Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antispywar soft and virus help


  • This topic is locked This topic is locked
12 replies to this topic

#1 decna125

decna125

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 06:40 PM

hi. i have gotten a bunch of virus which i cannot remove i have followed the preparation guide but i cant get any off the progams to run.. the virus wont let me run anything it blocks everything. i believe i got the virus out of a torrent....... any help would be great.

also i have gotten a new icon on my taskbar bottom right of my screen it is antispyware soft and it keeps popping up saying stuff lie svchost.exe is infected cannot run..... explore.exe is infected when i open control panel i get the message control.exe is infected and so on.

Edited by decna125, 07 May 2010 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 07:04 PM

i would upload a screen hot but i cant open any .exe files atm....... and none of my hotkeys/keyboard commands will work

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:38 AM

Posted 07 May 2010 - 07:06 PM

Hi decna125 and welcome to Bleeping Computer.

Let's try and have a better look at things.
These links are not to .exe files, so stand a chance of running.
  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Posted Image
  • Now copy the lines below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
    .
  • Click the Run Scan button.

    Posted Image
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
Thanks

Edited by Starbuck, 07 May 2010 - 07:08 PM.

BBPP6nz.png


#4 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 07:14 PM

ARG cant open it ..... i get the message. Application cannot be executed. the file otl.scr is infected do you want to activate your antivirus software now?'



also hve a pop up says: INFILTRATION ALERT, your computer is being atacked by an internet virus. it could be a password-stealing attack, a trojan- dropper or similar. DETAILS attack from 111.54.32.11, port 16609
attacked port 2309

Edited by decna125, 07 May 2010 - 07:16 PM.


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:38 AM

Posted 07 May 2010 - 07:27 PM

Ok then, let's try this:

Did OTL download to your desktop?
if so... leave it there.

Download OTH to your desktop.
right click on the link and select 'Save Link/Target As'.
  • Click on the OTH icon to run the program.

    Posted Image
  • Click on the Posted Image button.
    Your Desktop will go blank.
  • Now click on the Posted Image button.

    Posted Image
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Now click on the Posted Image button.
When the scan has completed, click on the Posted Image button.
This will load your browser so that you can copy/paste the OTL.txt and Extra.txt reports in your next reply.
Once posted:
Click on the Posted Image button to restart your computer.

If your prefer to use Firefox ( or IE won't run) click on 'Start Misc Program' and select Firefox.

Edited by Starbuck, 07 May 2010 - 07:29 PM.

BBPP6nz.png


#6 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 07:44 PM

OTL logfile created on: 8/05/2010 10:38:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\declan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 11.39 Gb Free Space | 9.78% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 42.63 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive E: | 561.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAY
Current User Name: declan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\declan\Downloads\OTH.scr (OldTimer Tools)
PRC - C:\Users\declan\Downloads\OTL.com (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\declan\Downloads\OTL.com (OldTimer Tools)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15157&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {f6bf92e0-b190-11dd-ad8b-0800200c9a68}:1.0.3
FF - prefs.js..keyword.URL: "http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/23 14:20:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 23:04:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 01:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 11:56:21 | 000,000,000 | ---D | M]

[2009/07/11 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Extensions
[2009/07/11 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/08 00:06:31 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions
[2009/08/26 13:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/11 21:22:07 | 000,000,000 | ---D | M] (Save extension) -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}
[2010/04/05 23:56:04 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\anttoolbar@ant.com
[2010/04/08 21:35:15 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\toolbar@ask.com
[2009/09/13 19:04:04 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\m9kdiv30.default\extensions
[2009/09/13 19:04:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\m9kdiv30.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/13 19:04:04 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\m9kdiv30.default\extensions\anttoolbar@ant.com
[2010/04/08 21:35:18 | 000,002,426 | ---- | M] () -- C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\searchplugins\askcom.xml
[2010/05/08 00:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/11 21:19:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\AwesomeBestShoppingTipsProgram@AwesomeBestShoppingTipsProgram

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AwesomeBestShoppingTipsProgram) - {6B0DA396-2DEE-E4C6-D02B-575FF7159670} - C:\Program Files\AwesomeBestShoppingTipsProgram\AwesomeBestShoppingTipsProgram.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {AAFEF632-A8D7-4C59-925C-B7FAAA1B9CC5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Stinger Mouse Driver\wh_exec.exe ()
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [tvvlowmy] C:\Users\declan\AppData\Local\rhauqojom\eqwqatjtssd.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\declan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration The Settlers II - 10th Anniversary.LNK = D:\The Settlers II - 10th Anniversary\bin\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\declan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\declan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/23 23:07:39 | 000,778,240 | R--- | M] (Funatics Studio alpha Ltd. & Co. KG) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/17 23:52:00 | 000,000,068 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/08/23 23:07:39 | 000,778,240 | R--- | M] (Funatics Studio alpha Ltd. & Co. KG)
O33 - MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\Shell\AutoRun\command - "" = H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\Shell\open\command - "" = H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 00:18:06 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Local\rhauqojom
[2010/05/04 20:32:55 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Roaming\dvdcss
[2010/04/23 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\declan\Documents\ft_v030
[2010/04/21 22:51:03 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Local\S2
[2010/04/21 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\declan\Documents\S2
[2010/04/21 21:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010/04/16 17:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/13 22:56:55 | 000,000,000 | ---D | C] -- C:\Users\declan\Documents\Metal Slug - 1st Mission (JUE)
[2010/04/13 22:23:16 | 000,000,000 | ---D | C] -- C:\Users\declan\Documents\Super Smash Bros
[2010/04/11 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Roaming\vlc
[2010/04/11 01:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/08 21:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/08 21:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/04/08 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Roaming\uTorrent
[2008/06/03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/31 04:29:26 | 000,733,184 | ---- | M] () -- C:\Users\declan\Desktop\PLAY.exe
[2010/05/08 10:40:43 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/08 10:40:43 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/08 10:40:43 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/08 10:39:16 | 000,000,000 | ---- | M] () -- C:\Users\declan\AppData\Local\prvlcl.dat
[2010/05/08 10:37:57 | 002,883,584 | -HS- | M] () -- C:\Users\declan\NTUSER.DAT
[2010/05/08 10:37:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BE2F133E-3985-413B-A77E-D6A4AB87898D}.job
[2010/05/08 10:34:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/08 10:34:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/08 10:34:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/08 10:34:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/08 10:34:01 | 1876,090,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 09:31:24 | 000,000,000 | ---- | M] () -- C:\Users\declan\defogger_reenable
[2010/05/08 09:29:59 | 000,000,519 | ---- | M] () -- C:\Users\declan\Desktop\dds - Shortcut.lnk
[2010/05/08 09:08:19 | 000,524,288 | -HS- | M] () -- C:\Users\declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/08 09:08:19 | 000,065,536 | -HS- | M] () -- C:\Users\declan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/08 00:39:28 | 000,007,512 | ---- | M] () -- C:\Users\declan\AppData\Local\d3d9caps.dat
[2010/05/08 00:31:08 | 000,000,874 | ---- | M] () -- C:\Users\declan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration The Settlers II - 10th Anniversary.LNK
[2010/05/07 23:54:26 | 000,000,072 | ---- | M] () -- C:\Users\declan\Documents\aionmemo_5a977443.dat
[2010/05/07 19:14:55 | 059,673,903 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/07 08:21:41 | 004,827,109 | ---- | M] () -- C:\Users\declan\youtube.YouTube_-_MW2_Camper_Song_Parody_NeW_2010_-_why'd_you_snipe_me.mp4
[2010/05/07 08:20:27 | 006,739,586 | ---- | M] () -- C:\Users\declan\youtube.YouTube_-_MW2_SONG_PARODY_-_Blame_It_(On_the_Lag)_NEW_2010.mp4
[2010/05/07 08:18:42 | 022,467,274 | ---- | M] () -- C:\Users\declan\youtube.YouTube_-_Tik_Tok_-_Ke$ha_Parody.mp4
[2010/05/07 08:15:38 | 020,181,328 | ---- | M] () -- C:\Users\declan\youtube.YouTube_-_How_Low_-_Ludacris_Parody.mp4
[2010/05/07 08:13:32 | 024,460,516 | ---- | M] () -- C:\Users\declan\youtube.YouTube_-_The_Midnight_Beast_-_Feat._ST£FAN_-_Tik_Tok_Ke$ha_Parody.mp4
[2010/05/07 00:09:17 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/06 14:59:05 | 000,000,411 | ---- | M] () -- C:\Users\declan\Desktop\World of Warcraft.lnk
[2010/05/03 01:23:17 | 000,082,432 | ---- | M] () -- C:\Users\declan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 14:36:51 | 000,000,134 | ---- | M] () -- C:\Users\declan\Desktop\Connect To - Shortcut.lnk
[2010/04/28 20:54:24 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/04/27 14:23:15 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/21 22:48:10 | 000,000,851 | ---- | M] () -- C:\Users\declan\Desktop\The Settlers II - 10th Anniversary - Map Editor.lnk
[2010/04/21 22:48:10 | 000,000,817 | ---- | M] () -- C:\Users\declan\Desktop\The Settlers II - 10th Anniversary.lnk
[2010/04/21 22:18:12 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2010/04/21 21:49:42 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010/04/21 08:45:02 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/11 23:12:51 | 005,019,036 | ---- | M] () -- C:\Users\declan\l.ps
[2010/04/11 01:43:54 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/04/08 21:34:02 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 09:31:24 | 000,000,000 | ---- | C] () -- C:\Users\declan\defogger_reenable
[2010/05/08 09:29:59 | 000,000,519 | ---- | C] () -- C:\Users\declan\Desktop\dds - Shortcut.lnk
[2010/05/08 00:43:41 | 1876,090,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/08 00:31:05 | 000,000,874 | ---- | C] () -- C:\Users\declan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration The Settlers II - 10th Anniversary.LNK
[2010/05/07 08:20:32 | 004,827,109 | ---- | C] () -- C:\Users\declan\youtube.YouTube_-_MW2_Camper_Song_Parody_NeW_2010_-_why'd_you_snipe_me.mp4
[2010/05/07 08:18:55 | 006,739,586 | ---- | C] () -- C:\Users\declan\youtube.YouTube_-_MW2_SONG_PARODY_-_Blame_It_(On_the_Lag)_NEW_2010.mp4
[2010/05/07 08:16:28 | 022,467,274 | ---- | C] () -- C:\Users\declan\youtube.YouTube_-_Tik_Tok_-_Ke$ha_Parody.mp4
[2010/05/07 08:13:37 | 020,181,328 | ---- | C] () -- C:\Users\declan\youtube.YouTube_-_How_Low_-_Ludacris_Parody.mp4
[2010/05/07 08:10:53 | 024,460,516 | ---- | C] () -- C:\Users\declan\youtube.YouTube_-_The_Midnight_Beast_-_Feat._ST£FAN_-_Tik_Tok_Ke$ha_Parody.mp4
[2010/05/01 14:36:51 | 000,000,134 | ---- | C] () -- C:\Users\declan\Desktop\Connect To - Shortcut.lnk
[2010/04/21 22:48:10 | 000,000,851 | ---- | C] () -- C:\Users\declan\Desktop\The Settlers II - 10th Anniversary - Map Editor.lnk
[2010/04/21 22:48:10 | 000,000,817 | ---- | C] () -- C:\Users\declan\Desktop\The Settlers II - 10th Anniversary.lnk
[2010/04/11 23:12:22 | 005,019,036 | ---- | C] () -- C:\Users\declan\l.ps
[2010/04/11 01:43:54 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/04/08 21:34:02 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/22 13:35:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/11/04 11:37:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/11/04 11:37:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/11/04 11:37:28 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/11/02 07:42:22 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/10/10 03:07:56 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/19 14:34:31 | 000,000,107 | ---- | C] () -- C:\Windows\System32\WLL.ini
[2009/07/14 19:25:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/10 17:36:33 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/10 17:35:52 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/07/10 15:14:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/09 21:56:11 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/04 13:21:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/23 16:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/07 16:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2007/10/01 16:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 17:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 08:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/15 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/04/21 21:46:46 | 000,000,000 | -HSD | M] -- C:\Users\declan\AppData\Roaming\.#
[2009/07/10 21:03:40 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/10/10 03:07:30 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\DAEMON Tools Pro
[2010/01/22 18:17:31 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\LaxiusForceII_Saves
[2010/04/28 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\LimeWire
[2009/11/02 02:05:47 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Red Alert 3
[2009/08/08 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\Save
[2009/10/10 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\SPORE
[2010/05/08 10:34:50 | 000,000,000 | ---D | M] -- C:\Users\declan\AppData\Roaming\uTorrent
[2010/03/26 19:21:52 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/08 10:37:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BE2F133E-3985-413B-A77E-D6A4AB87898D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\declan\Documents\Dragonball Z (DBZ) - Movie 1 - The Dead Zone.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\declan\Documents\Dragonball DB Dragon Ball Z GT - Episode 176 - Saving The World.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\declan\Documents\DBZ - 175 Dragonball Z - Episode 175 Cell Games Saga - The Horror won't End.avi:TOC.WMV
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FA1999D1

OTL Extras logfile created on: 8/05/2010 10:38:33 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\declan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 11.39 Gb Free Space | 9.78% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 42.63 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive E: | 561.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAY
Current User Name: declan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1865236975-3553268371-2394008576-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0226A798-B667-4063-98A5-0B0636BE2784}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{059F1103-D728-4181-B7BC-C479632CD59E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08FBD367-B021-4CD3-BCBF-8C0753B657E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11FC4DA7-B44A-4AA9-ADA7-9F9B3D2BC982}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BCA2E92-4A93-4A3C-8898-606C69AE8AE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E1E6855-891D-4FF7-AEE1-5943B57E1F49}" = rport=2869 | protocol=6 | dir=out | app=system |
"{204171EF-F949-4DBF-BE81-23C5ADD405C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2626E01B-E0FA-453E-B2C8-8134B7142F32}" = rport=139 | protocol=6 | dir=out | app=system |
"{28C399AD-4B86-42FF-B9DA-BDBD661DD836}" = lport=137 | protocol=17 | dir=in | app=system |
"{31E4B161-EB1D-4B99-93DF-6BCFF5EBEB4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D09FE3C-1A76-44C0-9FF9-3ED746644EF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{490933E0-7BAC-4083-885C-EED0F4528798}" = rport=445 | protocol=6 | dir=out | app=system |
"{49F88F08-2058-4CFE-9D8D-EB704F7A4ADD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50AAED0B-7F0C-4DC6-AEC1-E6BA4EA06023}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{5594CCF7-5027-48D6-9A63-41EC58148EA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{571592E4-8255-4B25-B2C0-1BECC40B2C3F}" = lport=138 | protocol=17 | dir=in | app=system |
"{62C62297-8886-425B-A1CC-D9A85872A08D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6E6501C0-DE5A-49EB-B5D8-2DD6433049AF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7374B324-54CC-485A-A585-A62306FA4D8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86268847-4AD1-4349-A87D-AE6E1C8259D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{88384577-AE1B-452C-BDB8-9A1FC23AABB2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95552530-5F40-4556-8323-B689242E17D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{984AD7B1-66F4-4E27-995A-E2931D73E3BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CD90ADF-9AE4-4AC9-A56C-4AC03DAD7805}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1F8F2AD-1654-42E1-838F-DA9F053A3302}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B536A2C5-5E3A-45C1-9114-987FC7245248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BC4CC363-941B-4196-BB54-D9C70EB808EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD8C2513-A3EB-467F-BB8E-6F06BC1D978A}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE5C30A6-3E24-473F-B916-A5D939C0D899}" = lport=139 | protocol=6 | dir=in | app=system |
"{CEAE2155-F4AF-4ED9-887A-D0D3A0EF12C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D409BC04-3A14-4C1C-95F1-CE470C3C0428}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD615B50-567C-4C30-9FB5-1A09B5C72667}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEF65A5A-1656-468B-B6FA-51ED29AB1BF0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E283642D-6385-4C9F-B319-6644B6315DD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E7457CE1-2316-465D-A2E9-B163799AD3AC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9AC6E28-15D1-4830-864E-768D9F7BEE6E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F375A976-F8C8-4542-AE0A-E89C9D5EE901}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FB3096EA-7E40-44D0-9E72-08BCA32C4CC2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FFE064C8-82FA-461E-8ACC-32F93D5EE3DA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003B57B5-338A-488B-BC03-0A1BB1971248}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{01672BE4-B911-473F-9B8D-ABAED35BEF9A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0CA99C4F-FC4E-43D4-840F-A8BFC5A022C9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{12EA7B8B-6ED3-4589-97A4-789509138AA6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{136B8F09-665D-43FD-9C5E-2B1A52A7C9BF}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{17495F3F-982A-4C26-B84F-C0AC048F21F1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{18B34BFF-C4C2-426E-92D4-5967F9D6E53E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1CD15428-C5EB-46B3-8D0D-7786FFED5362}" = protocol=17 | dir=in | app=c:\program files\ncsoft\launcher\nclauncher.exe |
"{1F098B95-3700-4100-826F-101EB904964E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{205F2AA2-72D0-4A93-BA9F-29D2FE58498A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A0BC2FD-B509-4C7B-A1CC-810798FB1A5F}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{2D38CD3B-ACDE-4CBF-B908-8B86BF8E9A1C}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{30CA70DB-87DE-4B65-B981-076D609CB871}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{32062EB3-CE12-4283-9A48-900C9D78BC74}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{33FD3281-1C29-4D51-B06D-93BB1E42B2C4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3547D236-1C63-4FC1-9206-59F609A64982}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{36AC6B35-7258-41F4-8613-F63DB7FB0BF2}" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{396BC725-7E38-433A-AB63-C4484193D976}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{3B0F0F39-BA03-42C4-922D-00F534BF92F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46AB7785-A710-4490-A09D-D2136E64C775}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{474B6551-3119-4F0A-9C8D-AD10E888A980}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{49C6CE38-3088-4F65-A69F-1B8F5A017121}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4CA377AC-4C36-4389-AC3A-F0444457ABBA}" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"{53965F61-C8CA-444E-B8C1-648C6F230722}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{53BAD816-C2B4-4CEF-B857-0B57993BD00C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{56698856-D305-4524-8682-3B8760C33B8C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{56E923FF-5E9E-4329-B854-1E768D52C560}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{5CEDEF09-5A8F-45C3-99C9-B63DC7F99A37}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\galcon fusion\galconfusion.exe |
"{5D76E5DD-0EED-4D97-A325-30AEAF9C5F99}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{609E762D-2137-4A4C-9F66-7974E8BF6BA3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\zerogear.bat |
"{684FFE35-7598-4261-BE4B-BDD6925D6123}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{735B52FA-2F72-4977-A83B-53F3A9676BB8}" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{73782D64-80A1-4C92-85B1-C73D162330BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73C2BC21-3827-44B9-83D4-529232D9F0E4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{77A99E6B-3783-45B9-9CC6-8CA9DD2FC763}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7EC1C892-6E3F-4257-BBF4-7351709610DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{807D82C1-DAC3-42B2-BA49-F476BEAF2767}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{83BC3177-4264-434E-892D-45BD975F7128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{844C503A-4C00-4BDE-B2BD-D3D8A92A48FD}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8CF92268-7DD7-4A0A-9473-0B7661FDAB2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DADFDFA-8982-4D59-887E-DC6F2977C398}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8EC90B0B-3FDB-426E-841C-3D865A24C42B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{948CC1DC-CC07-45B2-A27B-D854F4BF6961}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{954634A9-8749-45DF-ABF9-108FC3FB6E28}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{955BAF9D-7697-4EED-85E0-59D9155E09C8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{958F95F7-D7B3-46DD-B44C-AD6C03226862}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{96FA7902-8542-46B1-BA70-01D5361E8D83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CBEBF7B-C13B-426C-92C2-A5700F5BFC8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F3507E3-22BC-4736-A5AF-27C7B570654D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A09F7F7B-EC39-4FEF-B8D8-3BBCAD5AEDDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3EBAAD8-BAC8-49F8-9509-7595B1BAF808}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC950A8A-5111-458A-803C-A0AFC45FBDAC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\galcon fusion\galconfusion.exe |
"{BEFC228A-624E-439F-80B6-3D2E4B7FBD30}" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"{C391732E-5DEC-435D-B6AE-E114463F9C08}" = protocol=6 | dir=in | app=c:\program files\ncsoft\launcher\nclauncher.exe |
"{C44014F8-8A9F-491E-A4FA-DFA77CBAE42B}" = protocol=6 | dir=out | app=system |
"{D1004216-0BB3-4779-81DD-80A57048ABFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58557A1-B2FF-47F1-88FE-6161A7C17EA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1D970AE-E43C-4EDE-B2F9-828E57268780}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E588B644-6E47-408A-8B97-513EF0C2929B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F260DEB1-7D85-425F-8CCD-1BAE4D3B61C5}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{F4E6C191-9306-483F-834F-10629D28D1B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCAA28E0-84DE-4757-9394-3D598A959B41}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE4BADF4-6A31-44BD-98F0-8B230B455671}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{FEFF198A-0868-4518-BBF8-4CF1C973B1BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"TCP Query User{0D2686F2-F249-4ACA-981E-515611E0ADDD}F:\sav\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=f:\sav\savage 2 - a tortured soul\savage2.exe |
"TCP Query User{0EA35241-64DA-4911-957B-5BC8B68C5A41}C:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"TCP Query User{21DF4482-5397-45CE-8C3D-51F104EE9EB2}C:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe |
"TCP Query User{31818CAF-7429-4BAA-A9C0-78AE9060A739}H:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.exe |
"TCP Query User{4B13A63A-9014-4563-A3A2-4BFA6DC1FA6B}D:\age\empires.exe" = protocol=6 | dir=in | app=d:\age\empires.exe |
"TCP Query User{51293946-85E3-4427-971B-3B7F1FC3D77E}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{5885666B-F1D5-4C62-946F-AB2D22594C6A}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{5A7B88F2-D3AD-4873-9E3A-4842D7F88699}H:\broodwar\starcraft.exe" = protocol=6 | dir=in | app=h:\broodwar\starcraft.exe |
"TCP Query User{80A349D0-D496-48B3-AC52-B05FD1EBA61A}D:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{837E74B1-D3FD-4C5D-9E0F-35AFBDD671AB}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{888D323C-FA8E-4B8B-BC05-D73ADABA2D0C}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{8D3C3099-BA15-4952-A219-3A9582B0A5DC}C:\users\declan\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\declan\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{909FA7E7-2C60-4B1D-B74D-156DF43C970C}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{9D48A583-E553-4CE7-8710-C3B94F905A13}C:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe |
"TCP Query User{9E2F2556-3F68-4F52-BA99-B12E1B1DE794}H:\cs\hl.exe" = protocol=6 | dir=in | app=h:\cs\hl.exe |
"TCP Query User{A00A7FA6-70B0-4C21-A2B9-4D0581690064}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B1DF939A-7782-4504-A613-813000BEFC14}C:\python23\pythonw.exe" = protocol=6 | dir=in | app=c:\python23\pythonw.exe |
"TCP Query User{BC7F46B2-DDF4-4B2E-81A9-2298CBFBC051}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{BF535040-9253-4AC7-AB2E-FB400BBFABD0}D:\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{CBCAEFE0-31CF-45A1-9E34-3FB95E6950F7}D:\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{D75E1A85-A84D-4245-828D-14869B54A4C9}E:\easysetupassistant\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |
"TCP Query User{DD95B0A8-F9C3-42D3-BC7D-0DDA9FD3AA84}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{000F44DB-3389-44BD-BFF9-2B1A314DAE19}D:\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{056CCAFE-C530-473C-B7D0-67DD4F3389EC}D:\age\empires.exe" = protocol=17 | dir=in | app=d:\age\empires.exe |
"UDP Query User{05A1E291-2E9D-45A9-9826-16F036CC7488}C:\python23\pythonw.exe" = protocol=17 | dir=in | app=c:\python23\pythonw.exe |
"UDP Query User{0EA8BD71-2716-41B3-A15F-DA05CAECCC70}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{0EFFAABC-B50C-4811-80D3-4024C58488E5}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{0FA797C0-BF14-476A-9DBC-11B1A1069E24}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{17A69C3D-6223-4436-BCF9-03CAAC518139}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{2ED10EB3-7702-462F-B051-D4E916C83CC8}D:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{3E7C69F0-F2AE-4F2F-9747-B03E3BC7F392}H:\broodwar\starcraft.exe" = protocol=17 | dir=in | app=h:\broodwar\starcraft.exe |
"UDP Query User{5568892B-BF5E-4B83-8CAC-1A11199A4A1C}C:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe |
"UDP Query User{5AE61B20-350F-4C3B-9DA1-68E323F24996}H:\cs\hl.exe" = protocol=17 | dir=in | app=h:\cs\hl.exe |
"UDP Query User{7F63CDBE-1239-40D4-8122-0845640F06DE}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{85327585-3CE1-40F8-B832-AE06906B5303}F:\sav\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=f:\sav\savage 2 - a tortured soul\savage2.exe |
"UDP Query User{89E74D63-0F41-42E6-82DB-FCC2442364F2}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B130A5F6-620F-4B0A-946B-631426C15BD8}C:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stargate resistance\binaries\win32\sgbgame.exe |
"UDP Query User{B467F652-B5B7-46DA-92D2-0D2E3E2715C9}C:\users\declan\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\declan\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{BF235C64-E00F-45B6-BF8B-F76FD1C9B032}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D9228835-9DDC-45DC-9445-0CF59984B461}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{DD0A65AB-3727-4934-93F7-449E6484FC65}H:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.exe |
"UDP Query User{E11B7E73-C43A-4150-AA10-2C858FE4B894}C:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"UDP Query User{E7DC6997-E824-450C-A895-3A415D5190AF}D:\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{F5259A72-0032-4819-A37B-DAE2E3B63012}E:\easysetupassistant\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\easysetupassistant.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C0AAB0-61A8-0E74-86C3-2155449E3B25}" = CCC Help English
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{042735EA-E4A4-0C5C-06C1-C60B3A5BAABD}" = Catalyst Control Center Localization Chinese Standard
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{049DCCC7-1998-4423-9C52-4A2A70B8B32D}" = Aion
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0746F744-5C03-0686-7B8F-7D19B0D4AF8C}" = Catalyst Control Center Localization Thai
"{09001F1A-0B74-0589-2766-D3EACC8B33B1}" = Catalyst Control Center Localization Chinese Traditional
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1204A4B6-C995-D11F-6730-9A8C1546DCA7}" = Catalyst Control Center Localization Swedish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15A034FD-503D-36B0-AA10-B6B8B3E3336B}" = Catalyst Control Center Localization Polish
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F0B83-ECE1-5E19-3124-533AA2837E2E}" = Catalyst Control Center Localization Hungarian
"{1AF2006B-F09D-4A03-A240-86DE18F8F04D}" = Virtual Woman Millennium Edition Beta .953
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DC962F-067C-50E8-7F95-1B0183B18CB7}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{302033BC-A3A3-87C8-4589-BAD43399177A}" = CCC Help Danish
"{34186664-31AA-0AB1-0058-75EF3ED7F421}" = Catalyst Control Center Localization Finnish
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37F846DB-AD84-F4D2-5291-1F59AA721A32}" = ccc-utility
"{38D3A025-CBB0-45A3-CF02-7278DF751DC3}" = ccc-core-static
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3933DDBD-4116-3619-8BCE-A16AA10BA819}" = Catalyst Control Center Graphics Full New
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{415EB713-1940-D93B-69E3-002079D027C8}" = Catalyst Control Center Localization Italian
"{4F9AD108-1767-B6F3-2B69-5374AECBF0CE}" = CCC Help Hungarian
"{516A594B-FEFF-4521-B857-69809AB266FF}" = VC8&9 CRT and ATL
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52619A49-6701-96C0-4D72-7E22D751D01D}" = Skins
"{53D4AE93-BC90-9C4F-5C4F-8FB156742018}" = Catalyst Control Center Localization Greek
"{54932BFD-5D20-876C-78B9-75F0FBBE9F16}" = CCC Help Czech
"{54BB6CC4-CF28-649A-E70D-4B4E5556F19F}" = CCC Help Polish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E708F3-8A7D-94F2-A7B2-3D3101BCDD61}" = CCC Help French
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C3588B7-36D1-B024-5015-CAE12B381FDA}" = Catalyst Control Center Localization French
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5E5210A0-A73D-4F8D-471B-D13CF8E7BA69}" = CCC Help Spanish
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B52A71-CE53-4EB3-2BBA-CBFA151A11FF}" = CCC Help Japanese
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67A7D0D8-4853-6024-A9B5-692D3B933840}" = Catalyst Control Center Localization Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{737C34C7-D989-86F4-B690-AFCA1277E263}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79545CD7-9402-068B-4B8C-0280A24670D5}" = CCC Help Finnish
"{798E43F8-C359-A8E7-C57C-F9B552976A30}" = Catalyst Control Center Localization Russian
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{7CF6AD33-12A4-6F7E-C4F5-40A998D1430E}" = Catalyst Control Center Localization Korean
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82BC1BC7-8CA3-7391-0A09-FF660A103FB6}" = Catalyst Control Center InstallProxy
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0C04-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0C04-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0C04-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981CC000-690F-D82F-CC71-399B01887C01}" = Catalyst Control Center Graphics Full Existing
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A473F2F2-A42F-65DB-E41D-742877FED1D6}" = ATI Catalyst Install Manager
"{A5EA3702-BDD2-6BFA-2E2E-A84D670E5967}" = CCC Help Italian
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A91316CE-9ADE-FBD2-E35A-CC4F3D85DE8A}" = Catalyst Control Center Localization Danish
"{AA161C2A-82CC-CF2C-140B-DDC0891F5C5C}" = CCC Help Greek
"{AAFEF632-A8D7-4C59-925C-B7FAAA1B9CC5}" = Mirar
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BED73C02-5A45-6E68-F2C0-BEBA766D17D7}" = CCC Help Thai
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C0129400-CBF2-3FEF-4CC0-0627A18D0C35}" = CCC Help Chinese Standard
"{C01A0960-C988-B8FD-F3A1-4C09DD8C52BE}" = Catalyst Control Center Localization Japanese
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CDA591C3-01C2-79CF-8AA7-E84AF35A2993}" = CCC Help Dutch
"{CE16F42C-1D4B-5F71-BEC6-A47BE9E49163}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAF3507-FCB3-11D2-850C-00C0F01410B1}" = Majesty
"{D2CF122C-52FB-070C-B970-67D078F96CBD}" = Catalyst Control Center Localization German
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D696B8A1-5293-78CA-AA70-E0F55889818C}" = CCC Help Korean
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEFE394E-DD0A-9C22-D186-9FD336F7F676}" = CCC Help Portuguese
"{E158ABAD-0978-BDD1-02CD-20B479FCECA8}" = Catalyst Control Center Localization Norwegian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9A63121-373F-2776-C249-6BB4450CDAF1}" = Catalyst Control Center Localization Portuguese
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE8B7438-53E8-4DE9-B857-62CB8094FF0B}" = Aion
"{EEF3EE91-1031-808E-BEAD-B580359CD1F6}" = Catalyst Control Center Graphics Light
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F011218A-519F-C6B5-A115-87CE7F229C60}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2956220-816B-52C8-4C20-AD11CDAF1818}" = Catalyst Control Center Localization Spanish
"{F4A08B70-E901-6634-C2AB-B00957BBF829}" = Catalyst Control Center Localization Turkish
"{F4CBAB7B-E2BE-0364-3DC6-20770C3F411B}" = CCC Help German
"{F530F970-8DEB-A422-2B49-4BBD3CEA2A72}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F784910A-43D4-A7DB-ACE6-CA909C298671}" = CCC Help Turkish
"{F887F9CA-FB5C-6428-6972-2C2D971F6ED0}" = Catalyst Control Center Core Implementation
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE828082-ADFE-FAAF-A4C7-A67BA898C271}" = CCC Help Norwegian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"AVG9Uninstall" = AVG Free 9.0
"AwesomeBestShoppingTipsProgram" = FFAwesomeBestShoppingTipsProgram
"CCleaner" = CCleaner
"Diablo" = Diablo
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Garena" = Garena
"Google Desktop" = Google Desktop
"Hamachi" = Hamachi 1.0.1.5
"hon" = Heroes of Newerth
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LimeWire" = LimeWire 5.1.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"pygame-py2.3" = Python 2.3 pygame-1.6
"Python 2.3.5" = Python 2.3.5
"S2TNG" = The Settlers II - 10th Anniversary
"Steam App 1250" = Killing Floor
"Steam App 18110" = Shattered Horizon
"Steam App 18820" = Zero Gear
"Steam App 44200" = Galcon Fusion
"Steam App 49700" = Stargate Resistance
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tom Clancy's Rainbow Six" = Tom Clancy's Rainbow Six
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WheelMouse" = Stinger Mouse Driver 6.0.0.002
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Laxius Force II" = Laxius Force II
"Save" = Save

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/04/2010 9:45:25 PM | Computer Name = kay | Source = WinMgmt | ID = 10
Description =

Error - 16/04/2010 3:12:38 AM | Computer Name = kay | Source = Application Error | ID = 1000
Description = Faulting application wlcomm.exe, version 14.0.8064.206, time stamp
0x498cddf7, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00049e05, process id 0x934, application
start time 0x01cadd3431462940.

Error - 16/04/2010 6:14:37 AM | Computer Name = kay | Source = WinMgmt | ID = 10
Description =

Error - 16/04/2010 8:49:14 PM | Computer Name = kay | Source = WinMgmt | ID = 10
Description =

Error - 16/04/2010 9:58:45 PM | Computer Name = kay | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 8.2.0.23 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1688 Start Time: 01caddc82bffd65f Termination Time: 781

Error - 17/04/2010 11:21:15 AM | Computer Name = kay | Source = WinMgmt | ID = 10
Description =

Error - 17/04/2010 11:22:50 AM | Computer Name = kay | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 1.0.5.0, time stamp 0x4b64ae05,
faulting module vlc.exe, version 1.0.5.0, time stamp 0x4b64ae05, exception code
0xc0000005, fault offset 0x000016e8, process id 0x1208, application start time 0x01cade41cc1bd4f8.

Error - 18/04/2010 4:10:03 AM | Computer Name = kay | Source = WinMgmt | ID = 10
Description =

Error - 20/04/2010 6:43:12 PM | Computer Name = kay | Source = VSS | ID = 8194
Description =

Error - 20/04/2010 6:45:08 PM | Computer Name = kay | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 29/07/2009 1:11:48 AM | Computer Name = kay | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 29/07/2009 1:12:11 AM | Computer Name = kay | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/08/2009 8:16:50 AM | Computer Name = kay | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 18/10/2009 12:38:14 AM | Computer Name = kay | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/05/2010 10:44:49 AM | Computer Name = kay | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/05/2010 10:45:37 AM | Computer Name = kay | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 7/05/2010 7:07:56 PM | Computer Name = kay | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:46:34 AM on 8/05/2010 was unexpected.

Error - 7/05/2010 7:08:51 PM | Computer Name = kay | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 7/05/2010 7:14:09 PM | Computer Name = kay | Source = DCOM | ID = 10010
Description =

Error - 7/05/2010 7:32:57 PM | Computer Name = kay | Source = DCOM | ID = 10010
Description =

Error - 7/05/2010 8:32:02 PM | Computer Name = kay | Source = Service Control Manager | ID = 7034
Description =

Error - 7/05/2010 8:34:08 PM | Computer Name = kay | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:32:57 AM on 8/05/2010 was unexpected.

Error - 7/05/2010 8:34:52 PM | Computer Name = kay | Source = Service Control Manager | ID = 7034
Description =

Error - 7/05/2010 8:35:23 PM | Computer Name = kay | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
here they are

#7 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 08:26 PM

do you need any other information........

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:38 AM

Posted 07 May 2010 - 08:31 PM

Hi decna125

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

Step 1
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line )
:Otl
IE - HKCU\..\URLSearchHook: *{00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (AwesomeBestShoppingTipsProgram) - {6B0DA396-2DEE-E4C6-D02B-575FF7159670} - C:\Program Files\AwesomeBestShoppingTipsProgram\AwesomeBestShoppingTipsProgram.dll ()
O3 - HKLM\..\Toolbar: (no name) - {AAFEF632-A8D7-4C59-925C-B7FAAA1B9CC5} - No CLSID value found.
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [tvvlowmy] C:\Users\declan\AppData\Local\rhauqojom\eqwqatjtssd.exe ()
O33 - MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/08/23 23:07:39 | 000,778,240 | R--- | M] (Funatics Studio alpha Ltd. & Co. KG)
O33 - MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\Shell\AutoRun\command - "" = H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\Shell\open\command - "" = H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
[2010/05/08 00:18:06 | 000,000,000 | ---D | C] -- C:\Users\declan\AppData\Local\rhauqojom
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FA1999D1

:commands
[emptytemp]
[purity]
[EMPTYFLASH]
[RESETHOSTS]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.

    Posted Image
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

In your next reply, please submit:
OTL fix report
MBAM scan report


Thanks.

BBPP6nz.png


#9 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 May 2010 - 08:44 PM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B0DA396-2DEE-E4C6-D02B-575FF7159670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B0DA396-2DEE-E4C6-D02B-575FF7159670}\ deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram\AwesomeBestShoppingTipsProgram.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{AAFEF632-A8D7-4C59-925C-B7FAAA1B9CC5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAFEF632-A8D7-4C59-925C-B7FAAA1B9CC5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tvvlowmy deleted successfully.
C:\Users\declan\AppData\Local\rhauqojom\eqwqatjtssd.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d3d6346-1a1e-11de-a5b3-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be020a40-c77f-11de-8637-954637b3131f}\ not found.
File H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be020a40-c77f-11de-8637-954637b3131f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be020a40-c77f-11de-8637-954637b3131f}\ not found.
File H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
C:\Users\declan\AppData\Local\rhauqojom folder moved successfully.
ADS C:\ProgramData\Temp:FA1999D1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: declan
->Temp folder emptied: 1227636350 bytes
->Temporary Internet Files folder emptied: 2843048 bytes
->Java cache emptied: 145832 bytes
->FireFox cache emptied: 36862054 bytes
->Flash cache emptied: 4401 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 244000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,209.00 mb


[EMPTYFLASH]

User: All Users

User: declan
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05082010_114055

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#10 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 May 2010 - 01:46 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4076

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18813

8/05/2010 2:41:06 PM
mbam-log-2010-05-08 (14-41-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 288656
Time elapsed: 2 hour(s), 30 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}\components\SaveComponent.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{23kln5j0-4opm-11we-aax5-24ef1f387232} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\declan\AppData\Roaming\Mozilla\Firefox\Profiles\8xwr203u.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}\components\SaveComponent.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\declan\AppData\Roaming\Save\SaveUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:38 AM

Posted 08 May 2010 - 02:46 AM

Hi decna125

How's the system running now?

BBPP6nz.png


#12 decna125

decna125
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 08 May 2010 - 06:24 AM

all virus have gone and everything is running fine now thank you very much for all your help

#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:38 AM

Posted 08 May 2010 - 08:20 AM

Hi decna125

Glad to hear everything's ok.

To do the job properly, there are a few things we should do now:

Step 1
Your Java is out of date!

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click 'Select'.
  • Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Step 2
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,

    Posted Image
  • This will remove any programs we have asked you to download along with there associated folders.. plus itself.
Note:
MBAM will not be removed

Step 3

Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not have access to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

Click on Start... Control Panel... System and Maintenance... System
Click on System Protection in the left-hand task list.
Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

When you uncheck a disk you will be presented with a screen.
You should click on the Turn System Protection Off button.
Click Apply and then OK.

Reboot your computer.

Now:
Click on Start... Control Panel... System and Maintenance... System
Click on System Protection in the left-hand task list.
Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
Click Apply and then OK.

Your System restore will now be active again... starting with a new restore point.

Safe surfing. Posted Image

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users