Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware redirects Google Searches to random sites


  • This topic is locked This topic is locked
10 replies to this topic

#1 carabajal

carabajal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 28 July 2010 - 11:18 PM

Hello! I recently rid a virus using my antivirus software, but there is still a problem with my computer. Most of my Google searches are redirected to weird sites. I don't know what to do! Please help me! Thanks!

EDIT: I keep getting a "Host Process for Windows Services Stopped Working" error and I cannot access Windows Update. Oh and I get a blue screen of death in the middle of the GMER scan right after a Host Process error. So here is the DDS stuff and my HiJackThis log

Attached Files


Edited by Pandy, 29 July 2010 - 05:52 AM.
Moved from Vista to Malware Removal as logs are attached ~Pandy


BC AdBot (Login to Remove)

 


#2 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 01 August 2010 - 10:54 PM

I really hate to bump, but this virus is still on here, randomly making the the computer crash. Please help!

EDIT: Please be patient. There are over 450 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~BP

Oh, 7 days? You guys are really busy! Thanks, Ill see you in 7 days, until then, I'll be playing Star Craft 2

Edited by carabajal, 02 August 2010 - 12:47 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:14 AM

Posted 07 August 2010 - 01:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 08 August 2010 - 11:43 AM

Thank you for all your help! Here are the OTL files:

OTL.Txt

OTL logfile created on: 8/8/2010 9:07:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ivan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.19 Gb Total Space | 3.29 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 107.69 Gb Total Space | 81.49 Gb Free Space | 75.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN-PC
Current User Name: Ivan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/08 09:05:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ivan\Desktop\OTL.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/17 09:02:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/15 21:48:49 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Ivan\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/20 14:02:06 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/15 09:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 09:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/15 09:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 09:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/04/10 23:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/10 23:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/20 05:04:11 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Ivan\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/01/23 19:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/23 19:28:00 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/01/23 19:28:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/23 19:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/20 19:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 02:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/02 06:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 07:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 09:05:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ivan\Desktop\OTL.exe
MOD - [2009/04/10 23:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/20 14:02:06 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/01 20:05:32 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/15 09:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 09:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/07/13 17:04:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/23 19:28:00 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ifp300.sys -- (IFP300)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ivan\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/07 10:04:18 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/08/31 17:23:47 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/20 15:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 12:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/30 14:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/05 19:51:08 | 007,497,792 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/05 18:22:32 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/25 00:41:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/01/23 19:29:00 | 001,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/23 19:29:00 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/01/23 19:29:00 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/01/23 19:29:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/23 19:29:00 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/23 19:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/23 19:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/23 19:28:00 | 000,192,816 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:20 | 000,034,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 05:07:26 | 000,059,952 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/01/03 05:07:24 | 000,018,480 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/01/03 05:07:24 | 000,016,432 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/10/30 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 17:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 06:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 9B 13 3C E8 2E CB 01 [binary data]
IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 18:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 18:13:02 | 000,000,000 | ---D | M]

[2008/06/20 17:24:06 | 000,000,000 | ---D | M] -- C:\Users\Ivan\AppData\Roaming\Mozilla\Extensions
[2010/08/05 22:09:02 | 000,000,000 | ---D | M] -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions
[2010/06/12 08:54:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 19:01:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/12 23:30:38 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/07/10 01:55:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/12 08:54:28 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/16 09:39:14 | 000,000,000 | ---D | M] -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\activegs@freetoolsassociation.com
[2009/10/03 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\extensions\battlefieldheroespatcher@ea.com
[2008/06/30 09:55:41 | 000,000,891 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\dictionarycom.xml
[2008/08/22 16:18:45 | 000,002,300 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\encyclopedia-dramatica-.xml
[2008/11/15 10:24:31 | 000,002,254 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\the-vault-en.xml
[2008/09/17 19:00:38 | 000,002,006 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\urban-dictionary.xml
[2009/08/29 15:53:21 | 000,001,287 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\wiibrew.xml
[2008/06/21 17:53:55 | 000,002,109 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\youtube-video-search.xml
[2009/12/26 09:04:42 | 000,002,263 | ---- | M] () -- C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwj4nw59.default\searchplugins\zeldapedia-en.xml
[2010/08/05 22:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-3949298007-4286406380-1144867493-1000..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{327f9fe1-427e-11dd-a6f9-d74bfae5bb50}\Shell - "" = AutoRun
O33 - MountPoints2\{327f9fe1-427e-11dd-a6f9-d74bfae5bb50}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{426c3ebf-0add-11df-b8fe-d2661caeee84}\Shell - "" = AutoRun
O33 - MountPoints2\{426c3ebf-0add-11df-b8fe-d2661caeee84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d5e02843-aec6-11de-8742-d5e52bbbf152}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e02843-aec6-11de-8742-d5e52bbbf152}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fad36b82-80b2-11dd-9e9d-cce1bdbd785a}\Shell - "" = AutoRun
O33 - MountPoints2\{fad36b82-80b2-11dd-9e9d-cce1bdbd785a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iRiver Updater - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\oovoo.exe File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PLFSet - hkey= - key= - C:\Windows\PLFSet.DLL ( )
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {11BB2FCA-560D-7790-3956-77A638AB13AA} - Microsoft Windows Media Player 11.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4062650D-E922-59FE-FA1D-738C89D508BE} - Microsoft Windows Media Player 11.0
ActiveX: {4430F551-F85A-B8AD-68AF-5233D5DBB405} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7B98AA28-7129-12B4-0967-B55C66F6FEDD} - Internet Explorer
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A82E32A-E539-AC41-88FF-397BB0CBA186} - Themes Setup
ActiveX: {A022CB2D-ACA0-1EC0-1989-BD7CC6EFCA0B} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DE3B5042-B461-7725-F126-B7D3CF51E836} - Microsoft Windows Media Player 11.0
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/08 09:05:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ivan\Desktop\OTL.exe
[2010/07/29 01:48:04 | 000,000,000 | ---D | C] -- C:\Users\Ivan\AppData\Roaming\.minecraft
[2010/07/28 21:30:57 | 000,000,000 | ---D | C] -- C:\Users\Ivan\Desktop\gmer
[2010/07/28 21:08:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/28 21:08:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/28 21:08:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/28 21:07:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/28 21:05:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/28 21:05:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/28 21:04:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/28 20:14:07 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/07/28 20:14:07 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/07/28 20:14:06 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/07/28 20:14:06 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/07/28 20:14:00 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/07/28 20:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/28 20:13:38 | 000,000,000 | ---D | C] -- C:\Users\Ivan\AppData\Roaming\PC Tools
[2010/07/28 20:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/07/28 20:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/27 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\Ivan\AppData\Roaming\Malwarebytes
[2010/07/27 17:38:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/27 17:38:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/27 17:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/27 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/03/30 02:33:45 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/03/30 02:33:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/02/05 16:14:47 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/08 09:08:06 | 024,903,680 | -HS- | M] () -- C:\Users\Ivan\ntuser.dat
[2010/08/08 09:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 09:07:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 09:05:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ivan\Desktop\OTL.exe
[2010/08/08 09:03:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3949298007-4286406380-1144867493-1000UA.job
[2010/08/08 09:03:15 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/08 09:03:08 | 000,056,160 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/08 09:03:08 | 000,056,160 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/08 09:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 09:02:49 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3949298007-4286406380-1144867493-1000Core.job
[2010/08/06 17:35:30 | 000,701,564 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 17:35:30 | 000,602,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 17:35:30 | 000,104,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/06 17:30:45 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 17:30:45 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 17:30:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/06 15:34:10 | 000,524,288 | -HS- | M] () -- C:\Users\Ivan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/06 15:34:10 | 000,065,536 | -HS- | M] () -- C:\Users\Ivan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/06 15:33:38 | 006,291,456 | -H-- | M] () -- C:\Users\Ivan\AppData\Local\IconCache.db
[2010/08/06 13:29:19 | 000,668,836 | ---- | M] () -- C:\Users\Ivan\Desktop\94dc988529239156ff6cea8757e7168d.gif
[2010/08/06 11:51:02 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/05 01:41:11 | 000,096,763 | ---- | M] () -- C:\Users\Ivan\Desktop\inception.jpg
[2010/08/04 10:03:45 | 000,043,520 | ---- | M] () -- C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 20:57:26 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/01 20:55:27 | 000,000,000 | ---- | M] () -- C:\Users\Ivan\defogger_reenable
[2010/07/28 23:53:38 | 000,002,041 | ---- | M] () -- C:\Users\Ivan\Desktop\Google Chrome.lnk
[2010/07/28 23:53:38 | 000,002,003 | ---- | M] () -- C:\Users\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/28 22:44:39 | 375,044,767 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/28 21:24:09 | 000,284,915 | ---- | M] () -- C:\Users\Ivan\Desktop\gmer.zip
[2010/07/28 21:22:37 | 000,525,824 | ---- | M] () -- C:\Users\Ivan\Desktop\dds.scr
[2010/07/28 21:21:38 | 000,050,477 | ---- | M] () -- C:\Users\Ivan\Desktop\Defogger.exe
[2010/07/28 21:04:36 | 003,746,488 | ---- | M] () -- C:\Users\Ivan\Desktop\ComboFix.exe
[2010/07/28 18:21:20 | 000,085,491 | ---- | M] () -- C:\Users\Ivan\Desktop\book.html
[2010/07/28 18:13:04 | 000,001,752 | ---- | M] () -- C:\Users\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 18:13:04 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/28 08:31:30 | 000,001,356 | ---- | M] () -- C:\Users\Ivan\AppData\Local\d3d9caps.dat
[2010/07/27 17:38:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 00:13:19 | 024,903,680 | -HS- | M] () -- C:\Users\Ivan\ntuser.dat_previous
[2010/07/25 17:57:05 | 000,020,777 | ---- | M] () -- C:\Users\Ivan\screen.jpg
[2010/07/25 17:45:28 | 000,016,786 | ---- | M] () -- C:\Users\Ivan\weekend at burnsies.jpg
[2010/07/25 11:04:42 | 000,002,627 | ---- | M] () -- C:\Users\Ivan\Desktop\Microsoft Office Word 2007.lnk
[2010/07/22 09:00:55 | 000,040,531 | ---- | M] () -- C:\Users\Ivan\Desktop\1279813517339.jpg
[2010/07/20 23:26:48 | 000,108,234 | ---- | M] () -- C:\Users\Ivan\Desktop\lol.jpg
[2010/07/13 09:34:19 | 000,077,622 | ---- | M] () -- C:\Users\Ivan\Documents\cc_20100713_093407.reg
[2010/07/13 09:33:31 | 343,266,380 | ---- | M] () -- C:\Users\Ivan\Documents\7-13-10.reg
[2010/07/12 23:35:55 | 000,002,898 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/07/12 09:28:43 | 000,013,477 | ---- | M] () -- C:\Users\Ivan\Documents\overview.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 13:29:19 | 000,668,836 | ---- | C] () -- C:\Users\Ivan\Desktop\94dc988529239156ff6cea8757e7168d.gif
[2010/08/05 01:41:11 | 000,096,763 | ---- | C] () -- C:\Users\Ivan\Desktop\inception.jpg
[2010/08/01 20:55:27 | 000,000,000 | ---- | C] () -- C:\Users\Ivan\defogger_reenable
[2010/07/28 21:40:15 | 375,044,767 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/28 21:24:05 | 000,284,915 | ---- | C] () -- C:\Users\Ivan\Desktop\gmer.zip
[2010/07/28 21:22:35 | 000,525,824 | ---- | C] () -- C:\Users\Ivan\Desktop\dds.scr
[2010/07/28 21:21:37 | 000,050,477 | ---- | C] () -- C:\Users\Ivan\Desktop\Defogger.exe
[2010/07/28 21:08:08 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/28 21:08:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/28 21:08:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/28 21:08:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/28 21:08:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 21:04:27 | 003,746,488 | ---- | C] () -- C:\Users\Ivan\Desktop\ComboFix.exe
[2010/07/28 20:14:07 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/07/28 20:14:06 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/07/28 20:14:06 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/07/28 20:14:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/07/28 18:21:19 | 000,085,491 | ---- | C] () -- C:\Users\Ivan\Desktop\book.html
[2010/07/28 18:13:04 | 000,001,752 | ---- | C] () -- C:\Users\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/28 18:13:04 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/27 17:38:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 17:57:05 | 000,020,777 | ---- | C] () -- C:\Users\Ivan\screen.jpg
[2010/07/25 17:45:28 | 000,016,786 | ---- | C] () -- C:\Users\Ivan\weekend at burnsies.jpg
[2010/07/22 09:00:54 | 000,040,531 | ---- | C] () -- C:\Users\Ivan\Desktop\1279813517339.jpg
[2010/07/20 23:26:47 | 000,108,234 | ---- | C] () -- C:\Users\Ivan\Desktop\lol.jpg
[2010/07/13 09:34:12 | 000,077,622 | ---- | C] () -- C:\Users\Ivan\Documents\cc_20100713_093407.reg
[2010/07/13 09:33:08 | 343,266,380 | ---- | C] () -- C:\Users\Ivan\Documents\7-13-10.reg
[2010/07/12 23:35:55 | 000,002,898 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/07/12 00:09:10 | 000,013,477 | ---- | C] () -- C:\Users\Ivan\Documents\overview.docx
[2010/07/03 20:58:16 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/07/03 20:58:16 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/08/10 00:45:09 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/08/10 00:40:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/10/20 00:20:22 | 000,000,584 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/16 19:28:47 | 000,000,107 | ---- | C] () -- C:\Windows\cncscore.ini
[2008/07/28 13:05:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2008/07/22 21:12:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/03/30 02:13:18 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/03/30 02:13:09 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/05 18:52:05 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/05 18:40:13 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 18:39:31 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/05 17:44:54 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/05 16:14:47 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/05 16:14:38 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/20 19:23:20 | 000,034,360 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\DRV\Robson\Winall\Driver\iaStor.sys
[2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\drivers\iaStor.sys
[2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2008/01/23 19:29:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_9af7e4ab\iaStor.sys
[2008/01/23 19:29:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\DRV\Robson\Winall\Driver64\IaStor.sys
[2008/01/23 19:29:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/01/23 19:29:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_8d6d87f5\iaStor.sys
[2008/01/23 19:29:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c6b40c79\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
< End of report >


Extras.Txt:

OTL Extras logfile created on: 8/8/2010 9:07:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ivan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.19 Gb Total Space | 3.29 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 107.69 Gb Total Space | 81.49 Gb Free Space | 75.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN-PC
Current User Name: Ivan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B9AECF-05B0-474D-AAB6-B8D74FCC5D52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0B5C29D1-B0BE-47B4-975D-622950843C4D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2828D5AB-49B6-459D-B4F2-975D6A3EC0AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31444873-274C-41B2-AC5B-939B05E37D66}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{40DA1E8E-9171-41BF-8673-DA3D4042D911}" = lport=80 | protocol=6 | dir=in | app=system |
"{4C63E2E3-2B27-4A7D-A794-3A1F7E12AB37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52ACDDFB-71D3-4194-A196-9074FEB9EFA9}" = rport=445 | protocol=6 | dir=out | app=system |
"{540D089D-0D4B-4A75-8246-D22ED702EE23}" = rport=138 | protocol=17 | dir=out | app=system |
"{55AD9709-71F2-42A0-8DF1-6E0F12510997}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B411A68-564D-4402-98E6-74F04A5C8BD3}" = lport=138 | protocol=17 | dir=in | app=system |
"{656021DF-AE66-4685-92AF-1B9BA174EEC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{79FA258B-18E3-4798-83F6-666F479EC4A8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{992B8C7D-E12E-469D-B5F5-2DADA96A85ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A1E2C59C-6214-4672-AB19-DE742F9D336B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C3ED0438-536A-46BB-A4AB-18F20D910D2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C7BFCAA9-D09F-4CC2-AD7D-15D776084D6F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D28561D9-8E37-4401-A698-5DF2BBE07AEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D67389AC-9D1E-47FA-8DE2-A0DFC77A292A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DABFCDDC-1E02-4C21-A03F-A5D8B4EA0F6F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD29F70C-B254-4162-82DE-4FAD8CAC847A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E5ADD197-1568-432B-8FA5-A2F6237EE6CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EC1AADCE-4533-46CA-89CA-6E6F7C0F5E15}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED666917-47BE-4671-B52E-AABD3CEA537A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3DFE3A2-8F12-44E3-B859-CF4205F8BA77}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA8D5E7C-D5CB-4CD2-A3C2-4C4877EBDFFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7BFAF1-3B4C-48B4-94AC-A0019787863E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxblpswx.exe |
"{0F6DFF90-C858-42B9-8F45-4B2E95A97CE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11452FCB-70B9-4A9B-B898-477B5F4ADE45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17B9C844-CE43-44DF-B03A-41B3F78ADA2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18A7ABA2-638C-4ED7-9CBA-FCEB7F25805A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C49520E-CF7A-45F9-94E3-61052F6BD148}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{1FD70DF8-4A36-4557-8CB7-4BB974959216}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{22FC1B28-6057-4557-97CC-182F759E8CC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{231A50EB-173A-4AB2-8533-6A34266524E0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{23BFDB48-8DF1-469B-962E-8669F9150705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2423EB5A-2073-4767-AD5F-FE4B1B6D9AA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2592EF22-4C31-4A9C-B5EE-41A85087AC01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{271BE5CE-171A-491B-BD5D-408C8423FCE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2742A857-7C96-44E3-8C38-C43DE9EEC493}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27816257-41FB-46B8-9058-F33B4D462BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{287FCC62-95C8-4B41-A105-F9C17B76B0DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29ECB5F4-C11B-4F6A-8365-77E5CAE246B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DC18E73-9588-4B83-8A3D-68E4389B1AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32307838-2F70-481A-A84F-0FD3ED9FCFED}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{327C119B-2697-49DD-B06C-57D9BDB83BFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35C84B03-C74E-468F-AC94-7EC0DE111515}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{38973023-EA86-460F-BD99-07D161085A84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C39CE69-E0CC-44C0-87C4-37911703E2DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DC9224E-3567-4034-BB3D-0330A234C56F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F4F34A7-ED76-4A0D-B5B5-A59A84EBED98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4037AA6B-1C33-4BB5-BB85-A5EDACB9DBD8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40499F12-D9FA-4388-9843-534B83F03CC7}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{40973FC1-816B-4A0D-9FBF-EFF5C2FC618E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\max payne\maxpayne.exe |
"{41AB9BB3-B460-46F5-86A1-C5E4132CD1E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{47F374DC-A823-42EA-9676-8544CDBB2BFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{486177F9-BF29-430B-AF78-F3A506426503}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{49032C86-4A9C-4E28-BE4A-A71D4C7AD50B}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{490E377B-2CB2-459E-A8F3-76C4BAD22AB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49AD92F7-33D0-426C-B4BF-A8B0BB9935CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\source sdk base 2007\hl2.exe |
"{4B38F221-C9C5-4204-884E-FF991C58C290}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B914D42-57E0-4020-98D4-07F1A2F3C2A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E396801-B523-4FBC-8E32-86D7E236B949}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F5B3845-E4AA-4331-B2C9-D1FBBB0D98C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F76C7A9-460F-46F7-95D3-61D264BCC94D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FAA2318-69C1-4D23-8200-0291C4790E3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52199305-056F-4F32-8F49-4F4E897C18AF}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{527196AA-741E-4A25-9268-B3D3D5A61D5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53CACEA8-80FC-4F83-803E-16B7632C8577}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56078D41-7C2C-4073-B8A1-4AEC65FEFC44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57959036-F4AD-4AB5-9C23-E4668E350713}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59035E8B-1530-41A1-B8A1-7EE8DF76C935}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F62004B-8185-4B46-9288-11A02E39D12E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\garrysmod\hl2.exe |
"{5F718E8F-59D9-4559-A51F-90DCCE4D293B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike source\hl2.exe |
"{603DF3EC-D69F-4759-97E6-82DF0F1F3D5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{628303C5-3AD9-4CFA-8282-00CDFE985FFD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63591423-586D-4BA5-AFC7-6E618B0CEE86}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{68BDF97C-29C4-4682-A2FE-2121A9E5D9A4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{68D99904-8D96-431C-92C7-47734281EA21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A2DD909-7785-42AB-8236-43E1134C7340}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A572296-3867-4960-AFB9-01CB537CE88C}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{6AF762A3-BC5C-4BC1-8C8B-ED231CBFB388}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CBEA222-F0A3-4A84-B4A1-58EA98588373}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CCA422B-E40B-4BDE-A6AB-3B045E7262E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F721434-4EF1-4C9F-BD1F-2FA342D07D51}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70BCC102-8C2D-4097-926A-85B89F5C7E01}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{7166C56E-01C4-4C31-A4D3-BDD964A82703}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71B71B3B-5C06-4E8D-8B7F-9D13CC90129D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{722049B5-12C2-4794-B153-E77BED2D2C75}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{73A44D26-7719-456C-8069-7FEB788C33F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73A9A24D-5E15-48F8-8AA7-5672824B3506}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75701260-0882-42C2-873A-495A424D5DB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75E509FC-820A-4FDE-AC81-F74615101EF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{773F2371-8C7C-434A-BADC-BF8540991F7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{792083B3-4EF9-494E-A573-9B30221BE5DE}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{7A029922-80B4-4131-8A9D-99486FE4D382}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AD4F1E6-E29C-4726-BE25-F338AAB5BE33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DA8D84F-415D-4378-BCDC-6CD5B9B4C72E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{800BD61D-45CC-43D0-95D9-6E45A0883577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{818B5A00-C71F-4142-95AD-5D121FDBEA22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8336E93E-538E-44CC-BE6F-B8C33B6E34AF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{83A3D6C0-484C-488A-8DE1-5AF65AF39300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84094C84-98B5-4F82-847D-4C31D60B88C0}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{84204BFB-9638-4FC0-A7E1-78BCC2DA0DD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85EF2383-2025-4117-BD68-69A836BFD158}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{867F9A87-B777-46A5-B7C5-2A7D46A99695}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{89E47C8D-2DB2-4788-AC21-FE9D1FF9A24B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8C1A68AA-3123-4D43-8AD4-C76042B30F27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CB4D989-F438-484E-A5E1-4C98CCBF1E1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D0E0D05-FCF4-4858-B1EB-BA4936A274FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DC95E04-ABD2-4742-9346-89C453116E12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E0D1FDC-528A-494F-9B99-F5E4ED412381}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E2483DB-C311-4B6D-9403-A3A635F46960}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E7306A9-DBC8-47AF-882A-B388BEB4E5F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{920F78F9-3FA2-4E0C-AFB8-1D6658EE4BC1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{928C07A1-D5D3-4B52-96A8-398653CC577F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{92E8095F-0EF0-4503-8106-7C8AB9A31F1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{953E2DBF-2669-4903-87CE-ED68445AD055}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{984502C5-567E-44B5-9859-B43ED5D5F7D8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{984BE191-648D-4542-8AB8-2644F97CE4B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98974A9B-187F-40DC-A4BB-8F0C3D284BFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{996EBD3D-3C3F-4C6B-B1C9-9AAFBA788B73}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{999DE115-395E-4104-B946-EA2813C2C30F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B2767F6-FAF8-464E-A952-6424CE9D27D7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxblpswx.exe |
"{9BE34019-10B6-449D-8689-55B619EEA032}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D1F58B3-5560-4157-9BAB-41E7D87740A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9DE53C4F-59D7-47DD-B916-8B52DC0E5870}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A1473947-1A62-49EB-B485-0F9FCE7BCE8E}" = protocol=17 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{A1917291-C579-4046-83F6-1808CEBEFFEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A27F0CDB-951B-4B8A-9C3B-68CD92C5D341}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2C016BD-7692-4F35-A3DA-81C7FFEA9D27}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{A4832B66-44BC-4646-B924-44B17D051E77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7019334-68E9-4074-99B4-7C21179C482B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A81C7F93-6B46-4305-9AEF-405C0EB2152A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A84B5C9D-6193-4ED3-8DEF-A32E2BC23115}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F88365-F310-4029-8608-BB0FA5B134EB}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{AE7C3922-4077-40C8-94D3-76DC1FDD7E63}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{AF00CD5D-1781-40C6-8398-9F4009C843C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0931FF1-9D43-4C4D-8005-85E6DC07C078}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1142376-8DCF-4926-B536-711F230F2B32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B35E74A1-D8B5-48BF-BE8A-2A8C5CB8A698}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4281168-59C5-448D-8E71-382FA3F00F13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B45B1150-6B44-4A77-B38F-92DA226B535D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B52C075E-0A92-4A33-ACC5-588C4E93080C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B662AAD3-A7AB-4B8A-8A60-C1ECBE16D253}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8135EC7-C935-46DE-9D54-937C749CADA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne\maxpayne.exe |
"{B956024A-4DEE-4BA9-AC17-EB163408F448}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B96D56A7-AC47-46FC-9164-D617433557A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B99CE040-B3BF-4C45-8C49-D9A92E4466D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB771D7F-2554-4CD5-ADF3-BE2554F34E87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB863E0F-36DC-45DB-BAF2-48FC4C8FBAB3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BBF78E1A-9788-4BFF-9E0C-9B2F4E86D41D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEDC5217-9B13-49A5-93F1-7C4E763152B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFD621B7-3F64-48B1-828A-30DCA4232E8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0D77620-5027-42CC-9975-6CF964D22D75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C453A3F8-28AE-41DB-BA61-B3A02E7F1F5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7C188D4-EA65-4452-90D9-C51EF0FA6C8E}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{C967BBB2-F219-4725-9F9B-DB5933BEE521}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\garrysmod\hl2.exe |
"{C99492EC-59B7-4D77-8165-95E8AAFDA045}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBCA2295-9252-4D86-A14D-CC98898726A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC0A51CE-D703-4590-AAD7-FFBD6450EACF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC543ED0-D948-4F56-A27B-509C852B31AA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CC5FBB1C-4E4C-4317-94BC-69767FCEF2C4}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{CD6A36C6-150E-4276-8813-BCEF57443E93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD836EDA-2315-4D2F-9AE2-A03F0A9D5053}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE8B7537-8406-44F5-9A56-3929EB8FCF71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF27AA15-DAC5-4D76-BB40-198E46B90CBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF8BA1AA-2D58-4B9D-98B6-8FB244386768}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2A8DB55-F112-4B86-80B1-5D6F1D0727E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2D440AF-559F-4566-8988-F9801DE2EF77}" = protocol=6 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{D40E53EC-1163-4B31-9E69-A0FF6A2EA580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4BDB567-B63C-4564-BE91-4F2A6AE3C6D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike source\hl2.exe |
"{D62C634C-DA9D-4B3B-ACCA-C8D85349D36D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D69D3065-7DEB-44A8-8C1D-F121493F3270}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{D88DB2C1-F168-4C9E-B856-4C4898E6DC86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D96F3E26-3176-413F-82A7-9EE698639237}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{DA131498-89DF-49F8-9A2C-C43B4584A535}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBB08E60-38B5-45A0-B28C-10C74088A7BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBDF257A-4049-4806-A514-066FAF2E4003}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DC373B27-3EAD-4CB6-8349-42C9F3740A13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCF45CF8-410A-4D94-8DF5-0B2249ACFE2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E18339F5-F31C-4202-9743-2B838ABC5122}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2AD52AB-C8E0-4826-B083-D2EBAAB430AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E736F9F8-D483-4BE6-9C25-8DF55A37CC86}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E8249195-059F-4692-A2AD-5DB2BDC13A13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB0F6405-F9D8-458F-966C-FFC449CCC58F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBAF8C0C-0C2E-4824-B5C3-8E177233D717}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC77E5BC-1DCE-4DB3-93FD-197881855589}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ECFC0AD3-8124-401F-848A-96BB88CB8452}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF4CF1B2-8619-4B9A-86D4-FC1B719C95A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFF25CB8-BE27-492B-8935-6F61BA9D7BB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F05DDD4B-D983-40BA-8A49-BE51FB0D82D6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F16A0CA7-7411-4CB3-81A8-3F59D1FFF473}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F1F07DA0-3BC9-4F83-B0A5-DDE8E4E17164}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F215BFAC-533F-4141-A1E6-EB304075175F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F493C646-1FC5-424C-91A4-2306FB285C0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6F45E05-2080-44B7-A97C-6CF027CBB89F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F7CDE459-919C-439A-90DF-FD83450A3E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9767E17-0AFC-4F68-A615-0E2B204C1374}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAD4487A-F826-4E48-8CE9-FA41C56E8189}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\source sdk base 2007\hl2.exe |
"{FC59A84B-54A6-44BE-87E1-DFF9DEC4C516}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FC774BB3-1F89-4B7C-A567-B9822462C2C9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FD6DD30A-6DCF-4C26-A7C7-0F8885EC1A1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{005DC0BD-C270-4990-BCBB-477E0BC5CE61}C:\program files\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{0FF6854C-AB9D-476F-A12A-5141254850ED}C:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe |
"TCP Query User{1975E6AE-5FB2-4A2F-BE61-93972CD11579}C:\program files\steam\steamapps\carabajal22\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\day of defeat source\hl2.exe |
"TCP Query User{20F33A7C-C873-4081-BD47-2217B64C4806}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{3FDFE817-FB09-4B9A-AEA9-5B25297C48C3}C:\users\ivan\desktop\ganggarrison2\gang garrison 2.exe" = protocol=6 | dir=in | app=c:\users\ivan\desktop\ganggarrison2\gang garrison 2.exe |
"TCP Query User{50455550-3E59-497D-AF1B-F8A34C538445}C:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe |
"TCP Query User{50969097-2D89-465B-82C2-C77DCD608787}C:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=6 | dir=in | app=c:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked |
"TCP Query User{56EF5721-D44F-4A11-B960-559A0F7FA8FB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{684ADE43-D3B7-4C36-8BCE-1154F6694D3D}C:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe |
"TCP Query User{757DA474-4C10-4C85-8EDF-C61334AE7EDD}C:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe |
"TCP Query User{8249E22A-8EE7-4282-A156-23F89B868F4D}C:\program files\steam\steamapps\carabajal22\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\condition zero deleted scenes\hl.exe |
"TCP Query User{95C9B2EC-E4E2-41EA-BDAC-6DFC08A465CC}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"TCP Query User{B310645A-B5AA-4EE5-80F8-CCBFA6978022}C:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe |
"TCP Query User{BA030DE3-8B5A-4DDB-80FF-C9C062A1BED5}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{BA8BFD2A-CD93-4DA5-8E32-EC5F34A64CB2}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"TCP Query User{CA1A0D45-E83A-49D0-A5E1-8F9136611168}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{DCA04FF5-0609-46BC-ADD9-B2BC5163C942}C:\users\ivan\desktop\gang garrison 2\gang garrison 2.exe" = protocol=6 | dir=in | app=c:\users\ivan\desktop\gang garrison 2\gang garrison 2.exe |
"TCP Query User{EA5CAB19-1C8A-44A0-AE35-D69CE5FD9A8C}C:\program files\steam\steamapps\carabajal22\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\zombie panic! source\hl2.exe |
"TCP Query User{EF0A3A45-97D7-4A37-A26D-99388C942DD4}C:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe |
"TCP Query User{F6749859-EE73-4C0F-8A57-D1D78A1FFC9A}C:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe |
"TCP Query User{FB87E510-28D2-4765-B021-FE428B68D014}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{183C346A-D984-42B5-90D7-88FCCE3E3855}C:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe |
"UDP Query User{1B65BEAB-BC73-4FA4-9CB7-357D1B418665}C:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\team fortress 2\hl2.exe |
"UDP Query User{1DF2D5D9-0FF7-4055-9300-8B8D71D80B91}C:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe |
"UDP Query User{31005E0F-0558-4E5C-8A0C-DCC67AD02313}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4CCC1286-22E0-48DE-A65F-8B9806CDCBA8}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{4CE9F175-ABFF-4BF9-B9D6-BF0932F33CDC}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"UDP Query User{612FBF86-9E03-4DBE-9BEF-EF5CF0B10CB3}C:\program files\steam\steamapps\carabajal22\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\day of defeat source\hl2.exe |
"UDP Query User{6A100417-B955-4166-9F1B-1792B72A76B4}C:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe |
"UDP Query User{6C6E5B40-7181-40F7-96E8-C09239C1D84E}C:\program files\steam\steamapps\carabajal22\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\condition zero deleted scenes\hl.exe |
"UDP Query User{6E1EE68E-6A1E-436F-94EA-57DB20458031}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{6E80815C-1CAD-4E59-8ABA-661EE0A01A70}C:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=17 | dir=in | app=c:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked |
"UDP Query User{7768CD3A-F9AC-4202-B8EC-6BB7A696145D}C:\users\ivan\desktop\gang garrison 2\gang garrison 2.exe" = protocol=17 | dir=in | app=c:\users\ivan\desktop\gang garrison 2\gang garrison 2.exe |
"UDP Query User{80A64956-E679-4ABF-B63F-0F06F99A3A47}C:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\insurgency\hl2.exe |
"UDP Query User{84A2C7EA-B507-4E93-863D-1F2052B716B5}C:\program files\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{913AB4D2-C76B-4747-80E0-21B26ADED8AA}C:\users\ivan\desktop\ganggarrison2\gang garrison 2.exe" = protocol=17 | dir=in | app=c:\users\ivan\desktop\ganggarrison2\gang garrison 2.exe |
"UDP Query User{B6EE46D7-3FE6-4FFE-A5CB-53338ED215F3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{BC61E667-6AD9-407D-BC86-236E97A28151}C:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\operations flashpoint dragon rising - demo\ofdr demo.exe |
"UDP Query User{D331B4C5-0583-4B38-9AD4-06DB19CA0F93}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{D7B53F84-82C0-4908-AA34-63AA9F3B9D1C}C:\program files\steam\steamapps\carabajal22\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\zombie panic! source\hl2.exe |
"UDP Query User{F53ACE3D-D836-40E9-B6CF-A674D992B46E}C:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\carabajal22\counter-strike\hl.exe |
"UDP Query User{FD44D320-FE1B-4552-945C-A1F2E5CD6E23}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{083286D9-7F95-4CE6-B0CD-667BA492D30E}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{270F9094-DF19-40C9-9DBE-E2DD37614FDD}" = Adobe Media Encoder CS4 Importer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Creature Creator
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_9107cc52ed6a148a98fad4f22b15a79" = Adobe Media Encoder CS4 Importer
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AIM_6" = AIM 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"FLV Player" = FLV Player 2.0, build 24
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GCFScape_is1" = GCFScape 1.7.5
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"ProInst" = Intel PROSet Wireless
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"Steam App 2700" = Rollercoaster Tycoon 3 Platinum
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3949298007-4286406380-1144867493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Ivan)
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2010 11:08:05 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5694

Error - 5/28/2010 11:08:06 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/28/2010 11:08:06 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6693

Error - 5/28/2010 11:08:06 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6693

Error - 5/29/2010 1:12:26 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/29/2010 1:12:26 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50667082

Error - 5/29/2010 1:12:26 PM | Computer Name = Ivan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50667082

Error - 5/29/2010 1:12:34 PM | Computer Name = Ivan-PC | Source = Google Update | ID = 20
Description =

Error - 5/29/2010 1:12:35 PM | Computer Name = Ivan-PC | Source = Google Update | ID = 20
Description =

Error - 5/29/2010 1:13:59 PM | Computer Name = Ivan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066739, process id 0x1670, application
start time 0x01cafe8f95c0f5ec.

[ System Events ]
Error - 8/6/2010 12:57:58 AM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2010 12:58:02 AM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/6/2010 12:58:39 AM | Computer Name = Ivan-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001DE082853F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/6/2010 2:49:59 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2010 2:50:05 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/6/2010 3:12:03 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 8/6/2010 3:12:03 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 8/6/2010 8:30:50 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2010 8:30:54 PM | Computer Name = Ivan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/6/2010 8:33:03 PM | Computer Name = Ivan-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001DE082853F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:14 AM

Posted 09 August 2010 - 04:20 AM

Hi,

please post a log from gmer next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 August 2010 - 10:11 PM

Here it is! Right after this I got another BSOD

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-09 20:02:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Ivan\AppData\Local\Temp\kgtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A5182D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A5184C8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A517F44]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A5186D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 209 822C596C 8 Bytes [D6, 82, 51, 8A, C8, 84, 51, ...] {SALC ; ADC BYTE [ECX-0x76], -0x38; TEST [ECX-0x76], DL}
.text ntkrnlpa.exe!KeSetEvent + 621 822C5D84 4 Bytes [44, 7F, 51, 8A]
.text ntkrnlpa.exe!KeSetEvent + 6E5 822C5E48 4 Bytes [D0, 86, 51, 8A]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E800340, 0x3E5D57, 0xE8000020]
.rsrc C:\Windows\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0x8F179014]
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xA7333000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xA7334000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 77A74D34 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 77A75674 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!KiUserExceptionDispatcher 77A75DC8 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[1260] ole32.dll!CoCreateInstance 76399EA6 5 Bytes JMP 0076000A
.text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetCursorPos 76250B88 5 Bytes JMP 0206000A
.text C:\Windows\explorer.exe[6016] ntdll.dll!NtProtectVirtualMemory 77A74D34 5 Bytes JMP 0063000A
.text C:\Windows\explorer.exe[6016] ntdll.dll!NtWriteVirtualMemory 77A75674 5 Bytes JMP 016C000A
.text C:\Windows\explorer.exe[6016] ntdll.dll!KiUserExceptionDispatcher 77A75DC8 5 Bytes JMP 0062000A
.text C:\Windows\explorer.exe[6016] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7661B364 4 Bytes [F0, 1F, 00, 10]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[6016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF

Edited by carabajal, 10 August 2010 - 04:12 AM.


#7 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 August 2010 - 10:18 PM

a

Edited by carabajal, 10 August 2010 - 04:09 AM.


#8 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 August 2010 - 10:21 PM

------

Edited by carabajal, 10 August 2010 - 04:08 AM.


#9 carabajal

carabajal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 09 August 2010 - 10:49 PM





Got errors when trying to post earlier but it seems they all posted despite the errors, fudge.

Edited by carabajal, 10 August 2010 - 04:07 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:14 AM

Posted 10 August 2010 - 11:21 AM

Hi,

that is a courtesy of this infection:
QUOTE
.rsrc C:\Windows\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0x8F179014]


it's trying to keep you from communicating with us by interrupting the log posting. whistling.gif


The bad news though is that this infection is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:14 AM

Posted 19 August 2010 - 06:23 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users