04BC8E6F6B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{960930BF-01DC-470F-997A-1E1664457131}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99E3FE65-6559-480F-B703-A5600C4AA000}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9BD99339-A7C2-4D33-8741-0DEF74EF7C8D}" = protocol=6 | dir=in | app=c:\program files\ccfile\ccfile.exe |
"{9C7D3C57-6C70-476F-8117-79940308797B}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{9F1F358B-F361-40AB-9911-C99E68BADA5A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A20DBAD1-0F08-4CF7-83C6-F20F3A0B10B3}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{AA85BEAF-B51E-4C1B-BCDC-D11C2829822B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-engb-win-update-downloader.exe |
"{AC69B2CC-2DAB-4152-AC74-CE300BACA4B2}" = protocol=6 | dir=out | app=system |
"{ADE8E165-3D88-4EFA-94D5-ABB9EE15F08E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B20F4A34-78C5-45A5-941D-97ECFB457E83}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{B6412111-7B49-43F2-8062-2ED73C006370}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B98875DC-F827-4039-8AE6-40AFF45BCB32}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{B9F05D79-1A7C-46F4-A456-0F54FE4110A9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BB278C6C-F014-461A-95D0-41673BC9B1B7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{BBDE3E08-F262-4102-B561-511A77EC6ED3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBF788D8-D97E-42E5-8FF0-C881E6AD6C31}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{BED03595-33DF-42BA-A42C-D2E4D18B4291}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C3F8E692-3E1F-4F23-BC01-F05D55F06A0A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CAD7758C-DD9A-46D5-B502-9CED42CE29FD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CB07304E-F8DB-4CF0-B94B-938B42CF91FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF8A84E2-5BC5-46BA-B5C0-41772D4D8CFF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D7C056C1-D891-4AAF-BB59-ED570A61D6A8}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{D8E06B1C-E510-486F-890B-F7F78156F361}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{D91A3DC4-9218-4A2F-BC59-ABB312740042}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DD72CF49-50AF-411F-9E73-753AB666BEE8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DDE0B7A0-07A1-4F7A-A683-1A863EDCE8B7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{DE04D552-5A92-4547-BC5A-9D0B361E8A49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DF4D56E8-1375-44AA-BB74-29B9442C242B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E006EDF7-F90D-477D-993A-E644C3D862D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E16AB298-5AE4-46C2-97E9-605717E8FD49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E287ADE4-DBF8-447A-8EC6-A4C503DD300E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe |
"{E6AEA130-739B-40CB-B443-15D03FE6A10B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E7D73DE3-93C3-4A19-A9AD-AF351B71079E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{E9A5FE30-20C3-486B-90DC-7A68F8C7098A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{EA03F2E3-4DB9-4B31-80AE-B67B90F79CA5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EB16E0D0-E2FA-4B6C-A125-C91D152A99B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EBA7F9A9-D9BD-4703-A661-6DBFB0EBFFC7}" = protocol=17 | dir=in | app=c:\users\brandon\appdata\local\temp\7zs8130.tmp\symnrt.exe |
"{EC05068C-F937-4C41-859F-9E60F1C90347}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ED8C504A-9852-40F6-80BD-020ED37F6906}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EE0D5EA1-744F-41A0-B648-6EA64486D5FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2AB45DA-29C7-4950-B146-B5F2E8908F17}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{F4B98458-8A56-4703-8B2F-C224BB512EEF}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{F7944C70-CD7D-49A7-B0F0-AE99E075A055}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FA1279B5-F655-4E50-85B2-A65CF5B16AD4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FB9D7A88-BF9D-4AEA-ACF1-D37080F6A097}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{FE6C2F8A-10FD-4541-9723-50B932AB3EC1}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FF4D6E7F-AC99-4B41-B0AF-F3DB991256DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFFE4D7B-06BC-4BCB-84ED-BC93E79F4843}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{0392BB1B-AB78-4C90-88F1-23137E2AA4C1}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"TCP Query User{10B16E8D-BECD-4630-83CE-BC9DBC4C5F74}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{11D348E1-B871-4F8A-8102-C5CF55BF4E07}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{15164FC9-3A81-4B4B-B488-7531716B7DBD}C:\program files\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files\left4dead\hl2.exe |
"TCP Query User{203D6894-3457-4E02-9324-83A778FC96A2}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{260B2DB5-33B7-4FD5-AE10-D3317B44421E}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"TCP Query User{26B9C10D-91AE-409C-A5AC-04CA594405D8}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{271C160D-51AD-4EE4-8D0C-927B3A7E65E9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{35726A54-EFD4-4524-A260-F9B47D6959A9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{3AAC32A6-294C-43B7-B968-CB9D07EFBB29}C:\program files\java\jre6\launch4j-tmp\atunes.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\atunes.exe |
"TCP Query User{3C250968-D6CE-443D-9F77-2C3157218393}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{3F62BA0B-0DD8-4684-86B2-B548268F6851}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{44B10534-2811-4791-9EF7-F30131F6F8EF}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{455729F4-FA58-49CF-AC58-A7C98A82D1F2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4B35C4A8-DB3E-422B-A633-20998EDA3CDA}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"TCP Query User{4BE6752B-A5E6-484D-A9E6-1BFA64EBA62F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{4D894A43-1DED-4F65-A632-091AF37944AB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{549D50CE-218E-443A-929E-25D051AC0F0B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{61A0A76D-F15B-4EA6-AB63-2788C8D25E45}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6DD5883C-DB6F-4068-937C-19194E987B5C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{710CB021-47BC-4CE8-B077-B5E5ED374911}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{72E6E9ED-429F-4222-B6F5-A9AC8B6E3D8E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8C475BC4-9FD0-4D99-95CB-F1281DDF8BCF}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{92CEE464-B5A7-4BDE-BE8A-8C4993E3E150}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{958DEBE2-B7D5-4841-B72B-615154EC439F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{A5129C85-5288-4928-87AE-9C8C6EC95857}C:\users\public\games\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\public\games\left 4 dead\left4dead.exe |
"TCP Query User{A55A4422-B1F1-4C84-88AC-ED488D5BF43D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AF592594-FA22-4CAE-B603-8FCA0E4EF85D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AFDFBD41-E407-4B16-8ECB-ED03A720F0D8}C:\program files\orca browser\orca.exe" = protocol=6 | dir=in | app=c:\program files\orca browser\orca.exe |
"TCP Query User{B0972615-B809-422C-9934-785890B0CD73}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B2B9DF88-6075-47CB-A6FD-C009D5925EAD}C:\program files\microsoft games\halo ce\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo ce\halo.exe |
"TCP Query User{B4ABF143-03CD-4132-AA15-7C88CBBD04F7}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{BEB5D20D-3F2A-454A-A058-CEA82D655849}C:\program files\microsoft games\haloce.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\haloce.exe |
"TCP Query User{C32350DF-D2F8-448A-91D3-74B4E29EEA6D}C:\users\brandon\appdata\local\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\brandon\appdata\local\dyyno receiver\dppm.exe |
"TCP Query User{CD6A8124-6FCC-4D8E-BB72-ADE0F6DF5080}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{E1C97536-C345-4D09-A52D-7704D0E88FE0}C:\program files\microsoft games\halo ce\haloce.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo ce\haloce.exe |
"TCP Query User{E77ABF19-1D80-4E7F-B7E5-4FF49003A1B1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E799B7C7-2491-4CB1-B69B-2185FA57A9E0}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{E8DDCE3F-FDA1-42A1-B6D0-7EB5C7499FDD}C:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"TCP Query User{E9D121E1-CE05-46CF-8227-BD7DCB3E839D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EC71FF5E-3D48-4B14-B1DE-8A116E914100}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{F8D7E20F-9AA8-4282-A8F6-5AAFE6A91E16}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{0594BBF4-2429-4292-A845-B28ED05A3C24}C:\users\public\games\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\public\games\left 4 dead\left4dead.exe |
"UDP Query User{0DF59AB1-84D5-48F4-A6E2-37719C800E94}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{0E10FCC7-57FD-435A-974B-BA167AB550CF}C:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\patchget.dat |
"UDP Query User{137D7453-18A4-48F2-B5F6-7B84BB5CA63A}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{17F4AE90-BB80-4B9B-AA0A-FCEA99976634}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{1F83D9D5-8710-4E4D-B153-12384E0DA96B}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{226F686C-64A3-4D4B-8495-7509AF4A6550}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{298837A3-CEFB-439F-B766-86822E8ECC47}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{2E9CB228-9CE3-41C6-B02A-19AC213D6FBD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{3064C9B6-8C60-4458-8ECC-2D471312A29B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{357B9E81-58ED-4794-ACB3-2C3663BD17AA}C:\program files\orca browser\orca.exe" = protocol=17 | dir=in | app=c:\program files\orca browser\orca.exe |
"UDP Query User{369D0883-8218-41D3-AA30-8708BFA7FF6A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3D0C9BA1-146F-4569-9B45-7AC9C4A19177}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{44CC080C-C5C9-46C6-8A51-2CF64CFD5114}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{47E8C64A-4108-49DA-AF2C-82F85F5A9220}C:\program files\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files\left4dead\hl2.exe |
"UDP Query User{4BB30599-DA77-49E7-98C2-964DBABAAA9D}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{5682D998-4F8F-4FBB-B3F4-DC0B81A5691D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{5E803476-5A49-4AA5-817C-6A7AF190F292}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{67FA0671-F1CA-41AD-8997-72DAC5F7ED02}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{6E567BCA-135F-40F0-A79D-8E350635F5DB}C:\users\brandon\appdata\local\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\brandon\appdata\local\dyyno receiver\dppm.exe |
"UDP Query User{83F6C58A-D00B-420D-9F71-023C9F440C43}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8CC920B5-DC67-4881-A380-ED6E7CB41882}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9037FE7D-4F6A-4F98-A4C4-6EEC9B12BD87}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{95DAA334-2043-4E84-A406-3DD49447BCBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A870B77F-2A7D-4B3E-B992-69346B9AD9E9}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{A8D9D3F6-BE95-4288-A445-A7CCAA9850D3}C:\program files\microsoft games\haloce.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\haloce.exe |
"UDP Query User{ACB6B333-9DC0-4401-9743-135D555F549F}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{C6FE26AA-CE8B-4CD7-B467-0EEDAD34561D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{C7A4261E-8A8E-4D5A-8FD5-927A91E26D75}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{CA784DA8-8719-43E1-B42F-D98144D00909}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D5C73E90-05FD-4117-AC9F-441ECA1AB5C2}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe |
"UDP Query User{D7BF7571-ED50-415E-A98B-E70623348095}C:\program files\microsoft games\halo ce\haloce.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo ce\haloce.exe |
"UDP Query User{DCE168F7-F08A-465D-90C5-560BD0B95BC5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DEA8B62A-BD9C-494A-9FB2-6F36D81D37D3}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{DF3AE1EA-2819-4DC0-9AF7-8D8D56B6846F}C:\program files\java\jre6\launch4j-tmp\atunes.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\atunes.exe |
"UDP Query User{E160212A-5DE0-4C9E-A5B6-0448B572504B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{E71839AA-E7C1-4E0E-8533-E08DE48EC133}C:\program files\microsoft games\halo ce\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo ce\halo.exe |
"UDP Query User{EA591B47-5FD2-425A-B4FF-A5D8453D11C4}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{EB52B2C4-B83F-449E-A9B9-A680B7BDF745}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{F8297C45-D87D-418F-8AEC-899B7A479E86}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{F8C9EF7E-F6B6-4CBB-BAAD-76F31B84E24D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{FED76823-8FE7-4F4B-98F8-067F1594475A}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3143DA02-D491-4C34-B7D2-0F9EA76486CB}" = RealWorld Icon Editor
"{4E79AC14-1F0A-4044-B069-126EDCD2308F}" = Vista Manager
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A90A9E-E537-11DE-811A-005056806466}" = Google Earth Plug-in
"{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}" = Wireless-B PCI Adapter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6783FB4-2E95-4ED0-8A32-1BF32821689F}" = AMD CPUInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11}" = Microsoft WorldWide Telescope
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.03
"Autostar Suite Astronomer Edition" = Autostar Suite Astronomer Edition
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Celestia_is1" = Celestia 1.6.0
"C-Media USB Sound" = C-Media USB Sound
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DtsFilter" = DTS+AC3 Filter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Frets on Fire" = Frets On Fire
"Game Booster_is1" = Game Booster
"GOM Player" = GOM Player
"Hardcore" = Hardcore
"iDump" = iDump (Build: 28)
"IL Download Manager" = IL Download Manager
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MP3 Rocket" = MP3 Rocket
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"NavNet_is1" = NavNet
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"NYKO AirFlo Controller v0.1" = NYKO AirFlo Controller v0.1
"PC Wizard 2010_is1" = PC Wizard 2010.1.92
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"RivaTuner" = RivaTuner v2.24
"Smart Defrag_is1" = Smart Defrag 1.20
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Toxic Biohazard" = Toxic Biohazard
"Virtual Moon Atlas" = Virtual Moon Atlas
"VLC media player" = VideoLAN VLC media player 0.8.6d
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3820787255-212179727-3025591179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 26 December 2009 - 09:57 PM

Here's the GMER log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 21:56:30
Windows 6.0.6002 Service Pack 2
Running: eex7ejzg.exe; Driver: C:\Users\Brandon\AppData\Local\Temp\fxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT 9D022FBC ZwCreateThread
SSDT 9D022FA8 ZwOpenProcess
SSDT 9D022FAD ZwOpenThread
SSDT 9D022FB7 ZwTerminateProcess

INT 0x51 ? 84C97BF8
INT 0x51 ? 84C97BF8
INT 0x51 ? 86E2ABF8
INT 0x51 ? 84C97BF8
INT 0x52 ? 84C97BF8
INT 0x53 ? 84C97BF8
INT 0x64 ? 86E2ABF8
INT 0x74 ? 86E2ABF8
INT 0xA4 ? 86E2ABF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 82AAF964 4 Bytes [BC, 2F, 02, 9D]
.text ntkrnlpa.exe!KeSetEvent + 3F1 82AAFB34 4 Bytes [A8, 2F, 02, 9D]
.text ntkrnlpa.exe!KeSetEvent + 40D 82AAFB50 4 Bytes [AD, 2F, 02, 9D]
.text ntkrnlpa.exe!KeSetEvent + 621 82AAFD64 4 Bytes [B7, 2F, 02, 9D]
? System32\Drivers\sphq.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 88B4641B 5 Bytes JMP 86E2A1D8
.text apsieqgr.SYS 8D9B9000 22 Bytes [82, 33, DC, 82, 6C, 32, DC, ...]
.text apsieqgr.SYS 8D9B9017 45 Bytes [00, 32, 27, 70, 80, 3D, 25, ...]
.text apsieqgr.SYS 8D9B9045 135 Bytes [9A, AA, 82, FD, 19, A4, 82, ...]
.text apsieqgr.SYS 8D9B90CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text apsieqgr.SYS 8D9B90DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2492] kernel32.dll!SetUnhandledExceptionFilter 76CCA84F 5 Bytes JMP 60C35436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806066D6] \SystemRoot\System32\Drivers\sphq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80606042] \SystemRoot\System32\Drivers\sphq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80606800] \SystemRoot\System32\Drivers\sphq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806060C0] \SystemRoot\System32\Drivers\sphq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060613E] \SystemRoot\System32\Drivers\sphq.sys
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortWritePortUchar] 838D9DFF
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8D9DD0
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\apsieqgr.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [004C2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [004C2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [004C2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [004C2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005E4822] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005E47B4] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[4264] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A231F8
Device \FileSystem\udfs \UdfsCdRom 8806B1F8
Device \FileSystem\udfs \UdfsDisk 8806B1F8
Device \Driver\volmgr \Device\VolMgrControl 84C991F8
Device \Driver\usbohci \Device\USBPDO-0 86D7A1F8
Device \Driver\usbehci \Device\USBPDO-1 86D781F8
Device \Driver\usbohci \Device\USBPDO-2 86D7A1F8
Device \Driver\PCI_PNP2227 \Device\00000060 sphq.sys
Device \Driver\usbehci \Device\USBPDO-3 86D781F8
Device \Driver\volmgr \Device\HarddiskVolume1 84C991F8
Device \Driver\volmgr \Device\HarddiskVolume2 84C991F8
Device \Driver\cdrom \Device\CdRom0 86D831F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C991F8
Device \Driver\cdrom \Device\CdRom1 86D831F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 85A221F8
Device \Driver\atapi \Device\Ide\IdePort0 85A221F8
Device \Driver\atapi \Device\Ide\IdePort1 85A221F8
Device \Driver\atapi \Device\Ide\IdePort2 85A221F8
Device \Driver\atapi \Device\Ide\IdePort3 85A221F8
Device \Driver\volmgr \Device\HarddiskVolume4 84C991F8
Device \Driver\USBSTOR \Device\00000080 87FB41F8
Device \Driver\volmgr \Device\HarddiskVolume5 84C991F8
Device \Driver\USBSTOR \Device\00000081 87FB41F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87E5A500
Device \Driver\Smb \Device\NetbiosSmb 87E251F8
Device \Driver\sptd \Device\1744694234 sphq.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86E6A1F8
Device \Driver\usbohci \Device\USBFDO-0 86D7A1F8
Device \Driver\usbehci \Device\USBFDO-1 86D781F8
Device \Driver\usbohci \Device\USBFDO-2 86D7A1F8
Device \Driver\usbehci \Device\USBFDO-3 86D781F8
Device \Driver\netbt \Device\NetBT_Tcpip_{3673CA95-BB22-477F-AE85-AAE3EF3415C8} 87E5A500
Device \Driver\netbt \Device\NetBT_Tcpip_{24C4357F-DCF0-4934-9688-EC52A9D4278A} 87E5A500
Device \Driver\USBSTOR \Device\0000007d 87FB41F8
Device \Driver\USBSTOR \Device\0000007e 87FB41F8
Device \Driver\USBSTOR \Device\0000007f 87FB41F8
Device \Driver\apsieqgr \Device\Scsi\apsieqgr1Port6Path0Target0Lun0 86E57500
Device \Driver\apsieqgr \Device\Scsi\apsieqgr1 86E57500
Device \FileSystem\cdfs \Cdfs A28E51F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00025b00bb1f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x33 0x70 0xFC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x95 0xAD 0xCD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x0F 0x7A 0x56 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6B 0x5F 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00bb1f
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x33 0x70 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x95 0xAD 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0xD4 0xF9 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6B 0x5F 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00025b00bb1f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0x33 0x70 0xFC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x95 0xAD 0xCD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1F 0xCC 0xAB 0xB0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x6B 0x5F 0x77 ...

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 PM

Posted 27 December 2009 - 10:30 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/02/27 16:42:25 | 00,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3820787255-212179727-3025591179-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At9.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At4.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At3.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At2.job
    [2009/12/26 03:00:10 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\At1.job
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C980DA7D
    @Alternate Data Stream - 1280 bytes -> C:\ProgramData\Microsoft:rtAWr9Mcibdx4lFrdfgIrdN
    @Alternate Data Stream - 1273 bytes -> C:\ProgramData\Microsoft:KDGjq9fFJiU5pX8yMQmNaS
    @Alternate Data Stream - 1253 bytes -> C:\Program Files\Common Files\System:bPAXUCNKRlDHOw96G4yc3a8n
    @Alternate Data Stream - 1233 bytes -> C:\ProgramData\Microsoft:Keioiyewasy11oQ2Bi9d
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7E95B6FD
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 27 December 2009 - 01:21 PM

Here's the log you requested. Also, on the Google searches, if a link tries to redirect me, if I refresh the search results and click on the same link again, it will go to the actual page rather than redirect me. And the redirecting doesn't happen every time I click on a link, only sometimes.

All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{2683E33E-2288-43F0-92C6-BAFB53558C27} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3820787255-212179727-3025591179-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\Windows\LastGood.Tmp\system32\DRIVERS\nvBridge.kmd deleted successfully.
C:\Windows\LastGood.Tmp\system32\DRIVERS\nvlddmkm.sys deleted successfully.
C:\Windows\LastGood.Tmp\system32\DRIVERS folder deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvapi.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvcod.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvcompiler.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvcuda.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvcuvenc.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvcuvid.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvd3dum.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvinfo.pb deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvoglv32.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\nvwgf2um.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32\OpenCL.dll deleted successfully.
C:\Windows\LastGood.Tmp\system32 folder deleted successfully.
C:\Windows\LastGood.Tmp\INF\oem73.inf deleted successfully.
C:\Windows\LastGood.Tmp\INF\oem73.PNF deleted successfully.
C:\Windows\LastGood.Tmp\INF folder deleted successfully.
C:\Windows\LastGood.Tmp folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
ADS C:\ProgramData\TEMP:C980DA7D deleted successfully.
ADS C:\ProgramData\Microsoft:rtAWr9Mcibdx4lFrdfgIrdN deleted successfully.
ADS C:\ProgramData\Microsoft:KDGjq9fFJiU5pX8yMQmNaS deleted successfully.
ADS C:\Program Files\Common Files\System:bPAXUCNKRlDHOw96G4yc3a8n deleted successfully.
ADS C:\ProgramData\Microsoft:Keioiyewasy11oQ2Bi9d deleted successfully.
ADS C:\ProgramData\TEMP:7E95B6FD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brandon
->Temp folder emptied: 305080788 bytes
->Temporary Internet Files folder emptied: 10091286 bytes
->Java cache emptied: 55603180 bytes
->FireFox cache emptied: 92438001 bytes
->Google Chrome cache emptied: 70320870 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70330 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 184220 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 776 bytes

Total Files Cleaned = 509.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12272009_130746

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj01.dll not found!

Registry entries deleted on Reboot...

#8 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 December 2009 - 12:40 AM

UPDATE: the redirecting hasn't happened in a while, but that doesn't mean that it's gone forever.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 PM

Posted 28 December 2009 - 11:00 AM

True, but if it's the only indication we have on an infection we have to take it into consideration.
Why don't you use the computer as your normally would for a day or two and get back to me. If everything is operating properly then I'll post some final steps for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 28 December 2009 - 01:53 PM

Will do, thanks.

#11 b_charlez

b_charlez
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 29 December 2009 - 08:30 PM

hasn't happened since...safe to say this is fixed? did any of those programs perform any fixes or did they just scan and record logs?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 PM

Posted 30 December 2009 - 02:26 PM

Take a look at post #7 and you'll see the action that we took to resolve your issue.


Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 PM

Posted 24 January 2010 - 03:50 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users